一、SID簡介
SID也就是安全辨別符(Security Identifiers),是辨別使用者、組和計算機帳戶的唯一的号碼。在第一次建立該帳戶時,将給網絡上的每一個帳戶釋出一個唯一的 SID。Windows 2000 中的内部程序将引用帳戶的 SID 而不是帳戶的使用者或組名。如果建立帳戶,再删除帳戶,然後使用相同的使用者名建立另一個帳戶,則新帳戶将不具有授權給前一個帳戶的權力或權限,原因是該帳戶 具有不同的 SID 号。安全辨別符也被稱為安全 ID 或 SID。
一個完整的SID包括:
• 使用者群組的安全描述
• 48-bit的ID authority
• 修訂版本
• 可變的驗證值Variable sub-authority values
例:S-1-5-21-343818398-299502267-839522115-500
二、VBS腳本擷取SID
方法一:
Set objNetwork = CreateObject("Wscript.Network")
strComputer = objNetwork.ComputerName'擷取目前的機器名
strUserName=objNetwork.UserName'擷取目前的使用者名
Set objLocalSam =GetObject("WinNT://" & strComputer & "/" & strUserName)'這裡做了修改,scottlocke中預設strUserName為"Administrator"是不保險的
Wscript.echo SIDArray(objLocalSam.objectSID)
Function SIDArray(bar)
' Converts Binary Array into Human readable eg: S-1-5-21-XXXXX-XXXXX-XXXXX-XXX
dim seperator,sid,length
seperator = ""
sid = ""
for length = 1 to lenb(bar)
sid = sid & seperator & right("0" & hex(ascb(midb(bar,length,1))),2)
seperator = ","
Next
SIDArray = sid
SID = Split(SIDArray,",")
' Convert into standard viewable format - little endian format for 4 byte groups
SID1 = (HexToDec(Mid(SID(15), 1, 1))*268435456) + (HexToDec(Mid(SID(15), 2, 2))*16777216) + (HexToDec(Mid(SID(14), 1, 1))*1048576) + (HexToDec(Mid(SID(14), 2, 2))*65536) + (HexToDec(Mid(SID(13), 1, 1))*4096) + (HexToDec(Mid(SID(13), 2, 2))*256) + (HexToDec(Mid(SID(12), 1, 1))*16) + HexToDec(Mid(SID(12), 2, 2))
SID2 = (HexToDec(Mid(SID(19), 1, 1))*268435456) + (HexToDec(Mid(SID(19), 2, 2))*16777216) + (HexToDec(Mid(SID(18), 1, 1))*1048576) + (HexToDec(Mid(SID(18), 2, 2))*65536) + (HexToDec(Mid(SID(17), 1, 1))*4096) + (HexToDec(Mid(SID(17), 2, 2))*256) + (HexToDec(Mid(SID(16), 1, 1))*16) + HexToDec(Mid(SID(16), 2, 2))
SID3 = (HexToDec(Mid(SID(23), 1, 1))*268435456) + (HexToDec(Mid(SID(23), 2, 2))*16777216) + (HexToDec(Mid(SID(22), 1, 1))*1048576) + (HexToDec(Mid(SID(22), 2, 2))*65536) + (HexToDec(Mid(SID(21), 1, 1))*4096) + (HexToDec(Mid(SID(21), 2, 2))*256) + (HexToDec(Mid(SID(20), 1, 1))*16) + HexToDec(Mid(SID(20), 2, 2))
RID = (HexToDec(Mid(SID(27), 1, 1))*268435456) + (HexToDec(Mid(SID(27), 2, 2))*16777216) + (HexToDec(Mid(SID(26), 1, 1))*1048576) + (HexToDec(Mid(SID(26), 2, 2))*65536) + (HexToDec(Mid(SID(25), 1, 1))*4096) + (HexToDec(Mid(SID(25), 2, 2))*256) + (HexToDec(Mid(SID(24), 1, 1))*16) + HexToDec(Mid(SID(24), 2, 2))
' Cheating here by just prepending the S-1-5-21-
SIDArray = "S-1-5-21-" & SID1 & "-" & SID2 & "-" & SID3 & "-" & RID
End Function
Function HexToDec(ByVal sHex)
HexToDec = "" & CLng("&H" & sHex)
End Function
方法二:
Function ShowSID(strUser)
On Error Resume Next
Dim oWMI, oAs, oA, sSid
Set oWMI = GetObject("winmgmts:\\.\root\cimv2")
If strUser <> "" Then
Set oAs = oWMI.ExecQuery("Select SID From Win32_Account" & _
" WHERE SIDType=1 AND Name='" & strUser & "'")
For Each oA In oAs
sSid= Mid(oA.SID, InStrRev(oA.SID, "-") + 1)
WScript.Echo "Short SID: " & sSid & " (" & HEX(sSid) & "H)"
Next
Else
Set oAs = oWMI.ExecQuery("Select Name, SID From Win32_Account WHERE SIDType=1")
WScript.Echo "User: " & oA.Name & _
vbCrLf & vbTab & "SID: " & oA.SID
End If
Set oA = Nothing
Set oAs = Nothing
Set oWMI = Nothing
If Err.Number <> 0 Then
WScript.Echo "Error ocurred: " & Err.Description
Err.Clear
本文轉自CoderZh部落格園部落格,原文連結:http://www.cnblogs.com/coderzh/archive/2007/10/17/927315.html,如需轉載請自行聯系原作者