General discussion

Locked

SIDS in NT 4.0

By mtkovach ·
Does anyone happen to know What is the maximum number of SIDS available in Windows NT 4.0? And where I might find it in writing?

This conversation is currently closed to new comments.

11 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

SIDS in NT 4.0

by Hasse MCSE/Brainbench In reply to SIDS in NT 4.0

Hi!

I don't know where you can find it in writing and I don't understand why you would need this information.

I'm not sure about this information, but since the sids are in a database of some sort you could in theory have ifninite many sids.
In real life the computer hd, ram, cpu and such will pose restrictions on the number due to lack of resources.

/Hasse
PS! I'm not sure of this, but anyway it's enough to at least being able to run 40000 users in the same domain so this is the minimum number of sids I know NT can handle. D.S.

Collapse -

SIDS in NT 4.0

by mtkovach In reply to SIDS in NT 4.0

Windows NT assigns a unique SID to every user, computer, domain, group etc...The SIDS are unique and not reusable. Therfore if you delete a user the SID is used, and if you add a user a new SID is assigned therefore the 40,000 rule doesn't apply. There has to be a maximum number or why else would microsoft say not to delete users but disable and re-name.

Collapse -

SIDS in NT 4.0

by Leastar In reply to SIDS in NT 4.0

Windows NT receommends disabling and renaming a user for the simple reason of keeping the rights & permissions in the event that another person takes over the previous users responsabilities. That way you do not have to go through the hassle of adding the new user to all the same groups as the previous user. This works in the event you have the account defined by the job instead of the users name.

For your proof of how many there are- on page 351 of the book titled Mastering Windows NT Server 4 Fifth Edition it states; " ...there are 4 billion (SIDs) so you're not likely to run out." Very interesting read so take a look.

Leastar

Collapse -

SIDS in NT 4.0

by mtkovach In reply to SIDS in NT 4.0

That is only one reason, and the most popular for ordinary users, that Microsoft recommends disabling vice deleteing. There has been one case that I have heard of (but have not been able to find it in writing) where a company ran out due to deletion. This obviously was in the begining of NT and the company was a large enterprise with heavy turnover. Anyway I know exactly the book and section you are talking about. I realize that under normal circumstances you would never run out of SIDS but that is precisely the reason I am asking. Somewhere someone (Microsoft) has had to either; A)Done the mathematical computation or, B)Had a lot of time on their hands and tried to use them all. Thanks for your help and if you should happen to come acrosssome more info please pass it along. Thanks again.
mtkovach
MCP; Control Tech.

Collapse -

SIDS in NT 4.0

by James_Randy In reply to SIDS in NT 4.0

Sorry, but I don't know.

Collapse -

SIDS in NT 4.0

by mtkovach In reply to SIDS in NT 4.0

That's okay thanks for reading it and taking the time. It really is a tougher question then it seems.

Collapse -

SIDS in NT 4.0

by maxwell edison In reply to SIDS in NT 4.0

Greetings,

You have a very interesting question. I don't know why you would ask it, but it is interesting nonetheless. It tweaked my interest so I invested a few minutes, and I came up with the following answer.

Your question is, "What is <are> the maximum number of SIDS available in Windows NT 4.0"?

The answer is "unlimited". My reason is as follows:

SID stands for Security Identifier and is used within NT as a value to uniquely identify an object such as a user or a group. The SID assigned to a user becomes part of the access token, which is then attached to any action attempted or process executed by that user or group. If a duplicate SID did exist then all users with this SID would authenticate as what would be seen as thesame user. It is possible for cloned machines to have the same SID, which would be seen by the authentication mechanism as the same machine. The SID under normal operation will be unique and will identify an individual object such as a user, group or a machine.

Since a SID is attached to an individual object such as a user, group or a machine, one is led to ask, "What is the maximum number of users, groups, and computers in a domain"?

The answer is, "There is NO physical limit in Windows NT 4.0".

Therefore, the number of SIDs possible is "unlimited".

Sources (where you might find it in writing):

http://secinf.net/info/nt/ntfaq/security27.html

http://www.jsiinc.com/SUBC/tip1000/rh1023.htm

Regards,

Maxwell

(I must have way too mucj time on my hands.)

Collapse -

SIDS in NT 4.0

by mtkovach In reply to SIDS in NT 4.0

The question was auto-closed by TechRepublic

Collapse -

SIDS in NT 4.0

by Soekratis In reply to SIDS in NT 4.0

limitation on the SID is limited to the amount of resources on one machine or domain

Collapse -

SIDS in NT 4.0

by mtkovach In reply to SIDS in NT 4.0

The question was auto-closed by TechRepublic

Back to Windows Forum
11 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums