PsGetSid - CMD

Overview

PsGetSid is a command-line utility in Windows that displays the Security Identifier (SID) of a specified user or computer account. It can retrieve SIDs for both local and domain accounts. This command is particularly useful in security and administrative tasks where SIDs are required for configuring permissions, troubleshooting account issues, or forensic analysis in security incident responses.

Syntax

PsGetSid [\\computer[,computer[,...] | @file] [-u Username [-p Password]]] [account | SID]
  • \\computer specifies the target computer. PsGetSid can query multiple computers separated by commas or specified in a file.
  • -u Username and -p Password are used to run the command with the credentials of a user who has the necessary rights.
  • account is the login name of the user or the name of the computer whose SID will be retrieved.
  • SID displays the account for that SID.

Options/Flags

  • \\computer – Target one or multiple computers. If omitted, the local computer is used.
  • -u Username – Specifies the user context under which the command should run.
  • -p Password – Specifies the password for the user context.
  • @file – Executes the command against each computer listed in the text file specified.
  • account – Retrieve the SID for this user or computer account.
  • SID – Retrieve the account associated with this SID.

Examples

  1. Retrieve the SID of the local administrator account: 
    PsGetSid administrator
  2. Retrieve the SID of a domain user: 
    PsGetSid domainname\username
  3. Find the user associated with a specific SID: 
    PsGetSid S-1-5-21-1234567890-123456789-1234567890-500
  4. Query multiple computers from a file: 
    PsGetSid @computers.txt

Common Issues

  • Access Denied Error: This occurs when PsGetSid is run without sufficient privileges. Make sure to use -u and -p flags with credentials that have administrative access to the target account or computer.
  • Incorrect Syntax Usage: Users may encounter syntax errors if the command is not formatted correctly. Ensure that parameters are specified in the correct order.

Integration

PsGetSid can be effectively combined with other CMD commands or scripts for deeper system analysis or automation of administrative tasks, such as checking account details or auditing system access:

for /f %i in (computers.txt) do PsGetSid \\%i | findstr /i "S-1-5-21"

This loop checks SIDs on multiple computers, searching for domain-related entries.

  • Get-SID: A PowerShell cmdlet similar in functionality, suitable for scripting and automation within PowerShell scripts.
  • whoami /user: Outputs the current user’s SID.

For more detailed information, visit the Microsoft official documentation or the Sysinternals site.