SID non legati ad uno specifico user o gruppo creato su AD ma ad account o funzioni di sistema. Si tratta di identificatori di utenti o gruppi noti, rimangono costanti nei diversi sistemi operativi.
Di seguito i principali:
| NULL S-1-0-0 | No Security principal. |
| EVERYONE S-1-1-0 | A group that includes all users. |
| LOCAL S-1-2-0 | A group that includes all users who have logged on locally. |
| CONSOLE_LOGON S-1-2-1 | A group that includes users who are logged on to the physical console. This SID can be used to implement security policies that grant different rights based on whether a user has been granted physical access to the console.<7> |
| CREATOR_OWNER S-1-3-0 | A placeholder in an inheritable access control entry (ACE). When the ACE is inherited, the system replaces this SID with the SID for the object’s creator. |
| CREATOR_GROUP S-1-3-1 | A placeholder in an inheritable ACE. When the ACE is inherited, the system replaces this SID with the SID for the primary group of the object’s creator. |
| OWNER_SERVER S-1-3-2 | A placeholder in an inheritable ACE. When the ACE is inherited, the system replaces this SID with the SID for the object’s owner server. |
| GROUP_SERVER S-1-3-3 | A placeholder in an inheritable ACE. When the ACE is inherited, the system replaces this SID with the SID for the object’s group server. |
| OWNER_RIGHTS S-1-3-4 | A group that represents the current owner of the object. When an ACE that carries this SID is applied to an object, the system ignores the implicit READ_CONTROL and WRITE_DAC permissions for the object owner. |
| NT_AUTHORITY S-1-5 | A SID containing only the SECURITY_NT_AUTHORITY identifier authority. |
| DIALUP S-1-5-1 | A group that includes all users who have logged on through a dial-up connection. |
| NETWORK S-1-5-2 | A group that includes all users who have logged on through a network connection. |
| BATCH S-1-5-3 | A group that includes all users who have logged on through a batch queue facility. |
| INTERACTIVE S-1-5-4 | A group that includes all users who have logged on interactively. |
| LOGON_ID S-1-5-5-x-y | A logon session. The X and Y values for these SIDs are different for each logon session and are recycled when the operating system is restarted. |
| SERVICE S-1-5-6 | A group that includes all security principals that have logged on as a service. |
| ANONYMOUS S-1-5-7 | A group that represents an anonymous logon. |
| PROXY S-1-5-8 | |
| ENTERPRISE_DOMAIN_CONTROLLERS S-1-5-9 | A group that includes all domain controllers in a forest that uses an Active Directory directory service. |
| PRINCIPAL_SELF S-1-5-10 | A placeholder in an inheritable ACE on an account object or group object in Active Directory. When the ACE is inherited, the system replaces this SID with the SID for the security principal that holds the account. |
| AUTHENTICATED_USERS S-1-5-11 | A group that includes all users whose identities were authenticated when they logged on. Users authenticated as Guest or Anonymous are not members of this group. |
Riproduzione parziale da: Microsoft Docs. La fonte riporta la lista completa
