Updated: March 28, 2003
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Sidwalk.exe: Security ID Administration
This command-line tool takes a mapping file as input and scans all the Access Control Lists (ACLs) in the registry, file system, file and print shares, and local group membership. SIDWalk uses the mapping information in the mapping file to either delete or replace every occurrence of an old security identifier (SID) with the corresponding new SID. The same mapping file can be used for SIDWalk conversion on multiple computers.
This tool is part of the Sidwalker Security Administration Tools.
There is no corresponding user interface for this tool.
Access control is implemented by access control lists (ACLs). Every file in the NTFS file system and every registry key has a unique ACL, granting access rights to file resources to users and groups, and defining what specific access rights each is granted. Each user and group is identified in the ACL by a security identifier (SID).
SIDWalk can be run as scheduled batch jobs. It must be run locally on the computer where the access permissions are to be changed. SIDWalk uses Windows NT security APIs (supported on Windows NT 4.0, Windows 2000, and Windows XP) to examine every ACL on every object on the system. It is a CPU and I/O intensive program; plan to run it when system use is otherwise very light and expect significant resource use.
Msvcrt50.dll (found in the \System32 directory)