How can I retrieve a Windows Computer's SID using WMI?

(Ooh, this was a fun one! I went on a wild goose chase, as they say, trying to get the Win32_SID instance, which is a singleton and not enumerable by the usual InstancesOf or Query methods... yadda yadda yadda.)

Well, it depends which computer SID you want (seriously!). There's the SID that the local computer uses for itself... For this, you just need to get the SID of the local Administrator user, and remove the "-500" from the end to get the computer's SID.

In VBScript, it looks like this:

strComputer = "AFAPC001"strUsername = "Administrator"Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")Set objAccount = objWMIService.Get("Win32_UserAccount.Name='" & strUsername & "',Domain='" & strComputer & "'")WScript.Echo "Administrator account SID: " & objAccount.SIDWScript.Echo "Computer's SID: " & Left(objAccount.SID, Len(objAccount.SID) - 4)

In PowerShell, like this:

function get-sid{    Param ( $DSIdentity )    $ID = new-object System.Security.Principal.NTAccount($DSIdentity)    return $ID.Translate( [System.Security.Principal.SecurityIdentifier] ).toString()}> $admin = get-sid "Administrator"> $admin.SubString(0, $admin.Length - 4)

In C# on .NET 3.5:

using System;using System.Security.Principal;using System.DirectoryServices;using System.Linq;public static SecurityIdentifier GetComputerSid(){    return new SecurityIdentifier((byte[])new DirectoryEntry(string.Format("WinNT://{0},Computer", Environment.MachineName)).Children.Cast<DirectoryEntry>().First().InvokeGet("objectSID"), 0).AccountDomainSid;}

Results from all of these match the response I get from PsGetSid.exe.

On the other hand, there's the SID that Active Directory uses to identify each domain member computer... That one you fetch by getting the SID of the machine account in the domain--the one that ends with a dollar sign.

E.g., using the above PowerShell function for a domain member called "CLIENT", you can type get-sid "CLIENT$".

You can simply run reg query HKLM\SOFTWARE\Microsoft\Cryptography /v MachineGuid from Windows command line.

Here is Windows batch file example:

set KEY_REGKEY=HKLM\SOFTWARE\Microsoft\Cryptographyset KEY_REGVAL=MachineGuidREM Check for presence of key first.reg query %KEY_REGKEY% /v %KEY_REGVAL% 2>nul || (echo No theme name present! & exit /b 1)REM query the value. pipe it through findstr in order to find the matching line that has the value. only grab token 3 and the remainder of the line. %%b is what we are interested in here.set KEY_NAME=for /f "tokens=2,*" %%a in ('reg query %KEY_REGKEY% /v %KEY_REGVAL% ^| findstr %KEY_REGVAL%') do (    set KEY_NAME=%%b)echo %KEY_NAME%

Found a tool from microsoft website which can get you the SID easily

http://technet.microsoft.com/en-us/sysinternals/bb897417.aspx

Just download the file, unzip it, open a command prompt and then run psgetsid.exe.

There are some good explanation on SID from microsoft website as well

http://blogs.msdn.com/b/aaron_margosis/archive/2009/11/05/machine-sids-and-domain-sids.aspx