Should we handle SID(SecurityIdentifier) in secure?

NotAvailableCurrently 1 Reputation point
2021-06-03T10:06:56.33+00:00

Hi,
I want to use SID to distinguish Window users during multiple accounts in a PC.

string winUser = WindowsIdentity.GetCurrent().User.ToString();

Should I handle this string in secure as kind of sensitive data?

I wonder if these are not recommended handling or not.

  • Printing this SID string in the log file
  • Saving SID at cloud DB.

Thanks.

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,886 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Leila Kong 3,696 Reputation points
    2021-06-04T10:44:59.667+00:00

    Hello @NotAvailableCurrently ,

    Yes, you can have a try.

    Is SID considered as sensitive?: https://stackoverflow.com/questions/36572306/is-sid-considered-as-sensitive
    Security assessment: Unsecure SID History attributes: https://learn.microsoft.com/en-us/defender-for-identity/cas-isp-unsecure-sid-history-attribute

    Best regards,
    Leila

    ----------

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  2. Leila Kong 3,696 Reputation points
    2021-06-18T02:15:24.843+00:00

    Hello @NotAvailableCurrently ,

    We haven’t heard from you in a couple of days.
    Is there any update from your side?


  3. Leila Kong 3,696 Reputation points
    2021-06-28T09:29:42.1+00:00

    Hello @NotAvailableCurrently ,

    Yes, we would not consider the SID as sensitive generally. The SID is used to identify objects in ACLs.
    However, there are well known SIDs for builtin groups and accounts that make certain objects easily discoverable. So it is possible for a hacker to use that information for malicious purposes. https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/81d92bba-d22b-4a8c-908a-554ab29148ab?redirectedfrom=MSDN

    Accounts configured with an unsecure SID History attribute are windows of opportunities for attackers and can expose risks. You may use security assessment to check for accounts with SID History attributes which Microsoft Defender for Identity profiles to be risky and take appropriate action to remove SID History attribute from the accounts using PowerShell. https://learn.microsoft.com/en-us/defender-for-identity/cas-isp-unsecure-sid-history-attribute

    Please "Accept as Answer" if it helped so it can help others in community looking for help on similar topics. Thanks for your cooperation!

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.