Is a SID with zero subauthorities a valid SID? It depends whom you ask

Raymond Chen

Here’s an interesting table.

Function Is Sub­Authority­Count=0 valid?
IsValidSid Yes
Convert­Sid­To­String­Sid Yes
ConvertString­­Sid­To­Sid No

That last entry creates the unfortunate situation where a SID with no subauthorities can be converted to a string, but cannot be converted back.

If it’s any consolation, SIDs with no subauthorities aren’t encountered in normal usage, so if you ever accidentally reject one of these, it’s not going to inconvenience anyone.

Oh, and the answer to the question at the top: Yes, a SID with zero subauthorities is technically valid. It’s a degenerate case that’s not very interesting, but it is technically valid.


Discussion is closed.

Feedback usabilla icon