Is a SID with zero subauthorities a valid SID? It depends whom you ask

Raymond Chen

Raymond

Here’s an interesting table.

FunctionIs Sub­Authority­Count=0 valid?
IsValidSidYes
Convert­Sid­To­String­SidYes
ConvertString­­Sid­To­SidNo

That last entry creates the unfortunate situation where a SID with no subauthorities can be converted to a string, but cannot be converted back.

If it’s any consolation, SIDs with no subauthorities aren’t encountered in normal usage, so if you ever accidentally reject one of these, it’s not going to inconvenience anyone.

Oh, and the answer to the question at the top: Yes, a SID with zero subauthorities is technically valid. It’s a degenerate case that’s not very interesting, but it is technically valid.

Raymond Chen
Raymond Chen

Follow Raymond   

0 comments

Comments are closed.