2.4.1 SID_IDENTIFIER_AUTHORITY

The SID_IDENTIFIER_AUTHORITY structure represents the top-level authority of a security identifier (SID).

0	1	2	3	4	5	6	7	8	9	1 0	1	2	3	4	5	6	7	8	9	2 0	1	2	3	4	5	6	7	8	9	3 0	1
Value
...

Value (6 bytes): An array of six 8-bit unsigned integers that specify the top-level authority of a SID, RPC_SID, and LSAPR_SID_INFORMATION.

The identifier authority value identifies the domain security authority that issued the SID. The following identifier authorities are predefined.

Identifier Authority	Meaning
NULL_SID_AUTHORITY {0x00, 0x00, 0x00, 0x00, 0x00, 0x00}	Specifies the NULL SID authority. It defines only the NULL well-known-SID: S-1-0-0.
WORLD_SID_AUTHORITY {0x00, 0x00, 0x00, 0x00, 0x00, 0x01}	Specifies the World SID authority. It only defines the Everyone well-known-SID: S-1-1-0.
LOCAL_SID_AUTHORITY {0x00, 0x00, 0x00, 0x00, 0x00, 0x02}	Specifies the Local SID authority. It defines only the Local well-known-SID: S-1-2-0.
CREATOR_SID_AUTHORITY {0x00, 0x00, 0x00, 0x00, 0x00, 0x03}	Specifies the Creator SID authority. It defines the Creator Owner, Creator Group, and Creator Owner Server well-known-SIDs: S-1-3-0, S-1-3-1, and S-1-3-2. These SIDs are used as placeholders in an access control list (ACL) and are replaced by the user, group, and machine SIDs of the security principal.
NON_UNIQUE_AUTHORITY {0x00, 0x00, 0x00, 0x00, 0x00, 0x04}	Not used.
SECURITY_NT_AUTHORITY {0x00, 0x00, 0x00, 0x00, 0x00, 0x05}	Specifies the Windows NT security subsystem SID authority. It defines all other SIDs in the forest.
SECURITY_MANDATORY_LABEL_AUTHORITY {0x00, 0x00, 0x00, 0x00, 0x00, 0x10}	Specifies the Mandatory label authority. It defines the integrity level SIDs.
SECURITY_APP_PACKAGE_AUTHORITY {0x00, 0x00, 0x00, 0x00, 0x00, 0x0F}	Specifies the application package authority. It defines application capability SIDs.