Security Identifier (SID) is a unique, immutable identifier of a user account, user group, or other security principal in the Windows NT family of operating systems.
The human-readable representation of a SID is a string that starts with "S-" and consists of several dash-separated numbers.
[2][3] However, while this is the behavior formally defined by Microsoft, and implemented by the relevant Windows APIs (e.g. RtlConvertSidToUnicodeString),[3] hexadecimal identifier authorities appear to have never been used in practice.
Identifier authorities are stored in big-endian format, even on little-endian CPU architectures.
The resulting SID pertains a predefined, special-purpose user group, and is valid on all Windows machines.
The machine SID is stored in the SECURITY hive of the Windows Registry, more specifically at HKEY_LOCAL_MACHINE\SECURITY\SAM\Domains\Account.
[citation needed] NewSID ensures that this SID is in a standard NT 4.0 format (3 32-bit subauthorities preceded by three 32-bit authority fields).
NewSID's generation takes great pains to create a truly random 96-bit value, which replaces the 96-bits of the 3 subauthority values that make up a computer SID.The machine SID is stored in a raw-bytes form in the registry.
[20] Microsoft engineer Mark Russinovich is the creator of a utility called NewSID, the purpose of which is to solve "The SID Duplication Problem.
"[20] Microsoft has retired the utility on November 2, 2009, because, Mark and the Windows security team have concluded that duplicate SIDs do not pose any problem whatsoever.