Active Directory accounts are required for security for users and computers. An account contains a Security Identifier or SID to uniquely identify the account.
Security Identifier(SID):-
A SID is used in security to identify a user or computer account. Short SID’s like S-1-1-0 are used in local accounts. Irrespective of which computer it is used on, whether in a domain or not, a short SID like this always represents the same thing. For example, S-1-1-0 will always mean everyone on any Windows system.Longer SID’s like S-1-5-21-1218951425-845968048-208583963-2209 are used in a domain. Since a SID provides a unique way of representing a user, attributes of the user can change. For example, the user’s first and last names are free to change at any time and do not affect which objects the SID has been used on.
User Authentication process:-
When a user logs on to a network, an access token is generated for that user. Inside the access token is the user’s SID. When this access token is presented to another system, the other system can read the user’s SID from the access token.If the user is a member of any group, the SID for that group will also be placed inside the access token. Another system can look at this access token and also determine the group membership for that user.Any changes made to group membership for a user will require a new token to be created. For this to occur, the user must log off and log back on again to create a new token.
Security Identifier(SID):-
A SID is used in security to identify a user or computer account. Short SID’s like S-1-1-0 are used in local accounts. Irrespective of which computer it is used on, whether in a domain or not, a short SID like this always represents the same thing. For example, S-1-1-0 will always mean everyone on any Windows system.Longer SID’s like S-1-5-21-1218951425-845968048-208583963-2209 are used in a domain. Since a SID provides a unique way of representing a user, attributes of the user can change. For example, the user’s first and last names are free to change at any time and do not affect which objects the SID has been used on.
User Authentication process:-
When a user logs on to a network, an access token is generated for that user. Inside the access token is the user’s SID. When this access token is presented to another system, the other system can read the user’s SID from the access token.If the user is a member of any group, the SID for that group will also be placed inside the access token. Another system can look at this access token and also determine the group membership for that user.Any changes made to group membership for a user will require a new token to be created. For this to occur, the user must log off and log back on again to create a new token.
.gif)
No comments:
Post a Comment