Saturday, March 8, 2008

The importance of an account's SID

I keep highlighting to developers that an account's SID is more important than the other attributes. This is something that any IT professional or developer or DBA should take seriously. Take for instance a Windows account that was created for a user. The user manages to log in to a workstation and creates his or her documents and saves it in a personal folder. Accidentally, the account got deleted. Your approach will be to recreate the account so that the user can log back in. Logging back in is one thing but accessing the user's documents is another. You see, even if they assign the same account and password, the system sees a different SID. The user will not be able to access the documents unless an administrator takes ownership of the documents and assign the user as the new owner. Another application of this concept is in databases. Imagine trying to backup a database and restoring it on a different server. You may be able to restore the database but the users assigned to access the database won't be able to do so. Again, it's an SID issue. Which is why part of database disaster recovery plan is to include these accounts together with their SIDs so that you won't be having difficulty restoring and accessing those databases when needed

No comments:

Google