| Platform SDK: Access Control |
In the security descriptor definition language (SDDL), security descriptor string use SID strings for the following components of a security descriptor:
A SID string in a security descriptor string can use either the standard string representation of a SID (S-R-I-S-S...) or one of the string constants defined in sddl.h. For more information about the standard SID string notation, see SID Components.
The following SID string constants for well-known SIDs are defined in sddl.h.
| SID string | Constant in sddl.h |
Account alias |
|---|---|---|
| "AO" | SDDL_ACCOUNT_OPERATORS | Account operators |
| "AU" | SDDL_AUTHENTICATED_USERS | Authenticated users |
| "BA" | SDDL_BUILTIN_ADMINISTRATORS | Built-in administrators |
| "BG" | SDDL_BUILTIN_GUESTS | Builtin guests |
| "BO" | SDDL_BACKUP_OPERATORS | Backup operators |
| "BU" | SDDL_BUILTIN_USERS | Builtin users |
| "CA" | SDDL_CERT_SERV_ADMINISTRATORS | Certificate server administrators |
| "CG" | SDDL_CREATOR_GROUP | Creator group |
| "CO" | SDDL_CREATOR_OWNER | Creator owner |
| "DA" | SDDL_DOMAIN_ADMINISTRATORS | Domain administrators |
| "DC" | SDDL_DOMAIN_COMPUTERS | Domain computers |
| "DD" | SDDL_DOMAIN_DOMAIN_CONTROLLERS | Domain controllers |
| "DG" | SDDL_DOMAIN_GUESTS | Domain guests |
| "DU" | SDDL_DOMAIN_USERS | Domain users |
| "ED" | SDDL_ENTERPRISE_DOMAIN_CONTROLLERS | Enterprise domain controllers |
| "IU" | SDDL_INTERACTIVE | Interactively logged-on user |
| "LA" | SDDL_LOCAL_ADMIN | Local administrator |
| "LG" | SDDL_LOCAL_GUEST | Local guest |
| "NU" | SDDL_NETWORK | Network logon user |
| "PO" | SDDL_PRINTER_OPERATORS | Printer operators |
| "PS" | SDDL_PERSONAL_SELF | Personal self |
| "PU" | SDDL_POWER_USERS | Power users |
| "RC" | SDDL_RESTRICTED_CODE | Restricted code |
| "RE" | SDDL_REPLICATOR | Replicator |
| "SA" | SDDL_SCHEMA_ADMINISTRATORS | Schema administrators |
| "SO" | SDDL_SERVER_OPERATORS | Server operators |
| "SU" | SDDL_SERVICE | Service logon user |
| "SY" | SDDL_LOCAL_SYSTEM | Local System |
| "WD" | SDDL_EVERYONE | World (Everyone) |
The ConvertSidToStringSid and ConvertStringSidToSid functions always use the standard SID string notation and do not support SDDL SID string constants.