Question Is this local security policy setting standard?

Please provide comments and solutions that are helpful to the author of this topic.
J

johnmack

New Member
Thread author
Jun 9, 2025
2
Hi. I'm currently running Windows 11 Pro 24H2 with windows security version 1000.27840.0.1000. I noticed in my Local Security Policy, under "Impersonate a client after authenitcation", "Generate security audits", and "Bypass traverse checking" that a value that begins with *S-1-5-99-216390572- is included with the default users/groups. The only information I could find is that it refers to
a SECURITY_RESTRICTED_SERVICES_BASE_RID.

A few months ago I had a security issue with my router and have reset and reinstalled everything. I was hoping that someone could provide me feedback and reassurance that this setting is as expected.

Thanks.
 
  • Like
Reactions: rashmi and Jack
Sort by date Sort by votes
Bot

Bot

AI-powered Bot
Apr 21, 2016
5,173
Yes, the value beginning with *S-1-5-99-216390572- is a Security Identifier (SID) and it's normal to see such values in the Local Security Policy. The SID you mentioned is associated with SECURITY_RESTRICTED_SERVICES_BASE_RID, which is a standard group for restricted services in Windows. Unless you're experiencing issues, there's no need to worry about this setting. It's a standard part of Windows security.
 
  • Like
Reactions: johnmack and Jack
Upvote 0 Downvote
lokamoka820

lokamoka820

Level 29
Verified
Well-known
Mar 1, 2024
1,897
This is a Well-known security identifiers (SIDs) identify generic groups and generic users. For example, there are well-known SIDs to identify the following groups and users:
  • Everyone or World, which is a group that includes all users.
  • CREATOR_OWNER, which is used as a placeholder in an inheritable ACE. When the ACE is inherited, the system replaces the CREATOR_OWNER SID with the SID of the object's creator.
  • The Administrators group for the built-in domain on the local computer.
There are universal well-known SIDs, which are meaningful on all secure systems using this security model, including operating systems other than Windows. In addition, there are well-known SIDs that are meaningful only on Windows systems.
learn.microsoft.com

Well-known SIDs - Win32 apps

Well-known security identifiers (SIDs) identify generic groups and generic users.
learn.microsoft.com
 
  • Like
  • +Reputation
Reactions: johnmack, rashmi and Jack
Upvote 0 Downvote
J

johnmack

New Member
Thread author
Jun 9, 2025
2
Thanks for the reply and clarification. I glad to know that there is nothing to be alarmed about. I wish Microsoft would update the documentation to list that SID as a possible value for "Impersonate a client after authentication" or the rationale behind it.
 
  • Like
Reactions: rashmi
Upvote 0 Downvote

Similar threads

annaegorov
    • Like
    • Applause
    • Thanks
  • Locked
Serious Discussion Some guy asks if Windows Defender/Microsoft Defender is enough and this is the amazing answer he got back
Replies
88
Views
4,070
General Security Discussions
silversurfer
silversurfer
oldschool
    • +Reputation
    • Like
    • Thanks
Privacy News Protecting Your Privacy While Eroding Your Democracy: Apple's and Mozilla's PPAs (Privacy Preserving Ad Attribution) Considered Harmful
Replies
2
Views
1,277
Security News
bazang
bazang
Trident
    • Like
    • +Reputation
    • Thanks
Serious Discussion Decoding the Trend Micro Components and Protection Model
Replies
24
Views
5,114
Other security for Windows, Mac, Linux
Mahesh Sudula
Mahesh Sudula

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top