- 1 year ago
Windows Security Accounts on different languages - Users, Everyone.. - Icacls
When working with Windows Security Accounts in different languages, such as "Users", "Everyone", or "Administrators", you need to be aware of the localized names of these security groups. The names of these built-in security groups can vary depending on the language settings of the Windows system.
To ensure compatibility and avoid issues with language-specific security group names, you can use the well-known security identifiers (SIDs) instead. SIDs are unique identifiers that represent security principals like users, groups, and built-in accounts. They remain consistent across different language settings.
For example, instead of referring to the "Administrators" group by name, you can use the well-known SID for the Administrators group, which is S-1-5-32-544
.
When using the icacls
command-line tool to manage permissions, you can specify the security group or user using their SID rather than their localized name. For example:
shellicacls "C:\Path\to\File.txt" /grant S-1-5-32-544:(RX)
This grants the "Administrators" group (identified by its SID) read and execute permissions to the specified file.
To determine the SIDs for different security groups or users, you can use the whoami
command with the /groups
or /user
option. For example:
shellwhoami /groups
This displays the SIDs and names of the groups you are a member of.
Using SIDs instead of localized names helps ensure consistency and compatibility when working with Windows Security Accounts across different language settings.