There are many reasons why you might want to find the security identifier (SID) for a particular user's account in Windows, but in our corner of the world, the common reason for doing so is to determine which key under HKEY_USERS in the Windows Registry to look for user-specific registry data.
Regardless of the reason for your need, matching SIDs to usernames is really easy thanks to the wmic command, a command available from the Command Prompt in most versions of Windows.
Find a User's SID With WMIC
1. Open Command Prompt.
In Windows 10 and Windows 8, if you're using a keyboard and mouse, the fastest way is through the Power User Menu, accessible with the WIN+X shortcut.
If you don't see Command Prompt there, type cmd into the search bar in the Start menu, and select Command Prompt when you see it.
Note: You don't have to open an elevated Command Prompt for this to work. Some Windows commands require it, but in the WMIC command example below, you can open a regular, non-administrative Command Prompt.
2. Type the following command into Command Prompt exactly as it's shown here, including spaces or lack thereof:
wmic useraccount get name,sid
...and then press Enter.
Tip: If you know the username and would like to grab only that one user's SID, enter this command but replace USER with the username (keep the quotes):
wmic useraccount where name="USER" get sid
Note: If you get an error that the wmic command isn't recognized, change the working directory to be C:\Windows\System32\wbem\ and try again. You can do that with the cd (change directory) command.
3. You should see a table displayed in Command Prompt. This is a list of each user account in Windows, listed by username, followed by the account's corresponding SID.
Now that you're confident that a particular user name corresponds to a particular SID, you can make whatever changes you need to in the registry or do whatever else you needed this information for.
FINDING THE USERNAME USING THE SID
If you happen to have a case where you need to find the user name but all you have is the security identifier, you can "reverse" the command like this (just replace this SID with the one in question):
wmic useraccount where sid="S-1-5-21-992878714-4041223874-2616370337-1001" get name
...to get a result like this:
Name
jonfi
How to Find a User's SID in the Registry
You can also determine a user's SID by looking through the ProfileImagePath values in each S-1-5-21 prefixed SID listed under this key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
The ProfileImagePath value within each SID-named registry key lists the profile directory, which includes the username.
For example, the ProfileImagePath value under the S-1-5-21-992878714-4041223874-2616370337-1001 key on the computer you see above is C:\Users\jonfi, so we know that the SID for the user "jonfi" is "S-1-5-21-992878714-4041223874-2616370337-1001".
Note: This method of matching users to SIDs will only show those users who are logged in or have logged in and switched users. To continue to use the registry method for determining other user's SIDs, you'll need to log in as each user on the system and repeat these steps. This is a big drawback; assuming you're able, you're much better off using the wmic command method above.
No comments:
Post a Comment