Get SID of User in Windows Environment

Posted on

In the Windows environment, everyone has a task to make a unique identifier known as Security ID or SID. This one has the ability to control the access to some different kinds of resources such as Files, Registry keys, network shares, and so on. It is able to be obtained through WMIC USERACCOUNT command. On this page, you will be able to find syntax and examples for the same.

Finding a SID with WMIC will probably only take a minute, or maybe less. The first thing that you have to do is to open the Command Prompt. For those who are using a keyboard and a mouse, in Windows 10 and Windows 8, the quickest way is through the Power User Menu, which is accessible with the WIN+X shortcut. In case you do not see the Command Prompt in the Power User Menu, you can type “cmd” into the search bar located in the Start menu, and then click Command Prompt when you see it. Please take note that you do not need to open a high Command Prompt for it to work. A few Windows commands need it, but in the WMIC command used as an example below, you are able to open a regular, non-administrative Command Prompt.


Then, type the following command into the Command Prompt exactly as written here, including the spaces or lack thereof and then hit Enter:

wmic useraccount get name,sid

If you already know the username and want to get only the SID, you can just enter the command but replace USER with the username (keep the quotes):

wmic useraccount where name=”USER” get sid

If you get an error that cannot be recognized by the wmic command, you can change the working directory to be C:\Windows\System32\wbem\ and try again. Cd (change directory) command can be used to do that.

On the third step, you should be able to see a table shown in the Command Prompt. It is a list of every user account in Windows. Everything is listed by username, followed by the corresponding SID of the account.

Now that you already know the SID, you are able to make anything changes you have to in the registry or do anything else you need this information for. In case you have to find the user name but the security identifier is everything that you have, you can reverse the command and just replace the SID with the one in question:

wmic useraccount where sid=”S-1-5-21-992878714-4041223874-2616370337-1001” get name

to get the result like:

Name

jonfi

If you want to retrieve the SID for the current signed in user, you can use the below command. The method does not need you to specify the user name in the command. It can be used in batch files that may be executed from some different user accounts.

wmic useraccount where name=’%username%’ get sid

If you want to get SID from the current signed in domain user, you can run the command ‘whoami /user’ from the command line to get the SID for the signed in user. Here is the example that you can use:

c:\>whoami /user

USER INFORMATION

User Name              SID

==============   =====================================================

mydomain\wincmd S-1-5-7375663-6890924511-1272660413-2944159

c:\>

If you want to get SID for the local administrator of the computer, here is the command:

wmic useraccount where (name= ‘administrator’ and domain=’%computername%’) get name, sid

If you want to get SID for the domain administrator, you can use:

wmic useraccount where (name=’administrator’ and domain=’%userdomain%’) get name, sid    

Apart from finding the SID through the WMIC, you can also determine Sid by looking through the PRofileImagePath values in each S-1-5-21 prefixed SID listed under the key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

The ProfileImagePath value within every SID named registry key will be listed in the profile directory, which includes the username.

For instance, the ProfileImagePath value under the S-1-5-21-992878714-404122874-2616370337-1001 key on your computer is C:\users\jonfi, so you now that the SID for the user jonfi is S-1-5-21-992878714-404122874-2616370337-1001.

For your information, this method of matching users to SIDs will only appear for those who are signed in or have signed in and switched users. If you want to continue to use the registry method to determine the SIDs of the other user, you will have to sign in as each user on the system and repeat the steps mentioned above.

There are a lot of reasons behind the desire of you on finding the security identifier, which is more known as SID, for the account of a certain user in Windows. However, the command reason for doing so is to determine which key under HKEY_USERS in the Windows Registry to look for the user-specific registry data.

It does not matter the reason for you need, matching SIDs to the usernames is really simple and easy with the WMIC command, the one command which is available from the Command Prompt in most versions of Windows. For those who are still using the older versions of Windows, you need to use the method to find the SID with the Registry instead of using the one with the WMIC. As you probably know, the WMIC command did not exist before Windows XP, so you will need to use the registry method in those older versions of Windows.

SID or security identifier is such a unique value of variable length that is usually used to identify a security principal such as a security group in Windows operating systems. The ones that identify the generic users or generic groups are popular. The well-known SIDs for all versions of Windows include:

  1. S-1-0 (Null Authority): An identifier authority.
  2. S-1-0-0 (Nobody): No security principal.
  3. S-1-1 (World Authority): An identifier authority.
  4. S-1-1-0 (Everyone): A group that includes all users, including anonymous users, and guests. Operating system controls the membership.
  5. S-1-2 (Local Authority): An identifier authority.
  6. S-1-2-0 (Local): A group that includes all users who have signed in locally.
  7. S-1-3 (Creator Authority): An identifier authority.
  8. S-1-3-0 (Creator Owner): A placeholder in an inheritable access control entry or ACE. When it inherits, the system changes the SID with the SID for the creator of the object.

Leave a Reply

Your email address will not be published. Required fields are marked *