6 Appendix A: Product Behavior

  • Article

The information in this specification is applicable to the following Microsoft products or supplemental software. References to product versions include updates to those products.

This document specifies version-specific details in the Microsoft .NET Framework. For information about which versions of .NET Framework are available in each released Windows product or as supplemental software, see [MS-NETOD] section 4.

  • Microsoft .NET Framework 2.0

  • Microsoft .NET Framework 3.0

  • Microsoft .NET Framework 3.5

  • Microsoft .NET Framework 4.0

  • Microsoft .NET Framework 4.5

  • Microsoft .NET Framework 4.6

  • Microsoft .NET Framework 4.7

  • Microsoft .NET Framework 4.8

  • Windows 2000 operating system

  • Windows XP operating system

  • Windows Server 2003 operating system

  • Windows Vista operating system

  • Windows Server 2008 operating system

  • Windows 7 operating system

  • Windows Server 2008 R2 operating system

  • Windows 8 operating system

  • Windows Server 2012 operating system

  • Windows 8.1 operating system

  • Windows Server 2012 R2 operating system

  • Windows 10 operating system

  • Windows Server 2016 operating system

  • Windows Server operating system

  • Windows Server 2019 operating system

  • Windows Server 2022 operating system

  • Windows 11 operating system

  • Windows Server 2025 operating system

Exceptions, if any, are noted in this section. If an update version, service pack or Knowledge Base (KB) number appears with a product name, the behavior changed in that update. The new behavior also applies to subsequent updates unless otherwise specified. If a product edition appears with the product version, behavior is different in that product edition.

Unless otherwise specified, any statement of optional behavior in this specification that is prescribed using the terms "SHOULD" or "SHOULD NOT" implies product behavior in accordance with the SHOULD or SHOULD NOT prescription. Unless otherwise specified, the term "MAY" implies that the product does not follow the prescription.

<1> Section 1.5:  A Windows SMTP server and SMTP client use Security Support Provider Interface (SSPI) to obtain and process NTLM messages. For more information on SSPI, see [SSPI].

<2> Section 3.1.4.1: Windows-based email clients that use the ISMTPTransport interface, Microsoft Office Outlook 2003, Microsoft Office Outlook 2007, Microsoft Outlook 2010, and Microsoft Outlook 2013 do not send the NTLM_NEGOTIATE_MESSAGE with the SMTP_AUTH_NTLM_Initiation_Command message.

<3> Section 3.2: Windows 2000, Windows XP, and applicable Windows Server releases support the server role.

<4> Section 3.2.5.2.2: A Windows SMTP server does not permit a client to authenticate using credentials for the user identified as the "BUILTIN\Administrator" account, for security reasons. Internally, the NTLM software reports to the SMTP server that the authentication succeeded, but Windows SMTP then checks the user credentials and fails the authentication, sending the SMTP_AUTH_Fail_Response message even though NTLM actually succeeded the authentication.

For additional information on built-in accounts and groups, see "SID Values For Default Windows NT Installations", [MSKB-163846] as follows.

SID Values For Default Windows NT Installations (163846)

Article information applies to

Microsoft Windows NT Workstation operating system 3.5

Microsoft Windows NT Workstation 3.51

Microsoft Windows NT Workstation 4.0 operating system

Microsoft Windows NT Server 3.5 operating system

Microsoft Windows NT Server 3.51 operating system

Microsoft Windows NT Server 4.0 operating system

This article was previously published under Q163846

SUMMARY

Many User Accounts, Local Groups, and Global Groups have a default Security Identifier (SID) or Relative Identifier (RID) value across all installations of Windows NT. These values can be displayed by using the utility Getsid.exe from the Windows NT Resource Kit.

MORE INFORMATION

The following information was taken from a Domain Controller named DomainName. The default groups differ on a Windows NT Workstation or Server installation, and if they are not a member of a domain, then the computer name would be considered the authority.

The values below that have a full SID value will differ on all installations, but the RID value at the end of the SID is the same across all installations.

NOTE: The values in parentheses is the hexadecimal values of the RID.

Built-In Users

DOMAINNAME\ADMINISTRATOR

S-1-5-21-917267712-1342860078-1792151419-500     (=0x1F4)

DOMAINNAME\GUEST

S-1-5-21-917267712-1342860078-1792151419-501     (=0x1F5)

                                               

Built-In Global Groups

DOMAINNAME\DOMAIN ADMINS

S-1-5-21-917267712-1342860078-1792151419-512     (=0x200)

DOMAINNAME\DOMAIN USERS

S-1-5-21-917267712-1342860078-1792151419-513     (=0x201)

DOMAINNAME\DOMAIN GUESTS

S-1-5-21-917267712-1342860078-1792151419-514     (=0x202)

                                               

Built-In Local Groups

BUILTIN\ADMINISTRATORS     S-1-5-32-544          (=0x220)

BUILTIN\USERS              S-1-5-32-545          (=0x221)

BUILTIN\GUESTS             S-1-5-32-546          (=0x222)

BUILTIN\ACCOUNT OPERATORS  S-1-5-32-548          (=0x224)

BUILTIN\SERVER OPERATORS   S-1-5-32-549          (=0x225)

BUILTIN\PRINT OPERATORS    S-1-5-32-550          (=0x226)

BUILTIN\BACKUP OPERATORS   S-1-5-32-551          (=0x227)

BUILTIN\REPLICATOR         S-1-5-32-552          (=0x228)

                                               

Special Groups

\CREATOR OWNER             S-1-3-0

\EVERYONE                  S-1-1-0

NT AUTHORITY\NETWORK       S-1-5-2

NT AUTHORITY\INTERACTIVE   S-1-5-4

NT AUTHORITY\SYSTEM        S-1-5-18

NT AUTHORITY\authenticated users   S-1-5-11 *

NT AUTHORITY\LOCAL SERVICE S-1-5-19

NT AUTHORITY\NETWORK SERVICE S-1-5-20                           

* For Windows NT 4.0 Service Pack 3 and later only

Modification Type: Major          Last Reviewed: 5/14/2003