| AccountAdministratorSid | 38 | the account administrators group. |
| AccountCertAdminsSid | 46 | the certificate administrators group. |
| AccountComputersSid | 44 | the account computer group. |
| AccountControllersSid | 45 | the account controller group. |
| AccountDomainAdminsSid | 41 | the account domain administrator group. |
| AccountDomainGuestsSid | 43 | the account domain guests group. |
| AccountDomainUsersSid | 42 | the account domain users group. |
| AccountEnterpriseAdminsSid | 48 | the enterprise administrators group. |
| AccountGuestSid | 39 | the account guest group. |
| AccountKrbtgtSid | 40 | the account Kerberos target group. |
| AccountPolicyAdminsSid | 49 | the policy administrators group. |
| AccountRasAndIasServersSid | 50 | the RAS and IAS server account. |
| AccountSchemaAdminsSid | 47 | the schema administrators group. |
| AnonymousSid | 13 | the anonymous account. |
| AuthenticatedUserSid | 17 | an authenticated user. |
| BatchSid | 10 | a batch process. This SID is added to the process of a token when it logs on as a batch job. |
| BuiltinAccountOperatorsSid | 30 | the account operators account. |
| BuiltinAdministratorsSid | 26 | the administrator account. |
| BuiltinAuthorizationAccessSid | 59 | the Windows Authorization Access group. |
| BuiltinBackupOperatorsSid | 33 | the backup operators group. |
| BuiltinDomainSid | 25 | the domain account. |
| BuiltinGuestsSid | 28 | the guest account. |
| BuiltinIncomingForestTrustBuildersSid | 56 | Indicates a SID that allows a user to create incoming forest trusts. It is added to the token of users who are a member of the Incoming Forest Trust Builders built-in group in the root domain of the forest. |
| BuiltinNetworkConfigurationOperatorsSid | 37 | the network operators group. |
| BuiltinPerformanceLoggingUsersSid | 58 | the group of users that have remote access to monitor the computer. |
| BuiltinPerformanceMonitoringUsersSid | 57 | the group of users that have remote access to schedule logging of performance counters on this computer. |
| BuiltinPowerUsersSid | 29 | the power users group. |
| BuiltinPreWindows2000CompatibleAccessSid | 35 | pre-Windows 2000 compatible accounts. |
| BuiltinPrintOperatorsSid | 32 | the print operators group. |
| BuiltinRemoteDesktopUsersSid | 36 | remote desktop users. |
| BuiltinReplicatorSid | 34 | the replicator account. |
| BuiltinSystemOperatorsSid | 31 | the system operators group. |
| BuiltinUsersSid | 27 | built-in user accounts. |
| CreatorGroupServerSid | 6 | Indicates a creator group server SID. |
| CreatorGroupSid | 4 | the creator group of an object. |
| CreatorOwnerServerSid | 5 | Indicates a creator owner server SID. |
| CreatorOwnerSid | 3 | the owner or creator of an object. |
| DialupSid | 8 | a dial-up account. |
| DigestAuthenticationSid | 52 | Indicates a SID present when the Microsoft Digest authentication package authenticated the client. |
| EnterpriseControllersSid | 15 | an enterprise controller. |
| InteractiveSid | 11 | an interactive account. This SID is added to the process of a token when it logs on interactively. |
| LocalServiceSid | 23 | a local service. |
| LocalSid | 2 | Indicates a local SID. |
| LocalSystemSid | 22 | the local system. |
| LogonIdsSid | 21 | logon IDs. |
| MaxDefined | 60 | Indicates the maximum defined SID in the WellKnownSidType enumeration. |
| NetworkServiceSid | 24 | a network service. |
| NetworkSid | 9 | a network account. This SID is added to the process of a token when it logs on across a network. |
| NTAuthoritySid | 7 | the Windows NT authority. |
| NtlmAuthenticationSid | 51 | Indicates a SID present when the Microsoft NTLM authentication package authenticated the client. |
| NullSid | 0 | Indicates a null SID. |
| OtherOrganizationSid | 55 | Indicates a SID present when the user authenticated across a forest with the selective authentication option enabled. If this SID is present, then ThisOrganizationSid cannot be present. |
| ProxySid | 14 | Indicates a proxy SID. |
| RemoteLogonIdSid | 20 | remote logons. |
| RestrictedCodeSid | 18 | restricted code. |
| SChannelAuthenticationSid | 53 | Indicates a SID present when the Secure Channel (SSL/TLS) authentication package authenticated the client. |
| SelfSid | 16 | self. |
| ServiceSid | 12 | a service. This SID is added to the process of a token when it logs on as a service. |
| TerminalServerSid | 19 | a terminal server account. |
| ThisOrganizationSid | 54 | Indicates a SID present when the user authenticated from within the forest or across a trust that does not have the selective authentication option enabled. If this SID is present, then OtherOrganizationSid cannot be present. |
| WinAccountReadonlyControllersSid | 75 | an account read-only controllers group. |
| WinApplicationPackageAuthoritySid | 83 | the application package authority. |
| WinBuiltinAnyPackageSid | 84 | Indicates a SID that applies to all app containers. |
| WinBuiltinCertSvcDComAccessGroup | 78 | the built-in DCOM certification services access group. |
| WinBuiltinCryptoOperatorsSid | 64 | Indicates a SID that allows a user to use cryptographic operations. It is added to the token of users who are a member of the CryptoOperators built-in group. |
| WinBuiltinDCOMUsersSid | 61 | the distributed COM user group. |
| WinBuiltinEventLogReadersGroup | 76 | an event log readers group. |
| WinBuiltinIUsersSid | 62 | the Internet built-in user group. |
| WinBuiltinTerminalServerLicenseServersSid | 60 | Indicates a SID is present in a server that can issue Terminal Server licenses. |
| WinCacheablePrincipalsGroupSid | 72 | a cacheable principals group. |
| WinCapabilityDocumentsLibrarySid | 91 | documents library capability for app containers. |
| WinCapabilityEnterpriseAuthenticationSid | 93 | Windows credentials capability for app containers. |
| WinCapabilityInternetClientServerSid | 86 | Indicates a SID of Internet client and server capability for app containers. |
| WinCapabilityInternetClientSid | 85 | Indicates a SID of Internet client capability for app containers. |
| WinCapabilityMusicLibrarySid | 90 | music library capability for app containers. |
| WinCapabilityPicturesLibrarySid | 88 | pictures library capability for app containers. |
| WinCapabilityPrivateNetworkClientServerSid | 87 | Indicates a SID of private network client and server capability for app containers. |
| WinCapabilityRemovableStorageSid | 94 | removable storage capability for app containers. |
| WinCapabilitySharedUserCertificatesSid | 92 | shared user certificates capability for app containers. |
| WinCapabilityVideosLibrarySid | 89 | videos library capability for app containers. |
| WinConsoleLogonSid | 81 | a console logon group. |
| WinCreatorOwnerRightsSid | 71 | a creator and owner rights group. |
| WinEnterpriseReadonlyControllersSid | 74 | an enterprise wide read-only controllers group. |
| WinHighLabelSid | 68 | a high level of trust label. |
| WinIUserSid | 63 | the Internet user group. |
| WinLocalLogonSid | 80 | a local logon group. |
| WinLowLabelSid | 66 | an low level of trust label. |
| WinMediumLabelSid | 67 | an medium level of trust label. |
| WinMediumPlusLabelSid | 79 | the medium plus integrity label. |
| WinNewEnterpriseReadonlyControllersSid | 77 | a read-only enterprise domain controller. |
| WinNonCacheablePrincipalsGroupSid | 73 | a non-cacheable principals group. |
| WinSystemLabelSid | 69 | a system label. |
| WinThisOrganizationCertificateSid | 82 | a certificate for the given organization. |
| WinUntrustedLabelSid | 65 | an untrusted label. |
| WinWriteRestrictedCodeSid | 70 | a write restricted code group. |
| WorldSid | 1 | everyone. |