Thursday, 28 July 2016

The security identifier of the "NT SERVICE\WdiServiceHost" account is "S-1-5-80-3139157870-2983391045-3678747466-658725712-1809340420"

This week we have been working on support for PCI-DSS and CIS compliance auditing.

One of the CIS server requirements is to ensure that the following is configured

2.2.34 Set 'Profile system performance' to 'Administrators, NT SERVICE\WdiServiceHost' (Scored)


Rather than code string values into the product (which can cause problems with foreign language operating system installations) we use the well known security identifiers of these built in accounts.

The security identifier of the "NT SERVICE\WdiServiceHost" account does not appear to be documented (well not easily found anyway) so here it is.

The security identifier of the "NT SERVICE\WdiServiceHost" account is "S-1-5-80-3139157870-2983391045-3678747466-658725712-1809340420"

This has been tested on

  • Windows Server 2008 R2
  • Windows Sever 2012
  • Windows Server 2012 R2
  • Windows 10

No comments:

Post a Comment