Well-Known Security Principals in Windows Server 2003
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
This topic contains well-known security principals with attributes and values.
Anonymous Logon
Attribute | Value |
---|---|
Well-Known SID/RID |
S-1-5-7 |
Object Class |
Foreign Security Principal |
Default Location in Active Directory |
cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain> |
Description |
A user who has logged on anonymously. |
Authenticated User
Attribute | Value |
---|---|
Well-Known SID/RID |
S-1-5-11 |
Object Class |
Foreign Security Principal |
Default Location in Active Directory |
cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain> |
Description |
A group that includes all users whose identities were authenticated when they logged on. Membership is controlled by the operating system. |
Batch
Attribute | Value |
---|---|
Well-Known SID/RID |
S-1-5-3 |
Object Class |
Foreign Security Principal |
Default Location in Active Directory |
cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain> |
Description |
A group that implicitly includes all users who have logged on through a batch queue facility such as task scheduler jobs. Membership is controlled by the operating system. |
Creator Group
Attribute | Value |
---|---|
Well-Known SID/RID |
S-1-3-1 |
Object Class |
Foreign Security Principal |
Default Location in Active Directory |
cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain> |
Description |
A placeholder in an inheritable ACE. When the ACE is inherited, the system replaces this SID with the SID for the primary group of the object’s current owner. The primary group is used only by the POSIX subsystem. |
Creator Owner
Attribute | Value |
---|---|
Well-Known SID/RID |
S-1-3-0 |
Object Class |
Foreign Security Principal |
Default Location in Active Directory |
cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain> |
Description |
A placeholder in an inheritable access control entry (ACE). When the ACE is inherited, the system replaces this SID with the SID for the object’s current owner. |
Dialup
Attribute | Value |
---|---|
Well-Known SID/RID |
S-1-5-1 |
Object Class |
Foreign Security Principal |
Default Location in Active Directory |
cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain> |
Description |
Digest Authentication
Attribute | Value |
---|---|
Well-Known SID/RID |
S-1-5-64-21 |
Object Class |
Foreign Security Principal |
Default Location in Active Directory |
cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain> |
Description |
Enterprise Domain Controllers
Attribute | Value |
---|---|
Well-Known SID/RID |
S-1-5-9 |
Object Class |
Foreign Security Principal |
Default Location in Active Directory |
cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain> |
Description |
A group that includes all domain controllers an Active Directory™ directory service forest of domains. Membership is controlled by the operating system. |
Everyone
Attribute | Value |
---|---|
Well-Known SID/RID |
S-1-1-0 |
Object Class |
Foreign Security Principal |
Default Location in Active Directory |
cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain> |
Description |
A group that includes all users, even anonymous users and guests. Membership is controlled by the operating system. |
Interactive
Attribute | Value |
---|---|
Well-Known SID/RID |
S-1-5-4 |
Object Class |
Foreign Security Principal |
Default Location in Active Directory |
cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain> |
Description |
A group that includes all users who have logged on interactively. Membership is controlled by the operating system. |
Local Service
Attribute | Value |
---|---|
Well-Known SID/RID |
S-1-5-19 |
Object Class |
Foreign Security Principal |
Default Location in Active Directory |
cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain> |
Description |
LocalSystem
Attribute | Value |
---|---|
Well-Known SID/RID |
S-1-5-18 |
Object Class |
Foreign Security Principal |
Default Location in Active Directory |
cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain> |
Description |
A service account that is used by the operating system. |
Network
Attribute | Value |
---|---|
Well-Known SID/RID |
S-1-5-2 |
Object Class |
Foreign Security Principal |
Default Location in Active Directory |
cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain> |
Description |
A group that implicitly includes all users who are logged on through a network connection. Membership is controlled by the operating system. |
Network Service
Attribute | Value |
---|---|
Well-Known SID/RID |
S-1-5-20 |
Object Class |
Foreign Security Principal |
Default Location in Active Directory |
cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain> |
Description |
NTLM Authentication
Attribute | Value |
---|---|
Well-Known SID/RID |
S-1-5-64-10 |
Object Class |
Foreign Security Principal |
Default Location in Active Directory |
cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain> |
Description |
Other Organization
Attribute | Value |
---|---|
Well-Known SID/RID |
S-1-5-1000 |
Object Class |
Foreign Security Principal |
Default Location in Active Directory |
cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain> |
Description |
A group that implicitly includes all users who are logged on to the system through a dial-up connection. Membership is controlled by the operating system. |
Principal Self
Attribute | Value |
---|---|
Well-Known SID/RID |
S-1-5-10 |
Object Class |
Foreign Security Principal |
Default Location in Active Directory |
cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain> |
Description |
A placeholder in an ACE on a user, group, or computer object in Active Directory. When you grant permissions to Principal Self, you grant them to the security principal represented by the object. During an access check, the operating system replaces the SID for Principal Self with the SID for the security principal represented by the object. |
Proxy
Attribute | Value |
---|---|
Well-Known SID/RID |
S-1-5-8 |
Object Class |
Foreign Security Principal |
Default Location in Active Directory |
cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain> |
Description |
SID not used in Windows 2000. |
Remote Interactive Logon
Attribute | Value |
---|---|
Well-Known SID/RID |
S-1-5-14 |
Object Class |
Foreign Security Principal |
Default Location in Active Directory |
cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain> |
Description |
Restricted Code
Attribute | Value |
---|---|
Well-Known SID/RID |
S-1-5-12 |
Object Class |
Foreign Security Principal |
Default Location in Active Directory |
cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain> |
Description |
SChannel Authentication
Attribute | Value |
---|---|
Well-Known SID/RID |
S-1-5-64-14 |
Object Class |
Foreign Security Principal |
Default Location in Active Directory |
cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain> |
Description |
Service
Attribute | Value |
---|---|
Well-Known SID/RID |
S-1-5-6 |
Object Class |
Foreign Security Principal |
Default Location in Active Directory |
cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain> |
Description |
A group that includes all security principals that have logged on as a service. Membership is controlled by the operating system. |
Terminal Server User
Attribute | Value |
---|---|
Well-Known SID/RID |
S-1-5-13 |
Object Class |
Foreign Security Principal |
Default Location in Active Directory |
cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain> |
Description |
A group that includes all users who have logged on to a Terminal Services server. Membership is controlled by the operating system. |
This Organization
Attribute | Value |
---|---|
Well-Known SID/RID |
S-1-5-15 |
Object Class |
Foreign Security Principal |
Default Location in Active Directory |
cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain> |
Description |