一、SID简介
SID也就是安全标识符(Security Identifiers),是标识用户、组和计算机帐户的唯一的号码。在第一次创建该帐户时,将给网络上的每一个帐户发布一个唯一的 SID。Windows 2000 中的内部进程将引用帐户的 SID 而不是帐户的用户或组名。如果创建帐户,再删除帐户,然后使用相同的用户名创建另一个帐户,则新帐户将不具有授权给前一个帐户的权力或权限,原因是该帐户 具有不同的 SID 号。安全标识符也被称为安全 ID 或 SID。
一个完整的SID包括:
• 用户和组的安全描述
• 48-bit的ID authority
• 修订版本
• 可变的验证值Variable sub-authority values
例:S-1-5-21-343818398-299502267-839522115-500
参考资料:http://www.5dmail.net/html/2004-8-1/200481181008.htm
二、VBS脚本获取SID
方法一:
Set
objNetwork
=
CreateObject
(
"
Wscript.Network
"
)
strComputer = objNetwork.ComputerName ' 获取当前的机器名
strUserName = objNetwork.UserName ' 获取当前的用户名
Set objLocalSam = GetObject ( " WinNT:// " & strComputer & " / " & strUserName) ' 这里做了修改,scottlocke中默认strUserName为"Administrator"是不保险的
Wscript.echo SIDArray(objLocalSam.objectSID)
Function SIDArray(bar)
' Converts Binary Array into Human readable eg: S-1-5-21-XXXXX-XXXXX-XXXXX-XXX
dim seperator,sid,length
seperator = ""
sid = ""
for length = 1 to lenb(bar)
sid = sid & seperator & right ( " 0 " & hex (ascb(midb(bar,length, 1 ))), 2 )
seperator = " , "
Next
SIDArray = sid
SID = Split (SIDArray, " , " )
' Convert into standard viewable format - little endian format for 4 byte groups
SID1 = (HexToDec( Mid (SID( 15 ), 1 , 1 )) * 268435456 ) + (HexToDec( Mid (SID( 15 ), 2 , 2 )) * 16777216 ) + (HexToDec( Mid (SID( 14 ), 1 , 1 )) * 1048576 ) + (HexToDec( Mid (SID( 14 ), 2 , 2 )) * 65536 ) + (HexToDec( Mid (SID( 13 ), 1 , 1 )) * 4096 ) + (HexToDec( Mid (SID( 13 ), 2 , 2 )) * 256 ) + (HexToDec( Mid (SID( 12 ), 1 , 1 )) * 16 ) + HexToDec( Mid (SID( 12 ), 2 , 2 ))
SID2 = (HexToDec( Mid (SID( 19 ), 1 , 1 )) * 268435456 ) + (HexToDec( Mid (SID( 19 ), 2 , 2 )) * 16777216 ) + (HexToDec( Mid (SID( 18 ), 1 , 1 )) * 1048576 ) + (HexToDec( Mid (SID( 18 ), 2 , 2 )) * 65536 ) + (HexToDec( Mid (SID( 17 ), 1 , 1 )) * 4096 ) + (HexToDec( Mid (SID( 17 ), 2 , 2 )) * 256 ) + (HexToDec( Mid (SID( 16 ), 1 , 1 )) * 16 ) + HexToDec( Mid (SID( 16 ), 2 , 2 ))
SID3 = (HexToDec( Mid (SID( 23 ), 1 , 1 )) * 268435456 ) + (HexToDec( Mid (SID( 23 ), 2 , 2 )) * 16777216 ) + (HexToDec( Mid (SID( 22 ), 1 , 1 )) * 1048576 ) + (HexToDec( Mid (SID( 22 ), 2 , 2 )) * 65536 ) + (HexToDec( Mid (SID( 21 ), 1 , 1 )) * 4096 ) + (HexToDec( Mid (SID( 21 ), 2 , 2 )) * 256 ) + (HexToDec( Mid (SID( 20 ), 1 , 1 )) * 16 ) + HexToDec( Mid (SID( 20 ), 2 , 2 ))
RID = (HexToDec( Mid (SID( 27 ), 1 , 1 )) * 268435456 ) + (HexToDec( Mid (SID( 27 ), 2 , 2 )) * 16777216 ) + (HexToDec( Mid (SID( 26 ), 1 , 1 )) * 1048576 ) + (HexToDec( Mid (SID( 26 ), 2 , 2 )) * 65536 ) + (HexToDec( Mid (SID( 25 ), 1 , 1 )) * 4096 ) + (HexToDec( Mid (SID( 25 ), 2 , 2 )) * 256 ) + (HexToDec( Mid (SID( 24 ), 1 , 1 )) * 16 ) + HexToDec( Mid (SID( 24 ), 2 , 2 ))
' Cheating here by just prepending the S-1-5-21-
SIDArray = " S-1-5-21- " & SID1 & " - " & SID2 & " - " & SID3 & " - " & RID
End Function
Function HexToDec(ByVal sHex)
HexToDec = "" & CLng ( " &H " & sHex)
End Function
strComputer = objNetwork.ComputerName ' 获取当前的机器名
strUserName = objNetwork.UserName ' 获取当前的用户名
Set objLocalSam = GetObject ( " WinNT:// " & strComputer & " / " & strUserName) ' 这里做了修改,scottlocke中默认strUserName为"Administrator"是不保险的
Wscript.echo SIDArray(objLocalSam.objectSID)
Function SIDArray(bar)
' Converts Binary Array into Human readable eg: S-1-5-21-XXXXX-XXXXX-XXXXX-XXX
dim seperator,sid,length
seperator = ""
sid = ""
for length = 1 to lenb(bar)
sid = sid & seperator & right ( " 0 " & hex (ascb(midb(bar,length, 1 ))), 2 )
seperator = " , "
Next
SIDArray = sid
SID = Split (SIDArray, " , " )
' Convert into standard viewable format - little endian format for 4 byte groups
SID1 = (HexToDec( Mid (SID( 15 ), 1 , 1 )) * 268435456 ) + (HexToDec( Mid (SID( 15 ), 2 , 2 )) * 16777216 ) + (HexToDec( Mid (SID( 14 ), 1 , 1 )) * 1048576 ) + (HexToDec( Mid (SID( 14 ), 2 , 2 )) * 65536 ) + (HexToDec( Mid (SID( 13 ), 1 , 1 )) * 4096 ) + (HexToDec( Mid (SID( 13 ), 2 , 2 )) * 256 ) + (HexToDec( Mid (SID( 12 ), 1 , 1 )) * 16 ) + HexToDec( Mid (SID( 12 ), 2 , 2 ))
SID2 = (HexToDec( Mid (SID( 19 ), 1 , 1 )) * 268435456 ) + (HexToDec( Mid (SID( 19 ), 2 , 2 )) * 16777216 ) + (HexToDec( Mid (SID( 18 ), 1 , 1 )) * 1048576 ) + (HexToDec( Mid (SID( 18 ), 2 , 2 )) * 65536 ) + (HexToDec( Mid (SID( 17 ), 1 , 1 )) * 4096 ) + (HexToDec( Mid (SID( 17 ), 2 , 2 )) * 256 ) + (HexToDec( Mid (SID( 16 ), 1 , 1 )) * 16 ) + HexToDec( Mid (SID( 16 ), 2 , 2 ))
SID3 = (HexToDec( Mid (SID( 23 ), 1 , 1 )) * 268435456 ) + (HexToDec( Mid (SID( 23 ), 2 , 2 )) * 16777216 ) + (HexToDec( Mid (SID( 22 ), 1 , 1 )) * 1048576 ) + (HexToDec( Mid (SID( 22 ), 2 , 2 )) * 65536 ) + (HexToDec( Mid (SID( 21 ), 1 , 1 )) * 4096 ) + (HexToDec( Mid (SID( 21 ), 2 , 2 )) * 256 ) + (HexToDec( Mid (SID( 20 ), 1 , 1 )) * 16 ) + HexToDec( Mid (SID( 20 ), 2 , 2 ))
RID = (HexToDec( Mid (SID( 27 ), 1 , 1 )) * 268435456 ) + (HexToDec( Mid (SID( 27 ), 2 , 2 )) * 16777216 ) + (HexToDec( Mid (SID( 26 ), 1 , 1 )) * 1048576 ) + (HexToDec( Mid (SID( 26 ), 2 , 2 )) * 65536 ) + (HexToDec( Mid (SID( 25 ), 1 , 1 )) * 4096 ) + (HexToDec( Mid (SID( 25 ), 2 , 2 )) * 256 ) + (HexToDec( Mid (SID( 24 ), 1 , 1 )) * 16 ) + HexToDec( Mid (SID( 24 ), 2 , 2 ))
' Cheating here by just prepending the S-1-5-21-
SIDArray = " S-1-5-21- " & SID1 & " - " & SID2 & " - " & SID3 & " - " & RID
End Function
Function HexToDec(ByVal sHex)
HexToDec = "" & CLng ( " &H " & sHex)
End Function
参考资料:http://www.scottlocke.net/vbscript-to-retrieve-sid.html
方法二:
Function
ShowSID(strUser)
On Error Resume Next
Dim oWMI, oAs, oA, sSid
Set oWMI = GetObject ( " winmgmts:\\.\root\cimv2 " )
If strUser <> "" Then
Set oAs = oWMI.ExecQuery( " Select SID From Win32_Account " & _
" WHERE SIDType=1 AND Name=' " & strUser & " ' " )
For Each oA In oAs
sSid = Mid (oA.SID, InStrRev (oA.SID, " - " ) + 1 )
WScript.Echo " Short SID: " & sSid & " ( " & HEX (sSid) & " H) "
Next
Else
Set oAs = oWMI.ExecQuery( " Select Name, SID From Win32_Account WHERE SIDType=1 " )
For Each oA In oAs
WScript.Echo " User: " & oA.Name & _
vbCrLf & vbTab & " SID: " & oA.SID
Next
End If
Set oA = Nothing
Set oAs = Nothing
Set oWMI = Nothing
If Err.Number <> 0 Then
WScript.Echo " Error ocurred: " & Err.Description
Err.Clear
End If
End Function
On Error Resume Next
Dim oWMI, oAs, oA, sSid
Set oWMI = GetObject ( " winmgmts:\\.\root\cimv2 " )
If strUser <> "" Then
Set oAs = oWMI.ExecQuery( " Select SID From Win32_Account " & _
" WHERE SIDType=1 AND Name=' " & strUser & " ' " )
For Each oA In oAs
sSid = Mid (oA.SID, InStrRev (oA.SID, " - " ) + 1 )
WScript.Echo " Short SID: " & sSid & " ( " & HEX (sSid) & " H) "
Next
Else
Set oAs = oWMI.ExecQuery( " Select Name, SID From Win32_Account WHERE SIDType=1 " )
For Each oA In oAs
WScript.Echo " User: " & oA.Name & _
vbCrLf & vbTab & " SID: " & oA.SID
Next
End If
Set oA = Nothing
Set oAs = Nothing
Set oWMI = Nothing
If Err.Number <> 0 Then
WScript.Echo " Error ocurred: " & Err.Description
Err.Clear
End If
End Function
本文转自CoderZh博客园博客,原文链接:http://www.cnblogs.com/coderzh/archive/2007/10/17/927315.html,如需转载请自行联系原作者