Is a SID with zero subauthorities a valid SID? It depends whom you ask

Raymond Chen


Here’s an interesting table.

FunctionIs Sub­Authority­Count=0 valid?

That last entry creates the unfortunate situation where a SID with no subauthorities can be converted to a string, but cannot be converted back.

If it’s any consolation, SIDs with no subauthorities aren’t encountered in normal usage, so if you ever accidentally reject one of these, it’s not going to inconvenience anyone.

Oh, and the answer to the question at the top: Yes, a SID with zero subauthorities is technically valid. It’s a degenerate case that’s not very interesting, but it is technically valid.

Raymond Chen
Raymond Chen

Follow Raymond   


Comments are closed.