Edit

Share via

WELL_KNOWN_SID_TYPE enumeration (winnt.h)

  • 03/13/2023

The WELL_KNOWN_SID_TYPE enumeration is a list of commonly used security identifiers (SIDs). Programs can pass these values to the CreateWellKnownSid function to create a SID from this list.

Syntax

typedef enum {
  WinNullSid = 0,
  WinWorldSid = 1,
  WinLocalSid = 2,
  WinCreatorOwnerSid = 3,
  WinCreatorGroupSid = 4,
  WinCreatorOwnerServerSid = 5,
  WinCreatorGroupServerSid = 6,
  WinNtAuthoritySid = 7,
  WinDialupSid = 8,
  WinNetworkSid = 9,
  WinBatchSid = 10,
  WinInteractiveSid = 11,
  WinServiceSid = 12,
  WinAnonymousSid = 13,
  WinProxySid = 14,
  WinEnterpriseControllersSid = 15,
  WinSelfSid = 16,
  WinAuthenticatedUserSid = 17,
  WinRestrictedCodeSid = 18,
  WinTerminalServerSid = 19,
  WinRemoteLogonIdSid = 20,
  WinLogonIdsSid = 21,
  WinLocalSystemSid = 22,
  WinLocalServiceSid = 23,
  WinNetworkServiceSid = 24,
  WinBuiltinDomainSid = 25,
  WinBuiltinAdministratorsSid = 26,
  WinBuiltinUsersSid = 27,
  WinBuiltinGuestsSid = 28,
  WinBuiltinPowerUsersSid = 29,
  WinBuiltinAccountOperatorsSid = 30,
  WinBuiltinSystemOperatorsSid = 31,
  WinBuiltinPrintOperatorsSid = 32,
  WinBuiltinBackupOperatorsSid = 33,
  WinBuiltinReplicatorSid = 34,
  WinBuiltinPreWindows2000CompatibleAccessSid = 35,
  WinBuiltinRemoteDesktopUsersSid = 36,
  WinBuiltinNetworkConfigurationOperatorsSid = 37,
  WinAccountAdministratorSid = 38,
  WinAccountGuestSid = 39,
  WinAccountKrbtgtSid = 40,
  WinAccountDomainAdminsSid = 41,
  WinAccountDomainUsersSid = 42,
  WinAccountDomainGuestsSid = 43,
  WinAccountComputersSid = 44,
  WinAccountControllersSid = 45,
  WinAccountCertAdminsSid = 46,
  WinAccountSchemaAdminsSid = 47,
  WinAccountEnterpriseAdminsSid = 48,
  WinAccountPolicyAdminsSid = 49,
  WinAccountRasAndIasServersSid = 50,
  WinNTLMAuthenticationSid = 51,
  WinDigestAuthenticationSid = 52,
  WinSChannelAuthenticationSid = 53,
  WinThisOrganizationSid = 54,
  WinOtherOrganizationSid = 55,
  WinBuiltinIncomingForestTrustBuildersSid = 56,
  WinBuiltinPerfMonitoringUsersSid = 57,
  WinBuiltinPerfLoggingUsersSid = 58,
  WinBuiltinAuthorizationAccessSid = 59,
  WinBuiltinTerminalServerLicenseServersSid = 60,
  WinBuiltinDCOMUsersSid = 61,
  WinBuiltinIUsersSid = 62,
  WinIUserSid = 63,
  WinBuiltinCryptoOperatorsSid = 64,
  WinUntrustedLabelSid = 65,
  WinLowLabelSid = 66,
  WinMediumLabelSid = 67,
  WinHighLabelSid = 68,
  WinSystemLabelSid = 69,
  WinWriteRestrictedCodeSid = 70,
  WinCreatorOwnerRightsSid = 71,
  WinCacheablePrincipalsGroupSid = 72,
  WinNonCacheablePrincipalsGroupSid = 73,
  WinEnterpriseReadonlyControllersSid = 74,
  WinAccountReadonlyControllersSid = 75,
  WinBuiltinEventLogReadersGroup = 76,
  WinNewEnterpriseReadonlyControllersSid = 77,
  WinBuiltinCertSvcDComAccessGroup = 78,
  WinMediumPlusLabelSid = 79,
  WinLocalLogonSid = 80,
  WinConsoleLogonSid = 81,
  WinThisOrganizationCertificateSid = 82,
  WinApplicationPackageAuthoritySid = 83,
  WinBuiltinAnyPackageSid = 84,
  WinCapabilityInternetClientSid = 85,
  WinCapabilityInternetClientServerSid = 86,
  WinCapabilityPrivateNetworkClientServerSid = 87,
  WinCapabilityPicturesLibrarySid = 88,
  WinCapabilityVideosLibrarySid = 89,
  WinCapabilityMusicLibrarySid = 90,
  WinCapabilityDocumentsLibrarySid = 91,
  WinCapabilitySharedUserCertificatesSid = 92,
  WinCapabilityEnterpriseAuthenticationSid = 93,
  WinCapabilityRemovableStorageSid = 94,
  WinBuiltinRDSRemoteAccessServersSid = 95,
  WinBuiltinRDSEndpointServersSid = 96,
  WinBuiltinRDSManagementServersSid = 97,
  WinUserModeDriversSid = 98,
  WinBuiltinHyperVAdminsSid = 99,
  WinAccountCloneableControllersSid = 100,
  WinBuiltinAccessControlAssistanceOperatorsSid = 101,
  WinBuiltinRemoteManagementUsersSid = 102,
  WinAuthenticationAuthorityAssertedSid = 103,
  WinAuthenticationServiceAssertedSid = 104,
  WinLocalAccountSid = 105,
  WinLocalAccountAndAdministratorSid = 106,
  WinAccountProtectedUsersSid = 107,
  WinCapabilityAppointmentsSid = 108,
  WinCapabilityContactsSid = 109,
  WinAccountDefaultSystemManagedSid = 110,
  WinBuiltinDefaultSystemManagedGroupSid = 111,
  WinBuiltinStorageReplicaAdminsSid = 112,
  WinAccountKeyAdminsSid = 113,
  WinAccountEnterpriseKeyAdminsSid = 114,
  WinAuthenticationKeyTrustSid = 115,
  WinAuthenticationKeyPropertyMFASid = 116,
  WinAuthenticationKeyPropertyAttestationSid = 117,
  WinAuthenticationFreshKeyAuthSid = 118,
  WinBuiltinDeviceOwnersSid = 119,
  WinBuiltinUserModeHardwareOperatorsSid,
  WinBuiltinOpenSSHUsersSid
} WELL_KNOWN_SID_TYPE;

Constants

 
WinNullSid
Value: 0
Indicates a null SID.
WinWorldSid
Value: 1
Indicates a SID that matches everyone.
WinLocalSid
Value: 2
Indicates a local SID.
WinCreatorOwnerSid
Value: 3
Indicates a SID that matches the owner or creator of an object.
WinCreatorGroupSid
Value: 4
Indicates a SID that matches the creator group of an object.
WinCreatorOwnerServerSid
Value: 5
Indicates a creator owner server SID.
WinCreatorGroupServerSid
Value: 6
Indicates a creator group server SID.
WinNtAuthoritySid
Value: 7
Indicates a SID for the Windows NT authority account.
WinDialupSid
Value: 8
Indicates a SID for a dial-up account.
WinNetworkSid
Value: 9
Indicates a SID for a network account. This SID is added to the process of a token when it logs on across a network. The corresponding logon type is LOGON32_LOGON_NETWORK.
WinBatchSid
Value: 10
Indicates a SID for a batch process. This SID is added to the process of a token when it logs on as a batch job. The corresponding logon type is LOGON32_LOGON_BATCH.
WinInteractiveSid
Value: 11
Indicates a SID for an interactive account. This SID is added to the process of a token when it logs on interactively. The corresponding logon type is LOGON32_LOGON_INTERACTIVE.
WinServiceSid
Value: 12
Indicates a SID for a service. This SID is added to the process of a token when it logs on as a service. The corresponding logon type is LOGON32_LOGON_SERVICE.
WinAnonymousSid
Value: 13
Indicates a SID for the anonymous account.
WinProxySid
Value: 14
Indicates a proxy SID.
WinEnterpriseControllersSid
Value: 15
Indicates a SID for an enterprise controller.
WinSelfSid
Value: 16
Indicates a SID for self.
WinAuthenticatedUserSid
Value: 17
Indicates a SID that matches any authenticated user.
WinRestrictedCodeSid
Value: 18
Indicates a SID for restricted code.
WinTerminalServerSid
Value: 19
Indicates a SID that matches a terminal server account.
WinRemoteLogonIdSid
Value: 20
Indicates a SID that matches remote logons.
WinLogonIdsSid
Value: 21
Indicates a SID that matches logon IDs.
WinLocalSystemSid
Value: 22
Indicates a SID that matches the local system.
WinLocalServiceSid
Value: 23
Indicates a SID that matches a local service.
WinNetworkServiceSid
Value: 24
Indicates a SID that matches a network service.
WinBuiltinDomainSid
Value: 25
Indicates a SID that matches the domain account.
WinBuiltinAdministratorsSid
Value: 26
Indicates a SID that matches the administrator group.
WinBuiltinUsersSid
Value: 27
Indicates a SID that matches built-in user accounts.
WinBuiltinGuestsSid
Value: 28
Indicates a SID that matches the guest account.
WinBuiltinPowerUsersSid
Value: 29
Indicates a SID that matches the power users group.
WinBuiltinAccountOperatorsSid
Value: 30
Indicates a SID that matches the account operators account.
WinBuiltinSystemOperatorsSid
Value: 31
Indicates a SID that matches the system operators group.
WinBuiltinPrintOperatorsSid
Value: 32
Indicates a SID that matches the print operators group.
WinBuiltinBackupOperatorsSid
Value: 33
Indicates a SID that matches the backup operators group.
WinBuiltinReplicatorSid
Value: 34
Indicates a SID that matches the replicator account.
WinBuiltinPreWindows2000CompatibleAccessSid
Value: 35
Indicates a SID that matches pre-Windows 2000 compatible accounts.
WinBuiltinRemoteDesktopUsersSid
Value: 36
Indicates a SID that matches remote desktop users.
WinBuiltinNetworkConfigurationOperatorsSid
Value: 37
Indicates a SID that matches the network operators group.
WinAccountAdministratorSid
Value: 38
Indicates a SID that matches the account administrator's account.
WinAccountGuestSid
Value: 39
Indicates a SID that matches the account guest group.
WinAccountKrbtgtSid
Value: 40
Indicates a SID that matches account Kerberos target group.
WinAccountDomainAdminsSid
Value: 41
Indicates a SID that matches the account domain administrator group.
WinAccountDomainUsersSid
Value: 42
Indicates a SID that matches the account domain users group.
WinAccountDomainGuestsSid
Value: 43
Indicates a SID that matches the account domain guests group.
WinAccountComputersSid
Value: 44
Indicates a SID that matches the account computer group.
WinAccountControllersSid
Value: 45
Indicates a SID that matches the account controller group.
WinAccountCertAdminsSid
Value: 46
Indicates a SID that matches the certificate administrators group.
WinAccountSchemaAdminsSid
Value: 47
Indicates a SID that matches the schema administrators group.
WinAccountEnterpriseAdminsSid
Value: 48
Indicates a SID that matches the enterprise administrators group.
WinAccountPolicyAdminsSid
Value: 49
Indicates a SID that matches the policy administrators group.
WinAccountRasAndIasServersSid
Value: 50
Indicates a SID that matches the RAS and IAS server account.
WinNTLMAuthenticationSid
Value: 51
Indicates a SID present when the Microsoft NTLM authentication package authenticated the client.
WinDigestAuthenticationSid
Value: 52
Indicates a SID present when the Microsoft Digest authentication package authenticated the client.
WinSChannelAuthenticationSid
Value: 53
Indicates a SID present when the Secure Channel (SSL/TLS) authentication package authenticated the client.
WinThisOrganizationSid
Value: 54
Indicates a SID present when the user authenticated from within the forest or across a trust that does not have the selective authentication option enabled. If this SID is present, then WinOtherOrganizationSid cannot be present.
WinOtherOrganizationSid
Value: 55
Indicates a SID present when the user authenticated across a forest with the selective authentication option enabled. If this SID is present, then WinThisOrganizationSid cannot be present.
WinBuiltinIncomingForestTrustBuildersSid
Value: 56
Indicates a SID that allows a user to create incoming forest trusts. It is added to the token of users who are a member of the Incoming Forest Trust Builders built-in group in the root domain of the forest.
WinBuiltinPerfMonitoringUsersSid
Value: 57
Indicates a SID that matches the performance monitor user group.
WinBuiltinPerfLoggingUsersSid
Value: 58
Indicates a SID that matches the performance log user group.
WinBuiltinAuthorizationAccessSid
Value: 59
Indicates a SID that matches the Windows Authorization Access group.
WinBuiltinTerminalServerLicenseServersSid
Value: 60
Indicates a SID is present in a server that can issue terminal server licenses.
WinBuiltinDCOMUsersSid
Value: 61
Indicates a SID that matches the distributed COM user group.
WinBuiltinIUsersSid
Value: 62
Indicates a SID that matches the Internet built-in user group.
WinIUserSid
Value: 63
Indicates a SID that matches the Internet user group.
WinBuiltinCryptoOperatorsSid
Value: 64
Indicates a SID that allows a user to use cryptographic operations. It is added to the token of users who are a member of the CryptoOperators built-in group.
WinUntrustedLabelSid
Value: 65
Indicates a SID that matches an untrusted label.
WinLowLabelSid
Value: 66
Indicates a SID that matches a low level of trust label.
WinMediumLabelSid
Value: 67
Indicates a SID that matches a medium level of trust label.
WinHighLabelSid
Value: 68
Indicates a SID that matches a high level of trust label.
WinSystemLabelSid
Value: 69
Indicates a SID that matches a system label.
WinWriteRestrictedCodeSid
Value: 70
Indicates a SID that matches a write restricted code group.
WinCreatorOwnerRightsSid
Value: 71
Indicates a SID that matches a creator and owner rights group.
WinCacheablePrincipalsGroupSid
Value: 72
Indicates a SID that matches a cacheable principals group.
WinNonCacheablePrincipalsGroupSid
Value: 73
Indicates a SID that matches a non-cacheable principals group.
WinEnterpriseReadonlyControllersSid
Value: 74
Indicates a SID that matches an enterprise wide read-only controllers group.
WinAccountReadonlyControllersSid
Value: 75
Indicates a SID that matches an account read-only controllers group.
WinBuiltinEventLogReadersGroup
Value: 76
Indicates a SID that matches an event log readers group.
WinNewEnterpriseReadonlyControllersSid
Value: 77
Indicates a SID that matches a read-only enterprise domain controller.
WinBuiltinCertSvcDComAccessGroup
Value: 78
Indicates a SID that matches the built-in DCOM certification services access group.
WinMediumPlusLabelSid
Value: 79
Indicates a SID that matches the medium plus integrity label.

Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP:  This value is not available.
WinLocalLogonSid
Value: 80
Indicates a SID that matches a local logon group.

Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP:  This value is not available.
WinConsoleLogonSid
Value: 81
Indicates a SID that matches a console logon group.

Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP:  This value is not available.
WinThisOrganizationCertificateSid
Value: 82
Indicates a SID that matches a certificate for the given organization.

Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP:  This value is not available.
WinApplicationPackageAuthoritySid
Value: 83
Indicates a SID that matches the application package authority.

Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP:  This value is not available.
WinBuiltinAnyPackageSid
Value: 84
Indicates a SID that applies to all app containers.

Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP:  This value is not available.
WinCapabilityInternetClientSid
Value: 85
Indicates a SID of Internet client capability for app containers.

Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP:  This value is not available.
WinCapabilityInternetClientServerSid
Value: 86
Indicates a SID of Internet client and server capability for app containers.

Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP:  This value is not available.
WinCapabilityPrivateNetworkClientServerSid
Value: 87
Indicates a SID of private network client and server capability for app containers.

Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP:  This value is not available.
WinCapabilityPicturesLibrarySid
Value: 88
Indicates a SID for pictures library capability for app containers.

Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP:  This value is not available.
WinCapabilityVideosLibrarySid
Value: 89
Indicates a SID for videos library capability for app containers.

Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP:  This value is not available.
WinCapabilityMusicLibrarySid
Value: 90
Indicates a SID for music library capability for app containers.

Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP:  This value is not available.
WinCapabilityDocumentsLibrarySid
Value: 91
Indicates a SID for documents library capability for app containers.

Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP:  This value is not available.
WinCapabilitySharedUserCertificatesSid
Value: 92
Indicates a SID for shared user certificates capability for app containers.

Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP:  This value is not available.
WinCapabilityEnterpriseAuthenticationSid
Value: 93
Indicates a SID for Windows credentials capability for app containers.

Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP:  This value is not available.
WinCapabilityRemovableStorageSid
Value: 94
Indicates a SID for removable storage capability for app containers.

Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP:  This value is not available.
WinBuiltinRDSRemoteAccessServersSid
Value: 95
WinBuiltinRDSEndpointServersSid
Value: 96
WinBuiltinRDSManagementServersSid
Value: 97
WinUserModeDriversSid
Value: 98
WinBuiltinHyperVAdminsSid
Value: 99
WinAccountCloneableControllersSid
Value: 100
WinBuiltinAccessControlAssistanceOperatorsSid
Value: 101
WinBuiltinRemoteManagementUsersSid
Value: 102
WinAuthenticationAuthorityAssertedSid
Value: 103
WinAuthenticationServiceAssertedSid
Value: 104
WinLocalAccountSid
Value: 105
WinLocalAccountAndAdministratorSid
Value: 106
WinAccountProtectedUsersSid
Value: 107
WinCapabilityAppointmentsSid
Value: 108
WinCapabilityContactsSid
Value: 109
WinAccountDefaultSystemManagedSid
Value: 110
WinBuiltinDefaultSystemManagedGroupSid
Value: 111
WinBuiltinStorageReplicaAdminsSid
Value: 112
WinAccountKeyAdminsSid
Value: 113
WinAccountEnterpriseKeyAdminsSid
Value: 114
WinAuthenticationKeyTrustSid
Value: 115
WinAuthenticationKeyPropertyMFASid
Value: 116
WinAuthenticationKeyPropertyAttestationSid
Value: 117
WinAuthenticationFreshKeyAuthSid
Value: 118
WinBuiltinDeviceOwnersSid
Value: 119

Requirements

Requirement Value
Minimum supported client Windows XP [desktop apps only]
Minimum supported server Windows Server 2003 [desktop apps only]
Header winnt.h (include Windows.h)

See also

Allowing Anonymous Access

CreateWellKnownSid

IsWellKnownSid

Well-known SIDs