Question Is this local security policy setting standard?

Please provide comments and solutions that are helpful to the author of this topic.
J

johnmack

New Member
Thread author
Jun 9, 2025
2
3
3
Hi. I'm currently running Windows 11 Pro 24H2 with windows security version 1000.27840.0.1000. I noticed in my Local Security Policy, under "Impersonate a client after authenitcation", "Generate security audits", and "Bypass traverse checking" that a value that begins with *S-1-5-99-216390572- is included with the default users/groups. The only information I could find is that it refers to
a SECURITY_RESTRICTED_SERVICES_BASE_RID.

A few months ago I had a security issue with my router and have reset and reinstalled everything. I was hoping that someone could provide me feedback and reassurance that this setting is as expected.

Thanks.
 
  • Like
Reactions: rashmi and Jack
Sort by date Sort by votes
Yes, the value beginning with *S-1-5-99-216390572- is a Security Identifier (SID) and it's normal to see such values in the Local Security Policy. The SID you mentioned is associated with SECURITY_RESTRICTED_SERVICES_BASE_RID, which is a standard group for restricted services in Windows. Unless you're experiencing issues, there's no need to worry about this setting. It's a standard part of Windows security.
 
  • Like
Reactions: johnmack and Jack
Upvote 0 Downvote
This is a Well-known security identifiers (SIDs) identify generic groups and generic users. For example, there are well-known SIDs to identify the following groups and users:
  • Everyone or World, which is a group that includes all users.
  • CREATOR_OWNER, which is used as a placeholder in an inheritable ACE. When the ACE is inherited, the system replaces the CREATOR_OWNER SID with the SID of the object's creator.
  • The Administrators group for the built-in domain on the local computer.
There are universal well-known SIDs, which are meaningful on all secure systems using this security model, including operating systems other than Windows. In addition, there are well-known SIDs that are meaningful only on Windows systems.
learn.microsoft.com

Well-known SIDs - Win32 apps

Well-known security identifiers (SIDs) identify generic groups and generic users.
learn.microsoft.com
 
  • Like
  • +Reputation
Reactions: johnmack, rashmi and Jack
Upvote 0 Downvote
Thanks for the reply and clarification. I glad to know that there is nothing to be alarmed about. I wish Microsoft would update the documentation to list that SID as a possible value for "Impersonate a client after authentication" or the rationale behind it.
 
  • Like
Reactions: rashmi
Upvote 0 Downvote

You may also like...