Security Identifiers, or SIDs for short, are used to uniquely identify user and group accounts in Windows. They can be found in tokens (Item 16), in ACLs (Item 43), and in security account databases (Item 12). Most Windows programmers are already familiar with another unique ID, the GUID (or UUID), which is a 128-bit randomly generated identifier used extensively in COM programming. A GUID generated on any machine at any time will be unique from any other GUID because of the large random space from which GUIDs are generated.

The SID is conceptually similar to the GUID in that it also provides uniqueness in space and time. Uniqueness in space is achieved by a 96-bit machine identifier generated at the time the Windows ...