Is a SID with zero subauthorities a valid SID? It depends whom you ask

Raymond Chen

Here’s an interesting table.

Function	Is SubAuthorityCount=0 valid?
`IsValidSid`	Yes
`ConvertSidToStringSid`	Yes
`ConvertStringSidToSid`	No

That last entry creates the unfortunate situation where a SID with no subauthorities can be converted to a string, but cannot be converted back.

If it’s any consolation, SIDs with no subauthorities aren’t encountered in normal usage, so if you ever accidentally reject one of these, it’s not going to inconvenience anyone.

Oh, and the answer to the question at the top: Yes, a SID with zero subauthorities is technically valid. It’s a degenerate case that’s not very interesting, but it is technically valid.

Author

Raymond Chen

Raymond has been involved in the evolution of Windows for more than 30 years. In 2003, he began a Web site known as The Old New Thing which has grown in popularity far beyond his wildest imagination, a development which still gives him the heebie-jeebies. The Web site spawned a book, coincidentally also titled The Old New Thing (Addison Wesley 2007). He occasionally appears on the Windows Dev Docs Twitter account to tell stories which convey no useful information.

0 comments

Discussion are closed.

Is a SID with zero subauthorities a valid SID? It depends whom you ask

Author

0 comments

Read next

Intentionally making the suggestion look nothing like any scripting language, yet understandable enough to get the point across

What would be the point of creating a product that can’t do its job?

Author

0 comments

Read next

Intentionally making the suggestion look nothing like any scripting language, yet understandable enough to get the point across

What would be the point of creating a product that can’t do its job?

Stay informed