差分

このページの2つのバージョン間の差分を表示します。

--- windows:sid [2020/03/25 03:19] – [参考文献] ともやん
+++ windows:sid [2020/03/25 07:02] (現在) – [S-1-1- ～ S-1-3-、S-1-5- (SECURITY_NT_AUTHORITY)] ともやん
@@ 行 5: / 行 5: @@
       overflow: scroll;
       overflow-x: hidden;
-      font-size: 12px;
+      font-size: 10px;
     }
   </style>
 </html>
-====== Windows セキュリティ識別子(SID) ======
+====== Windows Security Identifiers (SID) - セキュリティ識別子 ======
-<WRAP prewrap 100% #result>
+===== S-1-1- ～ S-1-3-、S-1-5- (SECURITY_NT_AUTHORITY) =====
 <code powershell>
 PS > Get-CimInstance -ClassName Win32_GroupUser
+</code>
+<WRAP prewrap 100% #result>
+<code powershell>
 GroupComponent                                                        PartComponent                                                       PSComputerName
 --------------                                                        -------------                                                       --------------
@@ 行 29: / 行 32: @@
 Win32_Group (Name = "Debugger Users", Domain = "CMON")                Win32_UserAccount (Name = "tomoyan", Domain = "CMON")
-PS > Get-CimInstance -ClassName Win32_SystemAccount | ft Name, SID
+</code>
+</WRAP>
+<code powershell>
+PS > Get-CimInstance -ClassName Win32_SystemAccount | ft Name, SID
+</code>
+<WRAP prewrap 100% #result>
+<code powershell>
 Name                          SID
 ----                          ---
@@ 行 59: / 行 68: @@
 BUILTIN                       S-1-5-32
-PS > Get-CimInstance -ClassName Win32_UserAccount | ft Name, SID
+</code>
+</WRAP>
+<code powershell>
+PS > Get-CimInstance -ClassName Win32_UserAccount | ft Name, SID
+</code>
+<WRAP prewrap 100% #result>
+<code powershell>
 Name               SID
 ----               ---
@@ 行 69: / 行 84: @@
 WDAGUtilityAccount S-1-5-21-862093196-3552257265-3460289004-504
-PS > Get-LocalGroup | ft Name, SID
+</code>
+</WRAP>
+<code powershell>
+PS > Get-LocalGroup | ft Name, SID
+</code>
+<WRAP prewrap 100% #result>
+<code powershell>
 Name                                SID
 ----                                ---
@@ 行 95: / 行 116: @@
 </code>
 </WRAP>
+===== S-1-15- (Capability SID) - 機能SID =====
+<WRAP prewrap 100%>
+<code powershell>
+PS > Get-ItemPropertyValue -Path HKLM:\SOFTWARE\Microsoft\SecurityManager\CapabilityClasses -Name AllCachedCapabilities
+</code>
+</WRAP>
+<WRAP prewrap 100% #result>
+<code powershell>
+S-1-15-3-1024-955681297-3470559067-873149510-312866181-505149074-2965990245-3641224364-480676545
+S-1-15-3-1024-3167453650-624722384-889205278-321484983-714554697-3592933102-807660695-1632717421
+S-1-15-3-2105443330-1210154068-4021178019-2481794518
+S-1-15-3-1024-3275915203-3073501320-309536135-1674744297-1740689076-4251230105-810187298-4091229748
+S-1-15-3-1
+S-1-15-3-1024-3996699186-3595629362-3480063212-3905085333-2276303035-3068169911-3004821721-4252886170
+S-1-15-3-12
+S-1-15-3-1024-1615643396-3082447698-3017968123-3374415059-2610093431-2583988378-2307023373-470284681
+S-1-15-3-1024-3802075078-3056353928-831493480-1656114792-3017467262-3614159431-110502994-2980336225
+S-1-15-3-1024-278763595-641296858-3665893476-2977301132-1926709684-2066268498-4151792040-2589241065
+S-1-15-3-1024-1692970155-4054893335-185714091-3362601943-3526593181-1159816984-2199008581-497492991
+S-1-15-3-1024-3804131010-705767314-2184915385-1233717497-4177653708-4048234552-2488388519-2361358067
+S-1-15-3-1024-1023893147-235863880-425656572-4266519675-2590647553-3475379062-430000033-3360374247
+S-1-15-3-1024-2035927579-283314533-3422103930-3587774809-765962649-3034203285-3544878962-607181067
+S-1-15-3-1024-2263946659-221263054-3004297223-2509109377-4006057435-143953683-28675390-302247413
+S-1-15-3-1024-2946685888-1412457410-1274547043-2288208346-1419295423-4263087484-1197735815-185032629
+S-1-15-3-1024-4044835139-2658482041-3127973164-329287231-3865880861-1938685643-461067658-1087000422
+S-1-15-3-1024-1631604711-3604716289-3767720303-698625756-2814662190-970047950-2326260488-1280393717
+S-1-15-3-1024-724741592-1210917904-489960769-637019204-3345707629-3097053430-1727148295-85063603
+S-1-15-3-1024-1727386112-3145810323-3431268083-3689970327-739836844-3616656621-880051228-1594631605
+S-1-15-3-1024-4191902497-1978494743-2749246665-3072910927-102050379-1373940514-1865125746-920055924
+S-1-15-3-1024-192337609-3775446108-269428844-3253752169-951748958-3578505117-3621846901-2918023745
+S-1-15-3-1024-3190844328-4099963570-3870079217-2969588245-2822710570-1600598934-3576592281-2616761512
+...
+</code>
+</WRAP>
 ===== 参考文献 =====
@@ 行 100: / 行 157: @@
 [[https://tech.guitarrapc.com/entry/2013/02/08/210233|PowerShellでCIM cmdletを用いて対象PCのユーザーや所属するユーザーグループを調べる - tech.guitarrapc.cóm]]\\
 [[https://tutorialmore.com/questions-121178.htm|非表示/仮想Windowsユーザーアカウントのリスト - 初心者向けチュートリアル]]\\
 [[https://www.bleepingcomputer.com/news/microsoft/windows-10-could-break-if-capability-sids-are-removed-from-permissions/|Windows 10 Could Break If Capability SIDs Are Removed From Permissions]]\\
+[[https://www.atmarkit.co.jp/ait/articles/0306/28/news004.html|オブジェクトを識別するSIDとは？：Tech TIPS - ＠IT]]\\
 [[https://support.microsoft.com/en-us/help/243330/well-known-security-identifiers-in-windows-operating-systems|Well-known security identifiers in Windows operating systems]]\\
 [[https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc782090(v=ws.10)?redirectedfrom=MSDN|Security Identifiers Technical Reference | Microsoft Docs]]\\
 [[https://docs.microsoft.com/ja-jp/windows/win32/secauthz/well-known-sids?redirectedfrom=MSDN|Well-known SIDs - Win32 apps | Microsoft Docs]]\\
+[[https://renenyffenegger.ch/notes/Windows/security/SID/index|Windows security identifiers (SID)]]\\
+[[http://www7a.biglobe.ne.jp/~tsuneoka/win32tech/12.html|Windows NTでアプリを実行するユーザーを制御する方法]]\\
+[[http://eternalwindows.jp/security/account/account10.html|SIDの形式 - eternalwindows]]\\