diff --git a/windows/keep-secure/active-directory-accounts.md b/windows/keep-secure/active-directory-accounts.md
index 6594344d4d..3b4ee0e979 100644
--- a/windows/keep-secure/active-directory-accounts.md
+++ b/windows/keep-secure/active-directory-accounts.md
@@ -68,7 +68,7 @@ In Active Directory, default local accounts are used by administrators to manage
Each default local account is automatically assigned to a security group that is preconfigured with the appropriate rights and permissions to perform specific tasks. Active Directory security groups collect user accounts, computer accounts, and other groups into manageable units. For more information, see [Active Directory Security Groups](active-directory-security-groups.md).
-On an Active Directory domain controller, each default local account is referred to as a security principal. A security principal is a directory object that is used to secure and manage Active Directory services that provide access to domain controller resources. A security principal includes objects such as user accounts, computer accounts, security groups, or the threads or processes that run in the security context of a user or computer account. For more information, see [Security Principals Technical Overview](security-principals.md).
+On an Active Directory domain controller, each default local account is referred to as a security principal. A security principal is a directory object that is used to secure and manage Active Directory services that provide access to domain controller resources. A security principal includes objects such as user accounts, computer accounts, security groups, or the threads or processes that run in the security context of a user or computer account. For more information, see [Security Principals](security-principals.md).
A security principal is represented by a unique security identifier (SID).The SIDs that are related to each of the default local accounts in Active Directory are described in the sections below.
@@ -350,7 +350,7 @@ Because it is impossible to predict the specific errors that will occur for any
**Important**
Rebooting a computer is the only reliable way to recover functionality as this will cause both the computer account and user accounts to log back in again. Logging in again will request new TGTs that are valid with the new KRBTGT, correcting any KRBTGT related operational issues on that computer.
-
+For information about how to help mitigate the risks associated with a potentially compromised KRBTGT account, see [KRBTGT Account Password Reset Scripts now available for customers](http://blogs.microsoft.com/cybertrust/2015/02/11/krbtgt-account-password-reset-scripts-now-available-for-customers/).
### Read-only domain controllers and the KRBTGT account
@@ -474,7 +474,7 @@ Each default local account in Active Directory has a number of account settings
Provides support for the Data Encryption Standard (DES). DES supports multiple levels of encryption, including Microsoft Point-to-Point Encryption (MPPE) Standard (40-bit and 56-bit), MPPE standard (56-bit), MPPE Strong (128-bit), Internet Protocol security (IPSec) DES (40-bit), IPSec 56-bit DES, and IPSec Triple DES (3DES).
Note
- DES is not enabled by default in Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows 7, Windows 8, and Windows 8.1. For these operating systems, you must configure your computers to use the DES-CBC-MD5 or DES-CBC-CRC cipher suites. If your environment requires DES, then this setting might affect compatibility with client computers or services and applications in your environment. For more information, see [Hunting down DES in order to securely deploy Kerberos](http://blogs.technet.com/b/askds/archive/2010/10/19/hunting-down-des-in-order-to-securely-deploy-kerberos.aspx).
+ DES is not enabled by default in Windows Server operating systems starting with Windows Server 2008 R2, nor in Windows client operating systems starting with Windows 7. For these operating systems, computers will not use DES-CBC-MD5 or DES-CBC-CRC cipher suites by default. If your environment requires DES, then this setting might affect compatibility with client computers or services and applications in your environment. For more information, see [Hunting down DES in order to securely deploy Kerberos](http://blogs.technet.com/b/askds/archive/2010/10/19/hunting-down-des-in-order-to-securely-deploy-kerberos.aspx).
@@ -571,7 +571,7 @@ If the administrators in your environment can sign in locally to managed servers
- **Better**. Do not grant administrators membership in the local Administrator group on the computer in order to restrict the administrator from bypassing these protections.
-- **Ideal**. Restrict workstations from having any network connectivity, except for the domain controllers and servers that the administrator accounts are used to manage. Alternately, use AppLocker application control policies to restrict all applications from running, except for the operating system and approved administrative tools and applications. For more information about AppLocker, see [AppLocker Overview](http://technet.microsoft.com/library/hh831440.aspx).
+- **Ideal**. Restrict workstations from having any network connectivity, except for the domain controllers and servers that the administrator accounts are used to manage. Alternately, use AppLocker application control policies to restrict all applications from running, except for the operating system and approved administrative tools and applications. For more information about AppLocker, see [AppLocker](applocker-overview.md).
The following procedure describes how to block Internet access by creating a Group Policy Object (GPO) that configures an invalid proxy address on administrative workstations. These instructions apply only to computers running Internet Explorer and other Windows components that use these proxy settings.
@@ -584,7 +584,7 @@ In this procedure, the workstations are dedicated to domain administrators. By s
2. Create computer accounts for the new workstations.
- > **Note** You might have to delegate permissions to join the domain by using [KB 932455](http://support.microsoft.com/kb/932455) if the account that joins the workstations to the domain does not already have permissions to join computers to the domain.
+ > **Note** You might have to delegate permissions to join computers to the domain if the account that joins the workstations to the domain does not already have them. For more information, see [Delegation of Administration in Active Directory](http://social.technet.microsoft.com/wiki/contents/articles/20292.delegation-of-administration-in-active-directory.aspx).
@@ -846,14 +846,6 @@ In addition, installed applications and management agents on domain controllers
## See also
+- [Security Principals](security-principals.md)
-[Security Principals Technical Overview](security-principals.md)
-
-
-
-
-
-
-
-
-
+- [Access Control Overview](access-control.md)
diff --git a/windows/keep-secure/active-directory-security-groups.md b/windows/keep-secure/active-directory-security-groups.md
index 195b7371a2..630308945a 100644
--- a/windows/keep-secure/active-directory-security-groups.md
+++ b/windows/keep-secure/active-directory-security-groups.md
@@ -986,7 +986,7 @@ This security group has not changed since Windows Server 2008.
Members of the Cloneable Domain Controllers group that are domain controllers may be cloned. In Windows Server 2012 R2 and Windows Server 2012, you can deploy domain controllers by copying an existing virtual domain controller. In a virtual environment, you no longer have to repeatedly deploy a server image that is prepared by using sysprep.exe, promote the server to a domain controller, and then complete additional configuration requirements for deploying each domain controller (including adding the virtual domain controller to this security group).
-For more information, see [Introduction to Active Directory Domain Services (AD DS) Virtualization (Level 100)](https://technet.microsoft.com/en-us/library/hh831734.aspx).
+For more information, see [Introduction to Active Directory Domain Services (AD DS) Virtualization (Level 100)](https://technet.microsoft.com/library/hh831734.aspx).
This security group was introduced in Windows Server 2012, and it has not changed in subsequent versions.
@@ -1302,7 +1302,7 @@ This security group has not changed since Windows Server 2008.
Members of DNSAdmins group have access to network DNS information. The default permissions are as follows: Allow: Read, Write, Create All Child objects, Delete Child objects, Special Permissions.
-For information about other means to secure the DNS server service, see [Securing the DNS Server Service](http://technet.microsoft.com/library/cc731367.aspx).
+For more information about security and DNS, see [DNSSEC in Windows Server 2012](https://technet.microsoft.com/library/dn593694(v=ws.11).aspx).
This security group has not changed since Windows Server 2008.
@@ -1742,7 +1742,7 @@ Members of this group are Read-Only Domain Controllers in the enterprise. Except
Read-only domain controllers address some of the issues that are commonly found in branch offices. These locations might not have a domain controller. Or, they might have a writable domain controller, but not the physical security, network bandwidth, or local expertise to support it.
-For more information, see [AD DS: Read-Only Domain Controllers](http://technet.microsoft.com/library/cc732801.aspx).
+For more information, see [What Is an RODC?](https://technet.microsoft.com/library/cc771030.aspx).
The Enterprise Read-Only Domain Controllers group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable).
@@ -1866,7 +1866,7 @@ This security group has not changed since Windows Server 2008.
This group is authorized to create, edit, or delete Group Policy Objects in the domain. By default, the only member of the group is Administrator.
-For information about other features you can use with this security group, see [Group Policy Planning and Deployment Guide](http://technet.microsoft.com/library/cc754948.aspx).
+For information about other features you can use with this security group, see [Group Policy Overview](https://technet.microsoft.com/library/hh831791.aspx).
The Group Policy Creators Owners group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable).
@@ -2525,7 +2525,7 @@ This group has no default members. Because members of this group can load and un
The Print Operators group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable).
-This security group has not changed since Windows Server 2008. However, in Windows Server 2008 R2, functionality was added to manage print administration. For more information, see [Assigning Delegated Print Administrator and Printer Permission Settings in Windows Server 2008 R2](http://technet.microsoft.com/library/ee524015(WS.10).aspx).
+This security group has not changed since Windows Server 2008. However, in Windows Server 2008 R2, functionality was added to manage print administration. For more information, see [Assign Delegated Print Administrator and Printer Permission Settings in Windows Server 2012](https://technet.microsoft.com/library/jj190062(v=ws.11).aspx).
@@ -2602,7 +2602,7 @@ Depending on the account’s domain functional level, members of the Protected U
The Protected Users group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable).
-This group was introduced in Windows Server 2012 R2. For more information about how this group works, see [Protected Users Security Group](https://technet.microsoft.com/en-us/library/dn466518.aspx).
+This group was introduced in Windows Server 2012 R2. For more information about how this group works, see [Protected Users Security Group](https://technet.microsoft.com/library/dn466518.aspx).
The following table specifies the properties of the Protected Users group.
@@ -2724,7 +2724,7 @@ This security group has not changed since Windows Server 2008.
Servers that are members in the RDS Endpoint Servers group can run virtual machines and host sessions where user RemoteApp programs and personal virtual desktops run. This group needs to be populated on servers running RD Connection Broker. Session Host servers and RD Virtualization Host servers used in the deployment need to be in this group.
-For information about Remote Desktop Services, see [Remote Desktop Services Design Guide](http://technet.microsoft.com/library/gg750997.aspx).
+For information about Remote Desktop Services, see [Host desktops and apps in Remote Desktop Services](https://technet.microsoft.com/library/mt718499.aspx).
This security group was introduced in Windows Server 2012, and it has not changed in subsequent versions.
@@ -2844,7 +2844,7 @@ This security group was introduced in Windows Server 2012, and it has not chang
Servers in the RDS Remote Access Servers group provide users with access to RemoteApp programs and personal virtual desktops. In Internet facing deployments, these servers are typically deployed in an edge network. This group needs to be populated on servers running RD Connection Broker. RD Gateway servers and RD Web Access servers that are used in the deployment need to be in this group.
-For information about RemoteApp programs, see [Overview of RemoteApp](http://technet.microsoft.com/library/cc755055.aspx)
+For more information, see [Host desktops and apps in Remote Desktop Services](https://technet.microsoft.com/library/mt718499.aspx).
This security group was introduced in Windows Server 2012, and it has not changed in subsequent versions.
@@ -2978,7 +2978,7 @@ Because administration of a Read-only domain controller can be delegated to a do
- Read-only Domain Name System (DNS)
-For information about deploying a Read-only domain controller, see [Read-Only Domain Controllers Step-by-Step Guide](http://technet.microsoft.com/library/cc772234.aspx).
+For information about deploying a Read-only domain controller, see [Understanding Planning and Deployment for Read-Only Domain Controllers](https://technet.microsoft.com/library/cc754719(v=ws.10).aspx).
This security group was introduced in Windows Server 2008, and it has not changed in subsequent versions.
@@ -3041,7 +3041,7 @@ Members of the Remote Management Users group can access WMI resources over manag
The Remote Management Users group is generally used to allow users to manage servers through the Server Manager console, whereas the [WinRMRemoteWMIUsers\_](#bkmk-winrmremotewmiusers-) group is allows remotely running Windows PowerShell commands.
-For more information, see [WS-Management Protocol (Windows)](http://msdn.microsoft.com/library/aa384470.aspx) and [About WMI (Windows)](http://msdn.microsoft.com/library/aa384642.aspx).
+For more information, see [What's New in MI?](https://msdn.microsoft.com/library/jj819828(v=vs.85).aspx) and [About WMI](http://msdn.microsoft.com/library/aa384642.aspx).
This security group was introduced in Windows Server 2012, and it has not changed in subsequent versions.
@@ -3105,9 +3105,10 @@ Computers that are members of the Replicator group support file replication in a
**Important**
In Windows Server 2008 R2, FRS cannot be used for replicating DFS folders or custom (non-SYSVOL) data. A Windows Server 2008 R2 domain controller can still use FRS to replicate the contents of a SYSVOL shared resource in a domain that uses FRS for replicating the SYSVOL shared resource between domain controllers.
-However, Windows Server 2008 R2 servers cannot use FRS to replicate the contents of any replica set apart from the SYSVOL shared resource. The DFS Replication service is a replacement for FRS, and it can be used to replicate the contents of a SYSVOL shared resource, DFS folders, and other custom (non-SYSVOL) data. You should migrate all non-SYSVOL FRS replica sets to DFS Replication. For more information, see [File Replication Service (FRS) Is Deprecated in Windows Server 2008 R2 (Windows).](http://msdn.microsoft.com/library/windows/desktop/ff384840.aspx)
+However, Windows Server 2008 R2 servers cannot use FRS to replicate the contents of any replica set apart from the SYSVOL shared resource. The DFS Replication service is a replacement for FRS, and it can be used to replicate the contents of a SYSVOL shared resource, DFS folders, and other custom (non-SYSVOL) data. You should migrate all non-SYSVOL FRS replica sets to DFS Replication. For more information, see:
-
+- [File Replication Service (FRS) Is Deprecated in Windows Server 2008 R2 (Windows)](http://msdn.microsoft.com/library/windows/desktop/ff384840.aspx)
+- [DFS Namespaces and DFS Replication Overview](https://technet.microsoft.com/library/jj127250(v=ws.11).aspx)
This security group has not changed since Windows Server 2008.
@@ -3581,21 +3582,10 @@ This security group was introduced in Windows Server 2012, and it has not chang
-
-
## See also
+- [Security Principals](security-principals.md)
-[Security Principals Technical Overview](security-principals.md)
-
-
-[Special Identities](special-identities.md)
-
-
-
-
-
-
-
-
+- [Special Identities](special-identities.md)
+- [Access Control Overview](access-control.md)
diff --git a/windows/keep-secure/dynamic-access-control.md b/windows/keep-secure/dynamic-access-control.md
index c3cdcb2c32..643a78aa1c 100644
--- a/windows/keep-secure/dynamic-access-control.md
+++ b/windows/keep-secure/dynamic-access-control.md
@@ -132,16 +132,8 @@ If clients do not recognize Dynamic Access Control, there must be a two-way trus
If claims are transformed when they leave a forest, all domain controllers in the user’s forest root must be set at the Windows Server 2012 or higher functional level.
-A file server running Windows Server 2012 or Windows Server 2012 R2 must have a Group Policy setting that specifies whether it needs to get user claims for user tokens that do not carry claims. This setting is set by default to **Automatic**, which results in this Group Policy setting to be turned **On** if there is a central policy that contains user or device claims for that file server. If the file server contains discretionary ACLs that include user claims, you need to set this Group Policy to **On** so that the server knows to request claims on behalf of users that do not provide claims when they access the server.
-
-## Additional resource
-
-[Access control overview](access-control.md)
-
-
-
-
-
-
+A file server running a server operating system that supports Dyamic Access Control must have a Group Policy setting that specifies whether it needs to get user claims for user tokens that do not carry claims. This setting is set by default to **Automatic**, which results in this Group Policy setting to be turned **On** if there is a central policy that contains user or device claims for that file server. If the file server contains discretionary ACLs that include user claims, you need to set this Group Policy to **On** so that the server knows to request claims on behalf of users that do not provide claims when they access the server.
+## See also
+- [Access control overview](access-control.md)
diff --git a/windows/keep-secure/event-1102.md b/windows/keep-secure/event-1102.md
index ed03fdf472..388c844391 100644
--- a/windows/keep-secure/event-1102.md
+++ b/windows/keep-secure/event-1102.md
@@ -70,7 +70,7 @@ This event generates every time Windows Security audit log was cleared.
- **Security ID** \[Type = SID\]**:** SID of account that cleared the system security audit log. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that cleared the system security audit log.
diff --git a/windows/keep-secure/event-4611.md b/windows/keep-secure/event-4611.md
index 4cd9e414e5..a60837e067 100644
--- a/windows/keep-secure/event-4611.md
+++ b/windows/keep-secure/event-4611.md
@@ -75,7 +75,7 @@ You typically see these events during operating system startup or user logon and
- **Security ID** \[Type = SID\]**:** SID of account that registered the trusted logon process. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that registered the trusted logon process.
diff --git a/windows/keep-secure/event-4616.md b/windows/keep-secure/event-4616.md
index 3be067d588..c1a78f4055 100644
--- a/windows/keep-secure/event-4616.md
+++ b/windows/keep-secure/event-4616.md
@@ -82,7 +82,7 @@ You will typically see these events with “**Subject\\Security ID**” = “**L
- **Security ID** \[Type = SID\]**:** SID of account that requested the “change system time” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “change system time” operation.
diff --git a/windows/keep-secure/event-4624.md b/windows/keep-secure/event-4624.md
index 3cb4f0c190..69598d3991 100644
--- a/windows/keep-secure/event-4624.md
+++ b/windows/keep-secure/event-4624.md
@@ -115,7 +115,7 @@ This event generates when a logon session is created (on destination machine). I
- **Security ID** \[Type = SID\]**:** SID of account that reported information about successful logon or invokes it. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that reported information about successful logon.
@@ -175,7 +175,7 @@ This event generates when a logon session is created (on destination machine). I
- **Security ID** \[Type = SID\]**:** SID of account for which logon was performed. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account for which logon was performed.
diff --git a/windows/keep-secure/event-4625.md b/windows/keep-secure/event-4625.md
index 9a040ff053..a615f8b796 100644
--- a/windows/keep-secure/event-4625.md
+++ b/windows/keep-secure/event-4625.md
@@ -89,7 +89,7 @@ This event generates on domain controllers, member servers, and workstations.
- **Security ID** \[Type = SID\]**:** SID of account that reported information about logon failure. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that reported information about logon failure.
@@ -125,7 +125,7 @@ This event generates on domain controllers, member servers, and workstations.
- **Security ID** \[Type = SID\]**:** SID of the account that was specified in the logon attempt. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that was specified in the logon attempt.
diff --git a/windows/keep-secure/event-4626.md b/windows/keep-secure/event-4626.md
index 83fa8fe837..68599c7060 100644
--- a/windows/keep-secure/event-4626.md
+++ b/windows/keep-secure/event-4626.md
@@ -85,7 +85,7 @@ This event generates on the computer to which the logon was performed (target co
- **Security ID** \[Type = SID\]**:** SID of account that reported information about claims. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that reported information about claims.
@@ -121,7 +121,7 @@ This event generates on the computer to which the logon was performed (target co
- **Security ID** \[Type = SID\]**:** SID of account for which logon was performed. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account for which logon was performed.
diff --git a/windows/keep-secure/event-4627.md b/windows/keep-secure/event-4627.md
index 811fd6f830..88500872dc 100644
--- a/windows/keep-secure/event-4627.md
+++ b/windows/keep-secure/event-4627.md
@@ -80,7 +80,7 @@ Multiple events are generated if the group membership information cannot fit in
- **Security ID** \[Type = SID\]**:** SID of account that reported information about successful logon or invokes it. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that reported information about successful logon or invokes it.
@@ -116,7 +116,7 @@ Multiple events are generated if the group membership information cannot fit in
- **Security ID** \[Type = SID\]**:** SID of account for which logon was performed. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account for which logon was performed.
diff --git a/windows/keep-secure/event-4634.md b/windows/keep-secure/event-4634.md
index 10b678d329..d84431bf79 100644
--- a/windows/keep-secure/event-4634.md
+++ b/windows/keep-secure/event-4634.md
@@ -75,7 +75,7 @@ It may be positively correlated with a “[4624](event-4624.md): An account was
- **Security ID** \[Type = SID\]**:** SID of account that was logged off. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that was logged off.
diff --git a/windows/keep-secure/event-4647.md b/windows/keep-secure/event-4647.md
index 16537024f3..21155852f6 100644
--- a/windows/keep-secure/event-4647.md
+++ b/windows/keep-secure/event-4647.md
@@ -74,7 +74,7 @@ It may be positively correlated with a “[4624](event-4624.md): An account was
- **Security ID** \[Type = SID\]**:** SID of account that requested the “logoff” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “logoff” operation.
diff --git a/windows/keep-secure/event-4648.md b/windows/keep-secure/event-4648.md
index 0f371abb75..48250044e9 100644
--- a/windows/keep-secure/event-4648.md
+++ b/windows/keep-secure/event-4648.md
@@ -82,7 +82,7 @@ It is also a routine event which periodically occurs during normal operating sys
- **Security ID** \[Type = SID\]**:** SID of account that requested the new logon session with explicit credentials. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the new logon session with explicit credentials.
diff --git a/windows/keep-secure/event-4656.md b/windows/keep-secure/event-4656.md
index b7e3893812..7c7116e953 100644
--- a/windows/keep-secure/event-4656.md
+++ b/windows/keep-secure/event-4656.md
@@ -93,7 +93,7 @@ This event shows that access was requested, and the results of the request, but
- **Security ID** \[Type = SID\]**:** SID of account that requested a handle to an object. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested a handle to an object.
diff --git a/windows/keep-secure/event-4657.md b/windows/keep-secure/event-4657.md
index 5b669ccb0d..31aa191a81 100644
--- a/windows/keep-secure/event-4657.md
+++ b/windows/keep-secure/event-4657.md
@@ -80,7 +80,7 @@ This event generates only if “Set Value" auditing is set in registry key’s [
- **Security ID** \[Type = SID\]**:** SID of account that requested the “modify registry value” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “modify registry value” operation.
diff --git a/windows/keep-secure/event-4658.md b/windows/keep-secure/event-4658.md
index 3de6b3da02..9dd8b57d2e 100644
--- a/windows/keep-secure/event-4658.md
+++ b/windows/keep-secure/event-4658.md
@@ -76,7 +76,7 @@ Typically this event is needed if you need to know how long the handle to the ob
- **Security ID** \[Type = SID\]**:** SID of account that requested the “close object’s handle” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “close object’s handle” operation.
diff --git a/windows/keep-secure/event-4660.md b/windows/keep-secure/event-4660.md
index 901bc15ae8..3b0fccc294 100644
--- a/windows/keep-secure/event-4660.md
+++ b/windows/keep-secure/event-4660.md
@@ -79,7 +79,7 @@ The advantage of this event is that it’s generated only during real delete ope
- **Security ID** \[Type = SID\]**:** SID of account that requested the “delete object” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “delete object” operation.
diff --git a/windows/keep-secure/event-4661.md b/windows/keep-secure/event-4661.md
index 278c77f651..6485f5b65a 100644
--- a/windows/keep-secure/event-4661.md
+++ b/windows/keep-secure/event-4661.md
@@ -84,7 +84,7 @@ This event generates only if Success auditing is enabled for the [Audit Handle M
- **Security ID** \[Type = SID\]**:** SID of account that requested a handle to an object. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested a handle to an object.
diff --git a/windows/keep-secure/event-4662.md b/windows/keep-secure/event-4662.md
index 83640072e0..3dd3acf69f 100644
--- a/windows/keep-secure/event-4662.md
+++ b/windows/keep-secure/event-4662.md
@@ -84,7 +84,7 @@ You will get one 4662 for each operation type which was performed.
- **Security ID** \[Type = SID\]**:** SID of account that requested the operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the operation.
diff --git a/windows/keep-secure/event-4663.md b/windows/keep-secure/event-4663.md
index 46cdac8cb0..0ba031b8a9 100644
--- a/windows/keep-secure/event-4663.md
+++ b/windows/keep-secure/event-4663.md
@@ -87,7 +87,7 @@ The main difference with “[4656](event-4656.md): A handle to an object was req
- **Security ID** \[Type = SID\]**:** SID of account that made an attempt to access an object. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that made an attempt to access an object.
diff --git a/windows/keep-secure/event-4664.md b/windows/keep-secure/event-4664.md
index a62808d16d..f25e16f565 100644
--- a/windows/keep-secure/event-4664.md
+++ b/windows/keep-secure/event-4664.md
@@ -71,7 +71,7 @@ This event generates when an NTFS hard link was successfully created.
- **Security ID** \[Type = SID\]**:** SID of account that made an attempt to create the hard link. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that made an attempt to create the hard link.
diff --git a/windows/keep-secure/event-4670.md b/windows/keep-secure/event-4670.md
index a7de5be046..61af502eb4 100644
--- a/windows/keep-secure/event-4670.md
+++ b/windows/keep-secure/event-4670.md
@@ -80,7 +80,7 @@ Before this event can generate, certain ACEs might need to be set in the object
- **Security ID** \[Type = SID\]**:** SID of account that requested the “change object’s permissions” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “change object’s permissions” operation.
diff --git a/windows/keep-secure/event-4672.md b/windows/keep-secure/event-4672.md
index bf0fff94de..fba1851afe 100644
--- a/windows/keep-secure/event-4672.md
+++ b/windows/keep-secure/event-4672.md
@@ -97,7 +97,7 @@ You typically will see many of these events in the event log, because every logo
- **Security ID** \[Type = SID\]**:** SID of account to which special privileges were assigned. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account to which special privileges were assigned.
diff --git a/windows/keep-secure/event-4673.md b/windows/keep-secure/event-4673.md
index 5282a6658e..6ef7b29b77 100644
--- a/windows/keep-secure/event-4673.md
+++ b/windows/keep-secure/event-4673.md
@@ -77,7 +77,7 @@ Failure event generates when service call attempt fails.
- **Security ID** \[Type = SID\]**:** SID of account that requested privileged operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested privileged operation.
diff --git a/windows/keep-secure/event-4674.md b/windows/keep-secure/event-4674.md
index 41518d4e2b..d4a8792d03 100644
--- a/windows/keep-secure/event-4674.md
+++ b/windows/keep-secure/event-4674.md
@@ -80,7 +80,7 @@ Failure event generates when operation attempt fails.
- **Security ID** \[Type = SID\]**:** SID of account that requested privileged operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested privileged operation.
diff --git a/windows/keep-secure/event-4675.md b/windows/keep-secure/event-4675.md
index dc8a19e120..ef1b726917 100644
--- a/windows/keep-secure/event-4675.md
+++ b/windows/keep-secure/event-4675.md
@@ -19,7 +19,7 @@ This event generates when SIDs were filtered for specific Active Directory trust
See more information about SID filtering here: .
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
There is no example of this event in this document.
diff --git a/windows/keep-secure/event-4688.md b/windows/keep-secure/event-4688.md
index b152e305fb..d7d29f4334 100644
--- a/windows/keep-secure/event-4688.md
+++ b/windows/keep-secure/event-4688.md
@@ -95,7 +95,7 @@ This event generates every time a new process starts.
- **Security ID** \[Type = SID\]**:** SID of account that requested the “create process” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “create process” operation.
@@ -119,7 +119,7 @@ This event generates every time a new process starts.
- **Security ID** \[Type = SID\] \[Version 2\]**:** SID of target account. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\] \[Version 2\]**:** the name of the target account.
diff --git a/windows/keep-secure/event-4689.md b/windows/keep-secure/event-4689.md
index e5f97fe698..bbfbbe6382 100644
--- a/windows/keep-secure/event-4689.md
+++ b/windows/keep-secure/event-4689.md
@@ -71,7 +71,7 @@ This event generates every time a process has exited.
- **Security ID** \[Type = SID\]**:** SID of account that requested the “terminate process” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “terminate process” operation.
diff --git a/windows/keep-secure/event-4690.md b/windows/keep-secure/event-4690.md
index d7ac11d773..3ca6589561 100644
--- a/windows/keep-secure/event-4690.md
+++ b/windows/keep-secure/event-4690.md
@@ -72,7 +72,7 @@ This event generates if an attempt was made to duplicate a handle to an object.
- **Security ID** \[Type = SID\]**:** SID of account that made an attempt to duplicate a handle to an object. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that made an attempt to duplicate a handle to an object.
diff --git a/windows/keep-secure/event-4691.md b/windows/keep-secure/event-4691.md
index ba22553755..cd0e7d930c 100644
--- a/windows/keep-secure/event-4691.md
+++ b/windows/keep-secure/event-4691.md
@@ -75,7 +75,7 @@ These events are generated for [ALPC Ports](https://msdn.microsoft.com/en-us/lib
- **Security ID** \[Type = SID\]**:** SID of account that requested an access to the object. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested an access to the object.
diff --git a/windows/keep-secure/event-4692.md b/windows/keep-secure/event-4692.md
index aba10585e3..4bd3aec488 100644
--- a/windows/keep-secure/event-4692.md
+++ b/windows/keep-secure/event-4692.md
@@ -82,7 +82,7 @@ Failure event generates when a Master Key backup operation fails for some reason
- **Security ID** \[Type = SID\]**:** SID of account that requested backup operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested backup operation.
diff --git a/windows/keep-secure/event-4693.md b/windows/keep-secure/event-4693.md
index 3134110a5c..c3563c431a 100644
--- a/windows/keep-secure/event-4693.md
+++ b/windows/keep-secure/event-4693.md
@@ -79,7 +79,7 @@ Failure event generates when a Master Key restore operation fails for some reaso
- **Security ID** \[Type = SID\]**:** SID of account that requested the “recover” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “recover” operation.
diff --git a/windows/keep-secure/event-4696.md b/windows/keep-secure/event-4696.md
index e4746f74c9..ced7a1d990 100644
--- a/windows/keep-secure/event-4696.md
+++ b/windows/keep-secure/event-4696.md
@@ -78,7 +78,7 @@ This event generates every time a process runs using the non-current access toke
- **Security ID** \[Type = SID\]**:** SID of account that requested the “assign token to process” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “assign token to process” operation.
@@ -120,7 +120,7 @@ This event generates every time a process runs using the non-current access toke
- **Security ID** \[Type = SID\]**:** SID of account through which the security token will be assigned to the new process. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account through which the security token will be assigned to the new process.
diff --git a/windows/keep-secure/event-4697.md b/windows/keep-secure/event-4697.md
index 0213aa9f0a..2493207abb 100644
--- a/windows/keep-secure/event-4697.md
+++ b/windows/keep-secure/event-4697.md
@@ -73,7 +73,7 @@ This event generates when new service was installed in the system.
- **Security ID** \[Type = SID\]**:** SID of account that was used to install the service. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that was used to install the service.
diff --git a/windows/keep-secure/event-4698.md b/windows/keep-secure/event-4698.md
index 5d522281cb..495d00ad2f 100644
--- a/windows/keep-secure/event-4698.md
+++ b/windows/keep-secure/event-4698.md
@@ -70,7 +70,7 @@ This event generates every time a new scheduled task is created.
- **Security ID** \[Type = SID\]**:** SID of account that requested the “create scheduled task” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “create scheduled task” operation.
diff --git a/windows/keep-secure/event-4699.md b/windows/keep-secure/event-4699.md
index a1c58890d6..885f708f76 100644
--- a/windows/keep-secure/event-4699.md
+++ b/windows/keep-secure/event-4699.md
@@ -70,7 +70,7 @@ This event generates every time a scheduled task was deleted.
- **Security ID** \[Type = SID\]**:** SID of account that requested the “delete scheduled task” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “delete scheduled task” operation.
diff --git a/windows/keep-secure/event-4700.md b/windows/keep-secure/event-4700.md
index fa5a54c164..97ec3d2bcf 100644
--- a/windows/keep-secure/event-4700.md
+++ b/windows/keep-secure/event-4700.md
@@ -70,7 +70,7 @@ This event generates every time a scheduled task is enabled.
- **Security ID** \[Type = SID\]**:** SID of account that requested the “enable scheduled task” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “enable scheduled task” operation.
diff --git a/windows/keep-secure/event-4701.md b/windows/keep-secure/event-4701.md
index 5c1cafe14f..7997ce6cf3 100644
--- a/windows/keep-secure/event-4701.md
+++ b/windows/keep-secure/event-4701.md
@@ -70,7 +70,7 @@ This event generates every time a scheduled task is disabled.
- **Security ID** \[Type = SID\]**:** SID of account that requested the “enable scheduled task” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “enable scheduled task” operation.
diff --git a/windows/keep-secure/event-4702.md b/windows/keep-secure/event-4702.md
index 3d0071fd39..0fb4d69eea 100644
--- a/windows/keep-secure/event-4702.md
+++ b/windows/keep-secure/event-4702.md
@@ -70,7 +70,7 @@ This event generates every time scheduled task was updated/changed.
- **Security ID** \[Type = SID\]**:** SID of account that requested the “change/update scheduled task” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “change/update scheduled task” operation.
diff --git a/windows/keep-secure/event-4703.md b/windows/keep-secure/event-4703.md
index bdce298519..154f3a9fe6 100644
--- a/windows/keep-secure/event-4703.md
+++ b/windows/keep-secure/event-4703.md
@@ -80,7 +80,7 @@ Token privileges provide the ability to take certain system-level actions that y
- **Security ID** \[Type = SID\]**:** SID of account that requested the “enable” or “disable” operation for **Target Account** privileges. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “enable” or “disable” operation for **Target Account** privileges.
@@ -102,7 +102,7 @@ Token privileges provide the ability to take certain system-level actions that y
- **Security ID** \[Type = SID\]**:** SID of account for which privileges were enabled or disabled. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account for which privileges were enabled or disabled.
diff --git a/windows/keep-secure/event-4704.md b/windows/keep-secure/event-4704.md
index ee98fd4712..234edaa3ac 100644
--- a/windows/keep-secure/event-4704.md
+++ b/windows/keep-secure/event-4704.md
@@ -72,7 +72,7 @@ You will see unique event for every user.
- **Security ID** \[Type = SID\]**:** SID of account that made a change to local user right policy. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that made a change to local user right policy.
diff --git a/windows/keep-secure/event-4705.md b/windows/keep-secure/event-4705.md
index 7a5f1008fc..007bdc4ec3 100644
--- a/windows/keep-secure/event-4705.md
+++ b/windows/keep-secure/event-4705.md
@@ -72,7 +72,7 @@ You will see unique event for every user.
- **Security ID** \[Type = SID\]**:** SID of account that made a change to local user right policy. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that made a change to local user right policy.
diff --git a/windows/keep-secure/event-4706.md b/windows/keep-secure/event-4706.md
index c6eba5f6a8..3eb6bdda15 100644
--- a/windows/keep-secure/event-4706.md
+++ b/windows/keep-secure/event-4706.md
@@ -76,7 +76,7 @@ This event is generated only on domain controllers.
- **Security ID** \[Type = SID\]**:** SID of account that requested the “create domain trust” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “create domain trust” operation.
diff --git a/windows/keep-secure/event-4707.md b/windows/keep-secure/event-4707.md
index 9a77188b80..011e640b52 100644
--- a/windows/keep-secure/event-4707.md
+++ b/windows/keep-secure/event-4707.md
@@ -72,7 +72,7 @@ This event is generated only on domain controllers.
- **Security ID** \[Type = SID\]**:** SID of account that requested the “remove domain trust” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “remove domain trust” operation.
diff --git a/windows/keep-secure/event-4713.md b/windows/keep-secure/event-4713.md
index f87013f4a6..482ad0768e 100644
--- a/windows/keep-secure/event-4713.md
+++ b/windows/keep-secure/event-4713.md
@@ -71,7 +71,7 @@ This event is generated only on domain controllers.
- **Security ID** \[Type = SID\]**:** SID of account that made a change to Kerberos policy. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that made a change to Kerberos policy.
diff --git a/windows/keep-secure/event-4715.md b/windows/keep-secure/event-4715.md
index d0e5dd0ef3..fea15f35d7 100644
--- a/windows/keep-secure/event-4715.md
+++ b/windows/keep-secure/event-4715.md
@@ -72,7 +72,7 @@ This event is always logged regardless of the "Audit Policy Change" sub-category
- **Security ID** \[Type = SID\]**:** SID of account that requested the “change local audit policy security descriptor (SACL)” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “change local audit policy security descriptor (SACL)” operation.
diff --git a/windows/keep-secure/event-4716.md b/windows/keep-secure/event-4716.md
index 373d14519b..8140c94b16 100644
--- a/windows/keep-secure/event-4716.md
+++ b/windows/keep-secure/event-4716.md
@@ -76,7 +76,7 @@ This event is generated only on domain controllers.
- **Security ID** \[Type = SID\]**:** SID of account that requested the “modify domain trust settings” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “modify domain trust settings” operation.
diff --git a/windows/keep-secure/event-4717.md b/windows/keep-secure/event-4717.md
index dbe74fada2..476501f806 100644
--- a/windows/keep-secure/event-4717.md
+++ b/windows/keep-secure/event-4717.md
@@ -72,7 +72,7 @@ You will see unique event for every user if logon user rights were granted to mu
- **Security ID** \[Type = SID\]**:** SID of account that made a change to local logon right user policy. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that made a change to local logon right user policy.
diff --git a/windows/keep-secure/event-4718.md b/windows/keep-secure/event-4718.md
index 44f5fc4624..af30328c64 100644
--- a/windows/keep-secure/event-4718.md
+++ b/windows/keep-secure/event-4718.md
@@ -72,7 +72,7 @@ You will see unique event for every user if logon user rights were removed for m
- **Security ID** \[Type = SID\]**:** SID of account that made a change to local logon right user policy. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that made a change to local logon right user policy.
diff --git a/windows/keep-secure/event-4719.md b/windows/keep-secure/event-4719.md
index 7a274992c8..69b248ec50 100644
--- a/windows/keep-secure/event-4719.md
+++ b/windows/keep-secure/event-4719.md
@@ -74,7 +74,7 @@ This event is always logged regardless of the "Audit Policy Change" sub-category
- **Security ID** \[Type = SID\]**:** SID of account that made a change to local audit policy. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that made a change to local audit policy.
diff --git a/windows/keep-secure/event-4720.md b/windows/keep-secure/event-4720.md
index 157b9b01a3..d333e12f03 100644
--- a/windows/keep-secure/event-4720.md
+++ b/windows/keep-secure/event-4720.md
@@ -92,7 +92,7 @@ This event generates on domain controllers, member servers, and workstations.
- **Security ID** \[Type = SID\]**:** SID of account that requested the “create user account” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “create user account” operation.
diff --git a/windows/keep-secure/event-4722.md b/windows/keep-secure/event-4722.md
index 6c96fd0b4a..37b03dbe77 100644
--- a/windows/keep-secure/event-4722.md
+++ b/windows/keep-secure/event-4722.md
@@ -75,7 +75,7 @@ For computer accounts, this event generates only on domain controllers.
- **Security ID** \[Type = SID\]**:** SID of account that requested the “enable account” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “enable account” operation.
diff --git a/windows/keep-secure/event-4723.md b/windows/keep-secure/event-4723.md
index 8c23919260..cf74611ba8 100644
--- a/windows/keep-secure/event-4723.md
+++ b/windows/keep-secure/event-4723.md
@@ -82,7 +82,7 @@ Typically you will see 4723 events with the same **Subject\\Security ID** and **
- **Security ID** \[Type = SID\]**:** SID of account that made an attempt to change Target’s Account password. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that made an attempt to change Target’s Account password.
diff --git a/windows/keep-secure/event-4724.md b/windows/keep-secure/event-4724.md
index 977955100e..f0257228f4 100644
--- a/windows/keep-secure/event-4724.md
+++ b/windows/keep-secure/event-4724.md
@@ -81,7 +81,7 @@ For local accounts, a Failure event generates if the new password fails to meet
- **Security ID** \[Type = SID\]**:** SID of account that made an attempt to reset Target’s Account password. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that made an attempt to reset Target’s Account password.
diff --git a/windows/keep-secure/event-4725.md b/windows/keep-secure/event-4725.md
index 7dacfe0813..b5926a2941 100644
--- a/windows/keep-secure/event-4725.md
+++ b/windows/keep-secure/event-4725.md
@@ -75,7 +75,7 @@ For computer accounts, this event generates only on domain controllers.
- **Security ID** \[Type = SID\]**:** SID of account that requested the “disable account” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “disable account” operation.
diff --git a/windows/keep-secure/event-4726.md b/windows/keep-secure/event-4726.md
index ab110e118d..b27daa7dd0 100644
--- a/windows/keep-secure/event-4726.md
+++ b/windows/keep-secure/event-4726.md
@@ -74,7 +74,7 @@ This event generates on domain controllers, member servers, and workstations.
- **Security ID** \[Type = SID\]**:** SID of account that requested the “delete user account” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “delete user account” operation.
diff --git a/windows/keep-secure/event-4731.md b/windows/keep-secure/event-4731.md
index 0f6116aca5..b92e02d280 100644
--- a/windows/keep-secure/event-4731.md
+++ b/windows/keep-secure/event-4731.md
@@ -76,7 +76,7 @@ This event generates on domain controllers, member servers, and workstations.
- **Security ID** \[Type = SID\]**:** SID of account that requested the “create group” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “create group” operation.
diff --git a/windows/keep-secure/event-4732.md b/windows/keep-secure/event-4732.md
index f688280574..41cf2a4a08 100644
--- a/windows/keep-secure/event-4732.md
+++ b/windows/keep-secure/event-4732.md
@@ -80,7 +80,7 @@ You will typically see “[4735](event-4735.md): A security-enabled local group
- **Security ID** \[Type = SID\]**:** SID of account that requested the “add member to the group” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “add member to the group” operation.
diff --git a/windows/keep-secure/event-4733.md b/windows/keep-secure/event-4733.md
index b2de4567ac..40629bb96c 100644
--- a/windows/keep-secure/event-4733.md
+++ b/windows/keep-secure/event-4733.md
@@ -80,7 +80,7 @@ You will typically see “[4735](event-4735.md): A security-enabled local group
- **Security ID** \[Type = SID\]**:** SID of account that requested the “remove member from the group” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “remove member from the group” operation.
diff --git a/windows/keep-secure/event-4734.md b/windows/keep-secure/event-4734.md
index 023be2969c..120da30815 100644
--- a/windows/keep-secure/event-4734.md
+++ b/windows/keep-secure/event-4734.md
@@ -74,7 +74,7 @@ This event generates on domain controllers, member servers, and workstations.
- **Security ID** \[Type = SID\]**:** SID of account that requested the “delete group” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “delete group” operation.
diff --git a/windows/keep-secure/event-4735.md b/windows/keep-secure/event-4735.md
index b6dac600b9..928905449d 100644
--- a/windows/keep-secure/event-4735.md
+++ b/windows/keep-secure/event-4735.md
@@ -84,7 +84,7 @@ From 4735 event you can get information about changes of **sAMAccountName** and
- **Security ID** \[Type = SID\]**:** SID of account that requested the “change group” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “change group” operation.
diff --git a/windows/keep-secure/event-4738.md b/windows/keep-secure/event-4738.md
index 98f22cb17c..f2992c4a97 100644
--- a/windows/keep-secure/event-4738.md
+++ b/windows/keep-secure/event-4738.md
@@ -99,7 +99,7 @@ Some changes do not invoke a 4738 event.
- **Security ID** \[Type = SID\]**:** SID of account that requested the “change user account” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “change user account” operation.
diff --git a/windows/keep-secure/event-4739.md b/windows/keep-secure/event-4739.md
index b5873a99e3..8b692f1ea3 100644
--- a/windows/keep-secure/event-4739.md
+++ b/windows/keep-secure/event-4739.md
@@ -102,7 +102,7 @@ This event generates when one of the following changes was made to local compute
- **Security ID** \[Type = SID\]**:** SID of account that made a change to specific local policy. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that made a change to specific local policy.
diff --git a/windows/keep-secure/event-4740.md b/windows/keep-secure/event-4740.md
index 7ab01449c8..7e35c73f98 100644
--- a/windows/keep-secure/event-4740.md
+++ b/windows/keep-secure/event-4740.md
@@ -73,7 +73,7 @@ For user accounts, this event generates on domain controllers, member servers, a
- **Security ID** \[Type = SID\]**:** SID of account that performed the lockout operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that performed the lockout operation.
diff --git a/windows/keep-secure/event-4741.md b/windows/keep-secure/event-4741.md
index 52d8a70a84..ed9cddfc2c 100644
--- a/windows/keep-secure/event-4741.md
+++ b/windows/keep-secure/event-4741.md
@@ -94,7 +94,7 @@ This event generates only on domain controllers.
- **Security ID** \[Type = SID\]**:** SID of account that requested the “create Computer object” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “create Computer object” operation.
diff --git a/windows/keep-secure/event-4742.md b/windows/keep-secure/event-4742.md
index b09dba8333..9f318856ed 100644
--- a/windows/keep-secure/event-4742.md
+++ b/windows/keep-secure/event-4742.md
@@ -105,7 +105,7 @@ You might see this event without any changes inside, that is, where all **Change
- **Security ID** \[Type = SID\]**:** SID of account that requested the “change Computer object” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “change Computer object” operation.
diff --git a/windows/keep-secure/event-4743.md b/windows/keep-secure/event-4743.md
index 42f7e90f14..beaa8afbe9 100644
--- a/windows/keep-secure/event-4743.md
+++ b/windows/keep-secure/event-4743.md
@@ -74,7 +74,7 @@ This event generates only on domain controllers.
- **Security ID** \[Type = SID\]**:** SID of account that requested the “delete Computer object” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “delete Computer object” operation.
diff --git a/windows/keep-secure/event-4749.md b/windows/keep-secure/event-4749.md
index 321a4a3e52..d2c6a567d6 100644
--- a/windows/keep-secure/event-4749.md
+++ b/windows/keep-secure/event-4749.md
@@ -76,7 +76,7 @@ This event generates only on domain controllers.
- **Security ID** \[Type = SID\]**:** SID of account that requested the “create group” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “create group” operation.
diff --git a/windows/keep-secure/event-4750.md b/windows/keep-secure/event-4750.md
index 17f5d8eb84..206195ae89 100644
--- a/windows/keep-secure/event-4750.md
+++ b/windows/keep-secure/event-4750.md
@@ -84,7 +84,7 @@ From 4750 event you can get information about changes of **sAMAccountName** and
- **Security ID** \[Type = SID\]**:** SID of account that requested the “change group” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “change group” operation.
diff --git a/windows/keep-secure/event-4751.md b/windows/keep-secure/event-4751.md
index ea37165fce..8f224051a1 100644
--- a/windows/keep-secure/event-4751.md
+++ b/windows/keep-secure/event-4751.md
@@ -80,7 +80,7 @@ You will typically see “[4750](event-4750.md): A security-disabled global grou
- **Security ID** \[Type = SID\]**:** SID of account that requested the “add member to the group” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “add member to the group” operation.
diff --git a/windows/keep-secure/event-4752.md b/windows/keep-secure/event-4752.md
index 28d38b44a5..d9ef0f8d52 100644
--- a/windows/keep-secure/event-4752.md
+++ b/windows/keep-secure/event-4752.md
@@ -78,7 +78,7 @@ For every removed member you will get separate 4752 event.
- **Security ID** \[Type = SID\]**:** SID of account that requested the “remove member from the group” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “remove member from the group” operation.
diff --git a/windows/keep-secure/event-4753.md b/windows/keep-secure/event-4753.md
index 5cc018f286..c8375231e2 100644
--- a/windows/keep-secure/event-4753.md
+++ b/windows/keep-secure/event-4753.md
@@ -74,7 +74,7 @@ This event generates only on domain controllers.
- **Security ID** \[Type = SID\]**:** SID of account that requested the “delete group” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “delete group” operation.
diff --git a/windows/keep-secure/event-4764.md b/windows/keep-secure/event-4764.md
index e5bcc13c9a..3942742122 100644
--- a/windows/keep-secure/event-4764.md
+++ b/windows/keep-secure/event-4764.md
@@ -76,7 +76,7 @@ This event generates only on domain controllers.
- **Security ID** \[Type = SID\]**:** SID of account that requested the “change group type” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “change group type” operation.
diff --git a/windows/keep-secure/event-4767.md b/windows/keep-secure/event-4767.md
index a189b84db0..7eb768b001 100644
--- a/windows/keep-secure/event-4767.md
+++ b/windows/keep-secure/event-4767.md
@@ -73,7 +73,7 @@ For user accounts, this event generates on domain controllers, member servers, a
- **Security ID** \[Type = SID\]**:** SID of account that performed the unlock operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that performed the unlock operation.
diff --git a/windows/keep-secure/event-4768.md b/windows/keep-secure/event-4768.md
index edcc1952bc..48c81eea57 100644
--- a/windows/keep-secure/event-4768.md
+++ b/windows/keep-secure/event-4768.md
@@ -104,7 +104,7 @@ This event doesn't generate for **Result Codes**: 0x10, 0x17 and 0x18. Event “
- **NULL SID** – this value shows in [4768](event-4768.md) Failure events.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
**Service Information:**
diff --git a/windows/keep-secure/event-4769.md b/windows/keep-secure/event-4769.md
index ecb3b28900..e41de7fd26 100644
--- a/windows/keep-secure/event-4769.md
+++ b/windows/keep-secure/event-4769.md
@@ -112,7 +112,7 @@ You will typically see many Failure events with **Failure Code** “**0x20**”,
- **NULL SID** – this value shows in Failure events.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
**Network Information:**
diff --git a/windows/keep-secure/event-4770.md b/windows/keep-secure/event-4770.md
index 1c353eb67f..65966234c0 100644
--- a/windows/keep-secure/event-4770.md
+++ b/windows/keep-secure/event-4770.md
@@ -98,7 +98,7 @@ This event generates only on domain controllers.
- **Service ID** \[Type = SID\]**:** SID of the account or computer object for which the TGS ticket was renewed. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
**Network Information:**
diff --git a/windows/keep-secure/event-4771.md b/windows/keep-secure/event-4771.md
index ae81985175..233040c8f3 100644
--- a/windows/keep-secure/event-4771.md
+++ b/windows/keep-secure/event-4771.md
@@ -81,7 +81,7 @@ This event is not generated if “Do not require Kerberos preauthentication” o
For example: CONTOSO\\dadmin or CONTOSO\\WIN81$.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name:** \[Type = UnicodeString\]**:** the name of account, for which (TGT) ticket was requested. Computer account name ends with **$** character.
diff --git a/windows/keep-secure/event-4781.md b/windows/keep-secure/event-4781.md
index 34064992de..fa151fbb39 100644
--- a/windows/keep-secure/event-4781.md
+++ b/windows/keep-secure/event-4781.md
@@ -77,7 +77,7 @@ For computer accounts, this event generates only on domain controllers.
- **Security ID** \[Type = SID\]**:** SID of account that performed the “change account name” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that performed the “change account name” operation.
diff --git a/windows/keep-secure/event-4782.md b/windows/keep-secure/event-4782.md
index 6d0804b3b3..2c04b9ab81 100644
--- a/windows/keep-secure/event-4782.md
+++ b/windows/keep-secure/event-4782.md
@@ -72,7 +72,7 @@ Typically **“Subject\\Security ID”** is the SYSTEM account.
- **Security ID** \[Type = SID\]**:** SID of account that requested hash migration operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested hash migration operation.
diff --git a/windows/keep-secure/event-4793.md b/windows/keep-secure/event-4793.md
index 079c4317df..ea2cc8090b 100644
--- a/windows/keep-secure/event-4793.md
+++ b/windows/keep-secure/event-4793.md
@@ -79,7 +79,7 @@ Note that starting with Microsoft SQL Server 2005, the “SQL Server password po
- **Security ID** \[Type = SID\]**:** SID of account that requested Password Policy Checking API operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested Password Policy Checking API operation.
diff --git a/windows/keep-secure/event-4794.md b/windows/keep-secure/event-4794.md
index c3ce16e165..131254b61b 100644
--- a/windows/keep-secure/event-4794.md
+++ b/windows/keep-secure/event-4794.md
@@ -72,7 +72,7 @@ This event generates only on domain controllers.
- **Security ID** \[Type = SID\]**:** SID of account that made an attempt to set Directory Services Restore Mode administrator password. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that made an attempt to set Directory Services Restore Mode administrator password.
diff --git a/windows/keep-secure/event-4798.md b/windows/keep-secure/event-4798.md
index 3423f5319b..3d3ddee0ce 100644
--- a/windows/keep-secure/event-4798.md
+++ b/windows/keep-secure/event-4798.md
@@ -73,7 +73,7 @@ This event generates when a process enumerates a user's security-enabled local g
- **Security ID** \[Type = SID\]**:** SID of account that requested the “enumerate user's security-enabled local groups” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “enumerate user's security-enabled local groups” operation.
diff --git a/windows/keep-secure/event-4799.md b/windows/keep-secure/event-4799.md
index 2084212f59..686f00f99f 100644
--- a/windows/keep-secure/event-4799.md
+++ b/windows/keep-secure/event-4799.md
@@ -75,7 +75,7 @@ This event doesn't generate when group members were enumerated using Active Dire
- **Security ID** \[Type = SID\]**:** SID of account that requested the “enumerate security-enabled local group members” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “enumerate security-enabled local group members” operation.
diff --git a/windows/keep-secure/event-4800.md b/windows/keep-secure/event-4800.md
index 3eb3482649..30cddc53d4 100644
--- a/windows/keep-secure/event-4800.md
+++ b/windows/keep-secure/event-4800.md
@@ -69,7 +69,7 @@ This event is generated when a workstation was locked.
- **Security ID** \[Type = SID\]**:** SID of account that requested the “lock workstation” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “lock workstation” operation.
diff --git a/windows/keep-secure/event-4801.md b/windows/keep-secure/event-4801.md
index b0b69a6e24..274fd1ba5c 100644
--- a/windows/keep-secure/event-4801.md
+++ b/windows/keep-secure/event-4801.md
@@ -69,7 +69,7 @@ This event is generated when workstation was unlocked.
- **Security ID** \[Type = SID\]**:** SID of account that requested the “unlock workstation” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “unlock workstation” operation.
diff --git a/windows/keep-secure/event-4802.md b/windows/keep-secure/event-4802.md
index 691f558b08..ebce359a9c 100644
--- a/windows/keep-secure/event-4802.md
+++ b/windows/keep-secure/event-4802.md
@@ -69,7 +69,7 @@ This event is generated when screen saver was invoked.
- **Security ID** \[Type = SID\]**:** SID of account that requested the “invoke screensaver” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “invoke screensaver” operation.
diff --git a/windows/keep-secure/event-4803.md b/windows/keep-secure/event-4803.md
index 8cfb6407c8..62ffc7f753 100644
--- a/windows/keep-secure/event-4803.md
+++ b/windows/keep-secure/event-4803.md
@@ -69,7 +69,7 @@ This event is generated when screen saver was dismissed.
- **Security ID** \[Type = SID\]**:** SID of account that requested the “dismiss screensaver” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “dismiss screensaver” operation.
diff --git a/windows/keep-secure/event-4817.md b/windows/keep-secure/event-4817.md
index c1bc5e42d5..7980c341af 100644
--- a/windows/keep-secure/event-4817.md
+++ b/windows/keep-secure/event-4817.md
@@ -75,7 +75,7 @@ Separate events will be generated for “Registry” and “File system” polic
- **Security ID** \[Type = SID\]**:** SID of account that made a change to Global Object Access Auditing policy. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that made a change to Global Object Access Auditing policy.
diff --git a/windows/keep-secure/event-4818.md b/windows/keep-secure/event-4818.md
index f219c35d82..aad25bb594 100644
--- a/windows/keep-secure/event-4818.md
+++ b/windows/keep-secure/event-4818.md
@@ -76,7 +76,7 @@ This event generates when Dynamic Access Control Proposed [Central Access Policy
- **Security ID** \[Type = SID\]**:** SID of account that made an access request. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that made an access request.
diff --git a/windows/keep-secure/event-4819.md b/windows/keep-secure/event-4819.md
index b9311464ea..5ef9d2b4dc 100644
--- a/windows/keep-secure/event-4819.md
+++ b/windows/keep-secure/event-4819.md
@@ -76,7 +76,7 @@ For example, it generates when a new [Central Access Policy](https://technet.mic
- **Security ID** \[Type = SID\]**:** SID of account that changed the Central Access Policies on the machine. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that changed the Central Access Policies on the machine.
diff --git a/windows/keep-secure/event-4826.md b/windows/keep-secure/event-4826.md
index fd9ab17f16..989ba1f6e1 100644
--- a/windows/keep-secure/event-4826.md
+++ b/windows/keep-secure/event-4826.md
@@ -82,7 +82,7 @@ This event is always logged regardless of the "Audit Other Policy Change Events"
- **Security ID** \[Type = SID\]**:** SID of account that reported this event. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event. Always “S-1-5-18” for this event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that reported this event. Always “-“ for this event.
diff --git a/windows/keep-secure/event-4865.md b/windows/keep-secure/event-4865.md
index 90f686c80b..fc96c3a543 100644
--- a/windows/keep-secure/event-4865.md
+++ b/windows/keep-secure/event-4865.md
@@ -79,7 +79,7 @@ This event is generated only on domain controllers.
- **Security ID** \[Type = SID\]**:** SID of account that requested the “add a trusted forest information entry” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “add a trusted forest information entry” operation.
diff --git a/windows/keep-secure/event-4866.md b/windows/keep-secure/event-4866.md
index 1fc701f4d1..45e828eb01 100644
--- a/windows/keep-secure/event-4866.md
+++ b/windows/keep-secure/event-4866.md
@@ -79,7 +79,7 @@ This event is generated only on domain controllers.
- **Security ID** \[Type = SID\]**:** SID of account that requested the “remove a trusted forest information entry” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “remove a trusted forest information entry” operation.
diff --git a/windows/keep-secure/event-4867.md b/windows/keep-secure/event-4867.md
index 57fc10f7da..376f18a47f 100644
--- a/windows/keep-secure/event-4867.md
+++ b/windows/keep-secure/event-4867.md
@@ -81,7 +81,7 @@ This event contains new values only, it doesn’t contains old values and it doe
- **Security ID** \[Type = SID\]**:** SID of account that requested the “modify/change a trusted forest information entry” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “modify/change a trusted forest information entry” operation.
diff --git a/windows/keep-secure/event-4904.md b/windows/keep-secure/event-4904.md
index 85d903d952..a3d21b731a 100644
--- a/windows/keep-secure/event-4904.md
+++ b/windows/keep-secure/event-4904.md
@@ -74,7 +74,7 @@ You can typically see this event during system startup, if specific roles (Inter
- **Security ID** \[Type = SID\]**:** SID of account that made an attempt to register a security event source. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that made an attempt to register a security event source.
diff --git a/windows/keep-secure/event-4905.md b/windows/keep-secure/event-4905.md
index 1bc58fabcc..0cb79afd08 100644
--- a/windows/keep-secure/event-4905.md
+++ b/windows/keep-secure/event-4905.md
@@ -74,7 +74,7 @@ You typically see this event if specific roles were removed, for example, Intern
- **Security ID** \[Type = SID\]**:** SID of account that made an attempt to unregister a security event source. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that made an attempt to unregister a security event source.
diff --git a/windows/keep-secure/event-4907.md b/windows/keep-secure/event-4907.md
index 0867cad21e..a7c610e28a 100644
--- a/windows/keep-secure/event-4907.md
+++ b/windows/keep-secure/event-4907.md
@@ -78,7 +78,7 @@ This event doesn't generate for Active Directory objects.
- **Security ID** \[Type = SID\]**:** SID of account that made a change to object’s auditing settings. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that made a change to object’s auditing settings.
diff --git a/windows/keep-secure/event-4908.md b/windows/keep-secure/event-4908.md
index c76f86b814..dfe71ca9a8 100644
--- a/windows/keep-secure/event-4908.md
+++ b/windows/keep-secure/event-4908.md
@@ -73,7 +73,7 @@ More information about Special Groups auditing can be found here:
**Special Groups** \[Type = UnicodeString\]**:** contains current list of SIDs (groups or accounts) which are members of Special Groups. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
“HKEY\_LOCAL\_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\Audit\\SpecialGroups” registry value contains current list of SIDs which are included in Special Groups:
diff --git a/windows/keep-secure/event-4911.md b/windows/keep-secure/event-4911.md
index 20a174c857..173c322a13 100644
--- a/windows/keep-secure/event-4911.md
+++ b/windows/keep-secure/event-4911.md
@@ -78,7 +78,7 @@ Resource attributes for file or folder can be changed, for example, using Window
- **Security ID** \[Type = SID\]**:** SID of account that changed the resource attributes of the file system object. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that changed the resource attributes of the file system object.
diff --git a/windows/keep-secure/event-4912.md b/windows/keep-secure/event-4912.md
index bc9856672a..269bdcd27d 100644
--- a/windows/keep-secure/event-4912.md
+++ b/windows/keep-secure/event-4912.md
@@ -75,7 +75,7 @@ This event is always logged regardless of the "Audit Policy Change" sub-category
- **Security ID** \[Type = SID\]**:** SID of account that made a change to per-user audit policy. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that made a change to per-user audit policy.
diff --git a/windows/keep-secure/event-4913.md b/windows/keep-secure/event-4913.md
index 96a27d5f9f..bab7781b60 100644
--- a/windows/keep-secure/event-4913.md
+++ b/windows/keep-secure/event-4913.md
@@ -78,7 +78,7 @@ This event always generates, regardless of the object’s [SACL](https://msdn.mi
- **Security ID** \[Type = SID\]**:** SID of account that changed the Central Access Policy on the object. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that changed the Central Access Policy on the object.
diff --git a/windows/keep-secure/event-4964.md b/windows/keep-secure/event-4964.md
index 96d32ccc21..6c989c94e3 100644
--- a/windows/keep-secure/event-4964.md
+++ b/windows/keep-secure/event-4964.md
@@ -97,7 +97,7 @@ This event occurs when an account that is a member of any defined [Special Group
- **Security ID** \[Type = SID\]**:** SID of account that requested logon for **New Logon** account. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested logon for **New Logon** account.
diff --git a/windows/keep-secure/event-4985.md b/windows/keep-secure/event-4985.md
index f9737372fc..914a8b1dfe 100644
--- a/windows/keep-secure/event-4985.md
+++ b/windows/keep-secure/event-4985.md
@@ -73,7 +73,7 @@ This is an informational event from file system [Transaction Manager](https://ms
- **Security ID** \[Type = SID\]**:** SID of account through which the state of the transaction was changed. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that changed the state of the transaction.
diff --git a/windows/keep-secure/event-5058.md b/windows/keep-secure/event-5058.md
index b8b0f16ef4..0f645ddfd2 100644
--- a/windows/keep-secure/event-5058.md
+++ b/windows/keep-secure/event-5058.md
@@ -81,7 +81,7 @@ You can see these events, for example, during certificate renewal or export oper
- **Security ID** \[Type = SID\]**:** SID of account that requested key file operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested key file operation.
diff --git a/windows/keep-secure/event-5059.md b/windows/keep-secure/event-5059.md
index 3a1b397f62..f07301148a 100644
--- a/windows/keep-secure/event-5059.md
+++ b/windows/keep-secure/event-5059.md
@@ -78,7 +78,7 @@ This event generates when a cryptographic key is exported or imported using a [K
- **Security ID** \[Type = SID\]**:** SID of account that requested key migration operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested key migration operation.
diff --git a/windows/keep-secure/event-5061.md b/windows/keep-secure/event-5061.md
index 886a4d7aba..47baeb41ab 100644
--- a/windows/keep-secure/event-5061.md
+++ b/windows/keep-secure/event-5061.md
@@ -78,7 +78,7 @@ This event generates when a cryptographic operation (open key, create key, creat
- **Security ID** \[Type = SID\]**:** SID of account that requested specific cryptographic operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested specific cryptographic operation.
diff --git a/windows/keep-secure/event-5136.md b/windows/keep-secure/event-5136.md
index 3350dca361..7ff77e2c64 100644
--- a/windows/keep-secure/event-5136.md
+++ b/windows/keep-secure/event-5136.md
@@ -83,7 +83,7 @@ For a change operation you will typically see two 5136 events for one action, wi
- **Security ID** \[Type = SID\]**:** SID of account that requested the “modify object” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “modify object” operation.
diff --git a/windows/keep-secure/event-5137.md b/windows/keep-secure/event-5137.md
index 892245d530..6811c8a0cf 100644
--- a/windows/keep-secure/event-5137.md
+++ b/windows/keep-secure/event-5137.md
@@ -77,7 +77,7 @@ This event only generates if the parent object has a particular entry in its [SA
- **Security ID** \[Type = SID\]**:** SID of account that requested the “create object” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “create object” operation.
diff --git a/windows/keep-secure/event-5138.md b/windows/keep-secure/event-5138.md
index 84e80ff027..74f1c3211e 100644
--- a/windows/keep-secure/event-5138.md
+++ b/windows/keep-secure/event-5138.md
@@ -78,7 +78,7 @@ This event only generates if the container to which the Active Directory object
- **Security ID** \[Type = SID\]**:** SID of account that requested that the object be undeleted or restored. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** name of account that requested that the object be undeleted or restored.
diff --git a/windows/keep-secure/event-5139.md b/windows/keep-secure/event-5139.md
index 7399a33b15..e596740636 100644
--- a/windows/keep-secure/event-5139.md
+++ b/windows/keep-secure/event-5139.md
@@ -78,7 +78,7 @@ This event only generates if the destination object has a particular entry in it
- **Security ID** \[Type = SID\]**:** SID of account that requested the “move object” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “move object” operation.
diff --git a/windows/keep-secure/event-5140.md b/windows/keep-secure/event-5140.md
index be40b7a2d5..44b1805626 100644
--- a/windows/keep-secure/event-5140.md
+++ b/windows/keep-secure/event-5140.md
@@ -79,7 +79,7 @@ This event generates once per session, when first access attempt was made.
- **Security ID** \[Type = SID\]**:** SID of account that requested access to network share object. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested access to network share object.
diff --git a/windows/keep-secure/event-5141.md b/windows/keep-secure/event-5141.md
index 238b70281d..6ead5872b1 100644
--- a/windows/keep-secure/event-5141.md
+++ b/windows/keep-secure/event-5141.md
@@ -78,7 +78,7 @@ This event only generates if the deleted object has a particular entry in its [S
- **Security ID** \[Type = SID\]**:** SID of account that requested the “delete object” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “delete object” operation.
diff --git a/windows/keep-secure/event-5142.md b/windows/keep-secure/event-5142.md
index 418a6387f7..b9b90bbcae 100644
--- a/windows/keep-secure/event-5142.md
+++ b/windows/keep-secure/event-5142.md
@@ -70,7 +70,7 @@ This event generates every time network share object was added.
- **Security ID** \[Type = SID\]**:** SID of account that requested the “add network share object” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “add network share object” operation.
diff --git a/windows/keep-secure/event-5143.md b/windows/keep-secure/event-5143.md
index 30c4977b0c..1ed2dbad97 100644
--- a/windows/keep-secure/event-5143.md
+++ b/windows/keep-secure/event-5143.md
@@ -79,7 +79,7 @@ This event generates every time network share object was modified.
- **Security ID** \[Type = SID\]**:** SID of account that requested the “modify network share object” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “modify network share object” operation.
diff --git a/windows/keep-secure/event-5144.md b/windows/keep-secure/event-5144.md
index d74e6e0c0e..ae5d2876a3 100644
--- a/windows/keep-secure/event-5144.md
+++ b/windows/keep-secure/event-5144.md
@@ -70,7 +70,7 @@ This event generates every time a network share object is deleted.
- **Security ID** \[Type = SID\]**:** SID of account that requested the “delete network share object” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “delete network share object” operation.
diff --git a/windows/keep-secure/event-5145.md b/windows/keep-secure/event-5145.md
index 1370cc6fe1..5982d03bce 100644
--- a/windows/keep-secure/event-5145.md
+++ b/windows/keep-secure/event-5145.md
@@ -79,7 +79,7 @@ This event generates every time network share object (file or folder) was access
- **Security ID** \[Type = SID\]**:** SID of account that requested access to network share object. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested access to network share object.
diff --git a/windows/keep-secure/event-5168.md b/windows/keep-secure/event-5168.md
index 44c9fe20cc..dd270b6b5f 100644
--- a/windows/keep-secure/event-5168.md
+++ b/windows/keep-secure/event-5168.md
@@ -75,7 +75,7 @@ It often happens because of NTLMv1 or LM protocols usage from client side when
- **Security ID** \[Type = SID\]**:** SID of account for which SPN check operation was failed. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account for which SPN check operation was failed.
diff --git a/windows/keep-secure/event-5376.md b/windows/keep-secure/event-5376.md
index 16034db84c..0b315361cf 100644
--- a/windows/keep-secure/event-5376.md
+++ b/windows/keep-secure/event-5376.md
@@ -72,7 +72,7 @@ This event generates on domain controllers, member servers, and workstations.
- **Security ID** \[Type = SID\]**:** SID of account that performed the backup operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that performed the backup operation.
diff --git a/windows/keep-secure/event-5377.md b/windows/keep-secure/event-5377.md
index c50b35c2f4..48cda08bc0 100644
--- a/windows/keep-secure/event-5377.md
+++ b/windows/keep-secure/event-5377.md
@@ -72,7 +72,7 @@ This event generates on domain controllers, member servers, and workstations.
- **Security ID** \[Type = SID\]**:** SID of account that performed the restore operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that performed the restore operation.
diff --git a/windows/keep-secure/event-5378.md b/windows/keep-secure/event-5378.md
index 066229425a..ed01eb2676 100644
--- a/windows/keep-secure/event-5378.md
+++ b/windows/keep-secure/event-5378.md
@@ -74,7 +74,7 @@ It typically occurs when [CredSSP](https://msdn.microsoft.com/en-us/library/cc22
- **Security ID** \[Type = SID\]**:** SID of account that requested credentials delegation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested credentials delegation.
diff --git a/windows/keep-secure/event-5888.md b/windows/keep-secure/event-5888.md
index 4e35780a9c..cb5a4a5432 100644
--- a/windows/keep-secure/event-5888.md
+++ b/windows/keep-secure/event-5888.md
@@ -73,7 +73,7 @@ For some reason this event belongs to [Audit System Integrity](event-5890.md) su
- **Security ID** \[Type = SID\]**:** SID of account that requested the “modify/change object” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “modify/change object” operation.
diff --git a/windows/keep-secure/event-5889.md b/windows/keep-secure/event-5889.md
index 7e24a156f3..a49c9b83d0 100644
--- a/windows/keep-secure/event-5889.md
+++ b/windows/keep-secure/event-5889.md
@@ -73,7 +73,7 @@ For some reason this event belongs to [Audit System Integrity](event-5890.md) su
- **Security ID** \[Type = SID\]**:** SID of account that requested the “delete object” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “delete object” operation.
diff --git a/windows/keep-secure/event-5890.md b/windows/keep-secure/event-5890.md
index 896689a521..3618c15b54 100644
--- a/windows/keep-secure/event-5890.md
+++ b/windows/keep-secure/event-5890.md
@@ -73,7 +73,7 @@ For some reason this event belongs to [Audit System Integrity](event-5890.md) su
- **Security ID** \[Type = SID\]**:** SID of account that requested the “add object” operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the “add object” operation.
diff --git a/windows/keep-secure/event-6416.md b/windows/keep-secure/event-6416.md
index 9f93d86eb0..3b770a8e88 100644
--- a/windows/keep-secure/event-6416.md
+++ b/windows/keep-secure/event-6416.md
@@ -87,7 +87,7 @@ This event generates, for example, when a new external device is connected or en
- **Security ID** \[Type = SID\]**:** SID of account that registered the new device. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that registered the new device.
diff --git a/windows/keep-secure/event-6419.md b/windows/keep-secure/event-6419.md
index b874b2ea54..9dffec1741 100644
--- a/windows/keep-secure/event-6419.md
+++ b/windows/keep-secure/event-6419.md
@@ -77,7 +77,7 @@ This event doesn’t mean that device was disabled.
- **Security ID** \[Type = SID\]**:** SID of account that made the request. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that made the request.
diff --git a/windows/keep-secure/event-6420.md b/windows/keep-secure/event-6420.md
index ec339814ea..0ff9a1dab6 100644
--- a/windows/keep-secure/event-6420.md
+++ b/windows/keep-secure/event-6420.md
@@ -75,7 +75,7 @@ This event generates every time specific device was disabled.
- **Security ID** \[Type = SID\]**:** SID of account that disabled the device. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that disabled the device.
diff --git a/windows/keep-secure/event-6421.md b/windows/keep-secure/event-6421.md
index ea9ce9c6a5..cf2110f150 100644
--- a/windows/keep-secure/event-6421.md
+++ b/windows/keep-secure/event-6421.md
@@ -77,7 +77,7 @@ This event doesn’t mean that device was enabled.
- **Security ID** \[Type = SID\]**:** SID of account that made the request. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that made the request.
diff --git a/windows/keep-secure/event-6422.md b/windows/keep-secure/event-6422.md
index fb59fad3bf..c0eec81d34 100644
--- a/windows/keep-secure/event-6422.md
+++ b/windows/keep-secure/event-6422.md
@@ -75,7 +75,7 @@ This event generates every time specific device was enabled.
- **Security ID** \[Type = SID\]**:** SID of account that enabled the device. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that enabled the device.
diff --git a/windows/keep-secure/event-6423.md b/windows/keep-secure/event-6423.md
index 09e75dc4cd..0e43d751c3 100644
--- a/windows/keep-secure/event-6423.md
+++ b/windows/keep-secure/event-6423.md
@@ -77,7 +77,7 @@ Device installation restriction group policies are located here: **\\Computer Co
- **Security ID** \[Type = SID\]**:** SID of account that forbids the device installation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
-> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security Identifiers](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379571(v=vs.85).aspx).
+> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](security-identifiers.md).
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that forbids the device installation.
diff --git a/windows/keep-secure/local-accounts.md b/windows/keep-secure/local-accounts.md
index 3507e2b4cb..3e94ade971 100644
--- a/windows/keep-secure/local-accounts.md
+++ b/windows/keep-secure/local-accounts.md
@@ -48,7 +48,7 @@ This topic describes the following:
- [Create unique passwords for local accounts with administrative rights](#sec-create-unique-passwords)
-For information about security principals, see [Security Principals Technical Overview](security-principals.md).
+For information about security principals, see [Security Principals](security-principals.md).
## Default local user accounts
@@ -99,7 +99,7 @@ As a security best practice, use your local (non-Administrator) account to sign
In comparison, on the Windows client operating system, a user with a local user account that has Administrator rights is considered the system administrator of the client computer. The first local user account that is created during installation is placed in the local Administrators group. However, when multiple users run as local administrators, the IT staff has no control over these users or their client computers.
-In this case, Group Policy can be used to enable secure settings that can control the use of the local Administrators group automatically on every server or client computer. For more information about Group Policy, see [Group Policy Overview](http://technet.microsoft.com/library/hh831791.aspx) and [Group Policy](http://technet.microsoft.com/windowsserver/bb310732.aspx).
+In this case, Group Policy can be used to enable secure settings that can control the use of the local Administrators group automatically on every server or client computer. For more information about Group Policy, see [Group Policy Overview](http://technet.microsoft.com/library/hh831791.aspx).
**Note**
Blank passwords are not allowed in the versions designated in the **Applies To** list at the beginning of this topic.
@@ -141,7 +141,7 @@ The security identifiers (SIDs) that pertain to the default HelpAssistant accoun
For the Windows Server operating system, Remote Assistance is an optional component that is not installed by default. You must install Remote Assistance before it can be used.
-In comparison, for the Windows client operating system, the HelpAssistant account is enabled on installation by default. For more information about remote desktop connections for those client operating systems designated in the **Applies To** list at the beginning of this topic, see [Enable Remote Desktop](http://technet.microsoft.com/library/dd744299.aspx).
+In comparison, for the Windows client operating system, the HelpAssistant account is enabled on installation by default.
## Default local system accounts
@@ -200,7 +200,7 @@ In addition, UAC can require administrators to specifically approve applications
For example, a default feature of UAC is shown when a local account signs in from a remote computer by using Network logon (for example, by using NET.EXE USE). In this instance, it is issued a standard user token with no administrative rights, but with the ability to request or receive elevation. Consequently, local accounts that sign in by using Network logon cannot access administrative shares such as C$, or ADMIN$, or perform any remote administration.
-For summary information about UAC, see [User Account Control](http://technet.microsoft.com/library/cc731416.aspx). For detailed information about special conditions when you use UAC, see [User Account Control](http://technet.microsoft.com/library/cc772207.aspx).
+For more information about UAC, see [User Account Control](user-account-control-overview.md).
The following table shows the Group Policy and registry settings that are used to enforce local account restrictions for remote access.
@@ -384,10 +384,7 @@ The following table shows the Group Policy settings that are used to deny networ
|
Policy name |
-[Deny log on through Remote Desktop Services](deny-log-on-through-remote-desktop-services.md)
-(Windows Server 2008 R2 and later.)
-Deny logon through Terminal Services
-(Windows Server 2008) |
+[Deny log on through Remote Desktop Services](deny-log-on-through-remote-desktop-services.md) |
|
@@ -437,23 +434,16 @@ The following table shows the Group Policy settings that are used to deny networ
1. Navigate to Computer Configuration\\Policies\\Windows Settings and Local Policies, and then click **User Rights Assignment**.
- **Note**
- Depending on the Windows operating system, you can choose the name of the Remote Interactive logon user right.
+ 2. Double-click **Deny log on through Remote Desktop Services**, and then select **Define these settings**.
-
-
- 2. On computers that run Windows Server 2008, double-click **Deny logon through Terminal Services**, and then select **Define these policy settings**.
-
- 3. On computers running Windows Server 2012 R2, Windows Server 2012, and Windows Server 2008 R2, double-click **Deny logon through Remote Desktop Services**, and then select **Define these settings**.
-
- 4. Click **Add User or Group**, type the user name of the default Administrator account, and > **OK**. (The default name is Administrator on US English installations, but it can be renamed either by policy or manually.
+ 3. Click **Add User or Group**, type the user name of the default Administrator account, and > **OK**. (The default name is Administrator on US English installations, but it can be renamed either by policy or manually.
**Important**
In the **User and group names** box, type the user name of the account that you identified at the start of this process. Do not click **Browse** and do not type the domain name or the local computer name in this dialog box. For example, type only **Administrator**. If the text that you typed resolves to a name that is underlined or includes a domain name, it restricts the wrong account and causes this mitigation to work incorrectly. Also, be careful that you do not enter the group name Administrator because this also blocks domain accounts in that group.
- 5. For any additional local accounts in the Administrators group on all of the workstations that you are setting up, click **Add User or Group**, type the user names of these accounts in the dialog box in the same manner as the previous step, and > **OK**.
+ 4. For any additional local accounts in the Administrators group on all of the workstations that you are setting up, click **Add User or Group**, type the user names of these accounts in the dialog box in the same manner as the previous step, and > **OK**.
8. Link the GPO to the first **Workstations** OU as follows:
@@ -498,16 +488,8 @@ Passwords can be randomized by:
The following resources provide additional information about technologies that are related to local accounts.
-- [Security Principals Technical Overview](security-principals.md)
+- [Security Principals](security-principals.md)
-- [Security Identifiers Technical Overview](security-identifiers.md)
+- [Security Identifiers](security-identifiers.md)
- [Access Control Overview](access-control.md)
-
-
-
-
-
-
-
-
diff --git a/windows/keep-secure/microsoft-accounts.md b/windows/keep-secure/microsoft-accounts.md
index 2c38dba1d0..6fe85fb192 100644
--- a/windows/keep-secure/microsoft-accounts.md
+++ b/windows/keep-secure/microsoft-accounts.md
@@ -155,14 +155,6 @@ Within your organization, you can set application control policies to regulate a
## See also
+- [Managing Privacy: Using a Microsoft Account to Logon and Resulting Internet Communication](https://technet.microsoft.com/library/jj884082(v=ws.11).aspx)
-[Managing Privacy: Using a Microsoft Account to Logon and Resulting Internet Communication](https://technet.microsoft.com/library/jj884082(v=ws.11).aspx)
-
-
-
-
-
-
-
-
-
+- [Access Control Overview](access-control.md)
diff --git a/windows/keep-secure/security-identifiers.md b/windows/keep-secure/security-identifiers.md
index 76c632236f..72f2b8e95b 100644
--- a/windows/keep-secure/security-identifiers.md
+++ b/windows/keep-secure/security-identifiers.md
@@ -41,7 +41,7 @@ SIDs always remain unique. Security authorities never issue the same SID twice,
## Security identifier architecture
-A security identifier is a data structure in binary format that contains a variable number of values. The first values in the structure contain information about the SID structure. The remaining values are arranged in a hierarchy (similar to a telephone number), and they identify the SID-issuing authority (for example, the Windows Server 2012 operating system), the SID-issuing domain, and a particular security principal or group. The following image illustrates the structure of a SID.
+A security identifier is a data structure in binary format that contains a variable number of values. The first values in the structure contain information about the SID structure. The remaining values are arranged in a hierarchy (similar to a telephone number), and they identify the SID-issuing authority (for example, “NT Authority”), the SID-issuing domain, and a particular security principal or group. The following image illustrates the structure of a SID.
diff --git a/windows/keep-secure/security-principals.md b/windows/keep-secure/security-principals.md
index c91126837d..8bf4f7abd7 100644
--- a/windows/keep-secure/security-principals.md
+++ b/windows/keep-secure/security-principals.md
@@ -138,10 +138,6 @@ For descriptions and settings information about the domain security groups that
For descriptions and settings information about the Special Identities group, see [Special Identities](special-identities.md).
-
-
-
-
-
-
+## See also
+- [Access Control Overview](access-control.md)
\ No newline at end of file
diff --git a/windows/keep-secure/service-accounts.md b/windows/keep-secure/service-accounts.md
index 3996bebaf3..e326562c98 100644
--- a/windows/keep-secure/service-accounts.md
+++ b/windows/keep-secure/service-accounts.md
@@ -102,55 +102,8 @@ Virtual accounts apply to the Windows operating systems that are designated in t
The following table provides links to additional resources that are related to standalone managed service accounts, group managed service accounts, and virtual accounts.
-
-
-
-
-
-
-
-
-
-
-Product evaluation |
-[What's New for Managed Service Accounts](https://technet.microsoft.com/library/hh831451(v=ws.11).aspx)
-[Managed Service Accounts Documentation for Windows 7 and Windows Server 2008 R2](http://technet.microsoft.com/library/ff641731.aspx)
-[Service Accounts Step-by-Step Guide](http://technet.microsoft.com/library/dd548356.aspx)
-[Getting Started with Group Managed Service Accounts](https://technet.microsoft.com/library/jj128431(v=ws.11).aspx) |
-
-
-Deployment |
-[Windows Server 2012: Group Managed Service Accounts - Ask Premier Field Engineering (PFE) Platforms - Site Home - TechNet Blogs](http://blogs.technet.com/b/askpfeplat/archive/2012/12/17/windows-server-2012-group-managed-service-accounts.aspx) |
-
-
-Operations |
-[Managed Service Accounts in Active Directory](http://technet.microsoft.com/library/dd378925.aspx) |
-
-
-Tools and settings |
-[Managed Service Accounts in Active Directory Domain Services](http://technet.microsoft.com/library/dd378925.aspx) |
-
-
-Community resources |
-[Managed Service Accounts: Understanding, Implementing, Best Practices, and Troubleshooting](http://blogs.technet.com/b/askds/archive/2009/09/10/managed-service-accounts-understanding-implementing-best-practices-and-troubleshooting.aspx) |
-
-
-Related technologies |
-[Security Principals Technical Overview](security-principals.md)
-[What's new in Active Directory Domain Services](https://technet.microsoft.com/library/mt163897.aspx) |
-
-
-
-
-
-
-
-
-
-
-
-
-
+| Content type | References |
+|---------------|-------------|
+| **Product evaluation** | [What's New for Managed Service Accounts](https://technet.microsoft.com/library/hh831451(v=ws.11).aspx)
[Getting Started with Group Managed Service Accounts](https://technet.microsoft.com/library/jj128431(v=ws.11).aspx) |
+| **Deployment** | [Windows Server 2012: Group Managed Service Accounts - Ask Premier Field Engineering (PFE) Platforms - Site Home - TechNet Blogs](http://blogs.technet.com/b/askpfeplat/archive/2012/12/17/windows-server-2012-group-managed-service-accounts.aspx) |
+| **Related technologies** | [Security Principals](security-principals.md)
[What's new in Active Directory Domain Services](https://technet.microsoft.com/library/mt163897.aspx) |
\ No newline at end of file
diff --git a/windows/keep-secure/special-identities.md b/windows/keep-secure/special-identities.md
index 69c4ad8674..2e3aa71e3e 100644
--- a/windows/keep-secure/special-identities.md
+++ b/windows/keep-secure/special-identities.md
@@ -1002,21 +1002,10 @@ Any user accessing the system through Terminal Services has the Terminal Server
-
-
## See also
+- [Active Directory Security Groups](active-directory-security-groups.md)
-[Active Directory Security Groups](active-directory-security-groups.md)
-
-
-[Security Principals Technical Overview](security-principals.md)
-
-
-
-
-
-
-
-
+- [Security Principals](security-principals.md)
+- [Access Control Overview](access-control.md)
\ No newline at end of file
diff --git a/windows/keep-secure/windows-security-baselines.md b/windows/keep-secure/windows-security-baselines.md
index b6fb29abb1..770c21fa50 100644
--- a/windows/keep-secure/windows-security-baselines.md
+++ b/windows/keep-secure/windows-security-baselines.md
@@ -25,7 +25,7 @@ customers.
Security baselines are an essential benefit to customers because they bring together expert knowlege from Microsoft, partners, and customers.
-For example, there are over 3,000 Group Policy settings for Windows 10, which does not include over 1,800 Internet Explorer 11 settings. Of those 3,800 settings, only some of them are security-related. While Microsoft provides extensive guidance on different security features, going through each of them can take a long time. You would have to determine the security impact of each setting on your own. After you've done that, you still need to determine what values each of these settings should be.
+For example, there are over 3,000 Group Policy settings for Windows 10, which does not include over 1,800 Internet Explorer 11 settings. Of those 4,800 settings, only some of them are security-related. While Microsoft provides extensive guidance on different security features, going through each of them can take a long time. You would have to determine the security impact of each setting on your own. After you've done that, you still need to determine what values each of these settings should be.
In modern organizations, the security threat landscape is constantly evolving. IT pros and policy makers must keep current with security threats and changes to Windows security settings to help mitigate these threats.
diff --git a/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index f3194a4699..4c01926131 100644
--- a/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -309,7 +309,7 @@ You can prevent Windows from setting the time automatically.
-or-
-- Create a REG\_SZ registry setting in **HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\W32Time\\Parameters** with a value of **NoSync**.
+- Create a REG\_SZ registry setting in **HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\W32Time\\Parameters\\Type** with a value of **NoSync**.
### 3. Device metadata retrieval
|