Share via


Well-Known Security Principals in Windows Server 2003

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

This topic contains well-known security principals with attributes and values.

Anonymous Logon

Attribute Value

Well-Known SID/RID

S-1-5-7

Object Class

Foreign Security Principal

Default Location in Active Directory

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Description

A user who has logged on anonymously.

Authenticated User

Attribute Value

Well-Known SID/RID

S-1-5-11

Object Class

Foreign Security Principal

Default Location in Active Directory

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Description

A group that includes all users whose identities were authenticated when they logged on. Membership is controlled by the operating system.

Batch

Attribute Value

Well-Known SID/RID

S-1-5-3

Object Class

Foreign Security Principal

Default Location in Active Directory

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Description

A group that implicitly includes all users who have logged on through a batch queue facility such as task scheduler jobs. Membership is controlled by the operating system.

Creator Group

Attribute Value

Well-Known SID/RID

S-1-3-1

Object Class

Foreign Security Principal

Default Location in Active Directory

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Description

A placeholder in an inheritable ACE. When the ACE is inherited, the system replaces this SID with the SID for the primary group of the object’s current owner. The primary group is used only by the POSIX subsystem.

Creator Owner

Attribute Value

Well-Known SID/RID

S-1-3-0

Object Class

Foreign Security Principal

Default Location in Active Directory

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Description

A placeholder in an inheritable access control entry (ACE). When the ACE is inherited, the system replaces this SID with the SID for the object’s current owner.

Dialup

Attribute Value

Well-Known SID/RID

S-1-5-1

Object Class

Foreign Security Principal

Default Location in Active Directory

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Description

Digest Authentication

Attribute Value

Well-Known SID/RID

S-1-5-64-21

Object Class

Foreign Security Principal

Default Location in Active Directory

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Description

Enterprise Domain Controllers

Attribute Value

Well-Known SID/RID

S-1-5-9

Object Class

Foreign Security Principal

Default Location in Active Directory

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Description

A group that includes all domain controllers an Active Directory™ directory service forest of domains. Membership is controlled by the operating system.

Everyone

Attribute Value

Well-Known SID/RID

S-1-1-0

Object Class

Foreign Security Principal

Default Location in Active Directory

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Description

A group that includes all users, even anonymous users and guests. Membership is controlled by the operating system.

Interactive

Attribute Value

Well-Known SID/RID

S-1-5-4

Object Class

Foreign Security Principal

Default Location in Active Directory

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Description

A group that includes all users who have logged on interactively. Membership is controlled by the operating system.

Local Service

Attribute Value

Well-Known SID/RID

S-1-5-19

Object Class

Foreign Security Principal

Default Location in Active Directory

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Description

LocalSystem

Attribute Value

Well-Known SID/RID

S-1-5-18

Object Class

Foreign Security Principal

Default Location in Active Directory

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Description

A service account that is used by the operating system.

Network

Attribute Value

Well-Known SID/RID

S-1-5-2

Object Class

Foreign Security Principal

Default Location in Active Directory

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Description

A group that implicitly includes all users who are logged on through a network connection. Membership is controlled by the operating system.

Network Service

Attribute Value

Well-Known SID/RID

S-1-5-20

Object Class

Foreign Security Principal

Default Location in Active Directory

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Description

NTLM Authentication

Attribute Value

Well-Known SID/RID

S-1-5-64-10

Object Class

Foreign Security Principal

Default Location in Active Directory

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Description

Other Organization

Attribute Value

Well-Known SID/RID

S-1-5-1000

Object Class

Foreign Security Principal

Default Location in Active Directory

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Description

A group that implicitly includes all users who are logged on to the system through a dial-up connection. Membership is controlled by the operating system.

Principal Self

Attribute Value

Well-Known SID/RID

S-1-5-10

Object Class

Foreign Security Principal

Default Location in Active Directory

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Description

A placeholder in an ACE on a user, group, or computer object in Active Directory. When you grant permissions to Principal Self, you grant them to the security principal represented by the object. During an access check, the operating system replaces the SID for Principal Self with the SID for the security principal represented by the object.

Proxy

Attribute Value

Well-Known SID/RID

S-1-5-8

Object Class

Foreign Security Principal

Default Location in Active Directory

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Description

SID not used in Windows 2000.

Remote Interactive Logon

Attribute Value

Well-Known SID/RID

S-1-5-14

Object Class

Foreign Security Principal

Default Location in Active Directory

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Description

Restricted Code

Attribute Value

Well-Known SID/RID

S-1-5-12

Object Class

Foreign Security Principal

Default Location in Active Directory

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Description

SChannel Authentication

Attribute Value

Well-Known SID/RID

S-1-5-64-14

Object Class

Foreign Security Principal

Default Location in Active Directory

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Description

Service

Attribute Value

Well-Known SID/RID

S-1-5-6

Object Class

Foreign Security Principal

Default Location in Active Directory

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Description

A group that includes all security principals that have logged on as a service. Membership is controlled by the operating system.

Terminal Server User

Attribute Value

Well-Known SID/RID

S-1-5-13

Object Class

Foreign Security Principal

Default Location in Active Directory

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Description

A group that includes all users who have logged on to a Terminal Services server. Membership is controlled by the operating system.

This Organization

Attribute Value

Well-Known SID/RID

S-1-5-15

Object Class

Foreign Security Principal

Default Location in Active Directory

cn=WellKnown Security Principals, cn=Configuration, dc=<forestRootDomain>

Description