Security Identifiers (SIDs)
Every user in Windows NT is represented by a unique security identifier (SID). SIDs for users always start with S-1-5-21 in Windows, denoting that they are issued by the NT identifying authority and that they may not be unique within the universe of SIDs. User SIDs are based on machine SIDs. For instance, S-1-5-21-1095672315-1787444531-3518664281 may be the SID of a machine. Users, in turns, will have SIDs based on the machine or domain SID, with a relative identifier (RID) appended. For example, the administrator on the machine will have a SID of S-1-5-21-1095672315-1787444531-3518664281-500.
In this tutorial:
- Protecting Hosts
- Security Configuration Myths
- Myth 1: Security Guides Make Your System Secure
- Myth 2: If We Hide It, they Not Find It
- Myth 3: The More Tweaks, the Better
- Myth 4: Tweaks Are Necessary
- Myth 5: All Environments Should At Least Use <Insert Favorite Guide Here>
- Myth 6: "High Security" Is an End Goal for All Environments
- Myth 7: Start Securing Your Environment by Applying a Security Guide
- Myth 8: Security Tweaks Can Fix Physical Security Problems
- Myth 9: Security Tweaks Will Stop Worms/Viruses
- Myth 10: An Expert Recommended This Tweak as Defense in Depth
- Server Security Tweaks
- Software Restriction Policies
- Do Not Store LAN Manager Hash Value
- Anonymous Restrictions
- Security Identifiers (SIDs)
- Password Policies
- SMB Message Signing
- Networking LAN Manager Authentication Level
- TCP Hardening
- Restricted Groups
- Audit Settings
- Client Security Tweaks
- Firewalls
- IPsec Filters
- SafeDllSearchMode
- Local Administrator Account Control
- Limit Local Account Use of Blank Passwords to Console Logon Only
- Logon Events
- Allowed to Format and Eject Removable Media
- The Caution ListChanges You Should Not Make
- Crash on Audit Failure
- Clear Virtual Memory Page File
- Security Configuration Tools