Publish somewhere, an explanation about new SIDs added in service security descriptors of Windows Server 2019
For example, in Windows Server 2016 1607, the SD SDDL for w32time service (sc sdshow w32time) is:
D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;CCLCSWRPLOCRRC;;;LS)(A;;CCSWWPLORC;;;LS)
Now, in Windows Server 2019 1809, the SD SDDL for w32time service is:
D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;CCLCSWRPLOCRRC;;;LS)(A;;CCSWWPLORC;;;LS)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;S-1-5-80-3169285310-278349998-1452333686-3865143136-4212226833)
What is the identity for this unsolvable SID?
S-1-5-80-3169285310-278349998-1452333686-3865143136-4212226833

1 comment
-
Andrew Harris commented
Raphael, this SID matches the new Service in Windows: NT SERVICE\autotimesvc.
Its description is the following:
"This service sets time based on NITZ messages from a Mobile Network"If you want to confirm the above yourself, you can run (from cmd.exe):
sc.exe showsid autotimesvcYou will then be shown the SID of that service and it should match the tatoo'd SID in that SDDL.
This was added to Windows 10 as well as Server 2019. I hope this helps.