How can we help address your security and compliance needs in your server environment?

← Security and Assurance

Publish somewhere, an explanation about new SIDs added in service security descriptors of Windows Server 2019

For example, in Windows Server 2016 1607, the SD SDDL for w32time service (sc sdshow w32time) is:
D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;CCLCSWRPLOCRRC;;;LS)(A;;CCSWWPLORC;;;LS)

Now, in Windows Server 2019 1809, the SD SDDL for w32time service is:
D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;CCLCSWRPLOCRRC;;;LS)(A;;CCSWWPLORC;;;LS)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;S-1-5-80-3169285310-278349998-1452333686-3865143136-4212226833)

What is the identity for this unsolvable SID?
S-1-5-80-3169285310-278349998-1452333686-3865143136-4212226833

1 vote

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Raphael Cardoso shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

1 comment

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Andrew Harris commented  ·   ·  Flag as inappropriate

    Raphael, this SID matches the new Service in Windows: NT SERVICE\autotimesvc.

    Its description is the following:
    "This service sets time based on NITZ messages from a Mobile Network"

    If you want to confirm the above yourself, you can run (from cmd.exe):
    sc.exe showsid autotimesvc

    You will then be shown the SID of that service and it should match the tatoo'd SID in that SDDL.

    This was added to Windows 10 as well as Server 2019. I hope this helps.

Security and Assurance: Misc

Categories

Feedback and Knowledge Base

(thinking…)