Security Principal Format
When working with Transparent Lock Screen settings at a low level, such as the registry, AD group policies, or directly with RFID card data files, you may need to specify Windows security principals (users, groups, or computers) in a format specific to Transparent Lock Screen. The format is designed to work both with and without Active Directory.
Security principals can be specified in one of the following formats:
sid:<PrincipalSID>
Example
sid:S-1-5-32-544
user:<UserName>
Examples
user:Contoso\JohnSmith
user:.\john
user:john
group:<GroupName>
Examples
group:Contoso\Domain Users
group:.\Sunday Workers
group:Administrators
computer:<ComputerName>
Example
Use the plain NetBIOS computer name. computer:WORKSTATION-01
Notes
- If you are specifying multiple security principals, use one per line.
- The principal type prefix (
sid:,user:,group:, orcomputer:) is mandatory. - When specifying by name, both domain and local accounts are supported.
- Using SIDs is strongly recommended in Active Directory environments to avoid issues if a user, group, or computer is renamed.
In environments without Active Directory, SIDs can be used only if settings are not distributed between multiple machines. - In these examples,
Contosorepresents the Active Directory domain name. Use.to specify a local user or group.
If no domain or.is specified, the system will check both local and domain accounts.
Using.allows settings to be distributed across multiple machines in a workgroup environment.