How to Find Security Identifier (SID) of User in Windows
Sometimes, you need to know what the security identifier (SID) is for a specific user on the system.
A SID is a string value of variable length that is used to uniquely identify users or groups, and control their access to various resources like files, registry keys, network shares etc. Each account has a unique SID that an authority, such as a Windows domain, issues. The SID is stored in the security database. When a user logs on, the system retrieves the user SID from the database, places the SID in the user access token, and then uses the SID in the user access token to identify the user in all subsequent interactions with Windows security. Each SID is a unique identifier for a user or group, and a different user or group cannot have the same SID.
See also: Well-known security identifiers in Windows operating systems
This tutorial will show you different ways on how to find the security identifier (SID) of a user account in Vista, Windows 7, Windows 8, and Windows 10.
Contents
- Option One: To Find SID of Current User using "WhoAmI" command
- Option Two: To Find SID of Current User using "wmic useraccount" command
- Option Three: To Find SID of All Users using "wmic useraccount" command
- Option Four: To Find SID of Specific User using "wmic useraccount" command
- Option Five: To Find User Name for SID using "wmic useraccount" command
- Option Six: To Find SID of All Users using "Get-WmiObject" PowerShell command
- Option Seven: To Find SID of Users using Registry Editor
EXAMPLE: Security Identifier (SID) with account association
1 Open a command prompt or PowerShell.
2 Copy and paste thewhoami /usercommand into the command prompt, and press Enter.
1 Open a command prompt.
2 Copy and paste thewmic useraccount where name='%username%' get domain,name,sidcommand into the command prompt, and press Enter.
1 Open a command prompt or PowerShell.
2 Copy and paste thewmic useraccount get domain,name,sidcommand into the command prompt, and press Enter.
1 Open a command prompt or PowerShell.
2 Type the command below into the command prompt, and press Enter.
wmic useraccount where name='username' get sid
Substitute username in the command above with the actual user name (ex: "Brink") of the account you want to find the SID for.
For example:wmic useraccount where name='Brink' get sid
1 Open a command prompt or PowerShell.
2 Type the command below into the command prompt, and press Enter.
wmic useraccount where sid='<sid>' get domain,name
Substitute <sid> in the command above with the actual SID (ex: "S-1-5-21-237214570-1361766723-3061440971-1001") of the account you want to see the name for.
For example:wmic useraccount where sid='S-1-5-21-237214570-1361766723-3061440971-1001' get domain,name
1 Open PowerShell.
2 Copy and paste theGet-WmiObject win32_useraccount | Select domain,name,sidcommand into the command prompt, and press Enter.
This option has one limitation which is you can only get the SID of either a local user or a domain user who has logged in at least once onto this PC.
1 Press the Win + R keys to open Run, type regedit into the command prompt, and click/tap on OK to open Registry Editor.
2 Navigate to the key below in the left pane of Registry Editor. (see screenshot below)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
3 Each of the items at this hive is named with the SID of the account. By looking at the ProfileImagePath key for each SID, you can identify the account’s name.
For example, the S-1-5-21-237214570-1361766723-3061440971-1001 SID key is for the user with the C:\Users\Brink profile folder path and Brink being the account name.
That's it,
Shawn
Find Security Identifier (SID) of User in Windows
-
New #1
Some useful SID related functions for script use. Also demonstrates how to retrieve SID information from .NET instead of WMI.
Code:function Get-SidFromName ($user) { (New-Object System.Security.Principal.NTAccount($user)).Translate([System.Security.Principal.SecurityIdentifier]).Value } function Get-NameFromSid ($sid) { (New-Object System.Security.Principal.SecurityIdentifier($sid)).Translate([System.Security.Principal.NTAccount]).Value } function Get-CurrentUserSid { [System.Security.Principal.WindowsIdentity]::GetCurrent().User.Value } function Get-UserSidFromWildcard ($sid) { ([ADSI]"WinNT://$env:COMPUTERNAME").Children | ?{$_.SchemaClassName -eq 'User'} | %{(New-Object Security.Principal.SecurityIdentifier($_.objectSid.Value, 0)).Value} | ?{$_ -like $sid} } function Get-GroupSidFromWildcard ($sid) { ([ADSI]"WinNT://$env:COMPUTERNAME").Children | ?{$_.SchemaClassName -eq 'Group'} | %{(New-Object Security.Principal.SecurityIdentifier($_.objectSid.Value, 0)).Value} | ?{$_ -like $sid} } function Get-ServiceSidFromWildcard ($sid) { ([ADSI]"WinNT://$env:COMPUTERNAME").Children | ?{$_.SchemaClassName -eq 'Service'} | %{(New-Object Security.Principal.SecurityIdentifier($_.objectSid.Value, 0)).Value} | ?{$_ -like $sid} } function Get-SidFromWildcard ($sid) { ([ADSI]"WinNT://$env:COMPUTERNAME").Children | ?{'Group', 'User' -contains $_.SchemaClassName} | %{(New-Object Security.Principal.SecurityIdentifier($_.objectSid.Value, 0)).Value} | ?{$_ -like $sid} }
-
-
-
New #4
WMIC UserAccount Where Name='%Username%' Get SID
-
This works perfectly but it only works in Command Prompt and not in a .bat file.
I also cannot assign it to a string variable since it's not just SID and is a multi line string.
I'm not very comfortable with batch files so what's the shortest and easiest way to store it in a variable to use in a batch file? :)
-
Find Security Identifier (SID) of User in Windows
How to Find Security Identifier (SID) of User in WindowsPublished by Shawn BrinkCategory: User Accounts
28 Aug 2020
Quote
Related Discussions
