(Ooh, this was a fun one! I went on a wild goose chase, as they say, trying to get the Win32_SID instance, which is a singleton and not enumerable by the usual InstancesOf or Query methods... yadda yadda yadda.)

（哦，这很有趣！正如他们所说，我进行了一场疯狂的追逐，试图获得 Win32_SID 实例，这是一个单例，无法通过通常的 InstancesOf 或 Query 方法枚举...... yadda yadda yadda。）

Well, it depends which computer SID you want (seriously!). There's the SID that the local computer uses for itself... For this, you just need to get the SID of the local Administrator user, and remove the "-500" from the end to get the computer's SID.

好吧，这取决于您想要哪种计算机 SID（说真的！）。有本地计算机自己使用的SID...为此，您只需获取本地Administrator用户的SID，并从末尾删除“-500”即可获得计算机的SID。

In VBScript, it looks like this:

在VBScript 中，它看起来像这样：

strComputer = "AFAPC001"
strUsername = "Administrator"
Set objWMIService = GetObject("winmgmts:\" & strComputer & "\root\cimv2")
Set objAccount = objWMIService.Get("Win32_UserAccount.Name='" & strUsername & "',Domain='" & strComputer & "'")
WScript.Echo "Administrator account SID: " & objAccount.SID
WScript.Echo "Computer's SID: " & Left(objAccount.SID, Len(objAccount.SID) - 4)

In PowerShell, like this:

在PowerShell 中，像这样：

function get-sid
{
    Param ( $DSIdentity )
    $ID = new-object System.Security.Principal.NTAccount($DSIdentity)
    return $ID.Translate( [System.Security.Principal.SecurityIdentifier] ).toString()
}
> $admin = get-sid "Administrator"
> $admin.SubString(0, $admin.Length - 4)

In C#on .NET 3.5:

在.NET 3.5 上的C# 中：

using System;
using System.Security.Principal;
using System.DirectoryServices;
using System.Linq;
public static SecurityIdentifier GetComputerSid()
{
    return new SecurityIdentifier((byte[])new DirectoryEntry(string.Format("WinNT://{0},Computer", Environment.MachineName)).Children.Cast<DirectoryEntry>().First().InvokeGet("objectSID"), 0).AccountDomainSid;
}

Results from all of these match the response I get from PsGetSid.exe.

所有这些的结果与我从PsGetSid.exe得到的响应相匹配。

On the other hand, there's the SID that Active Directory uses to identify each domain member computer... That one you fetch by getting the SID of the machine account in the domain--the one that ends with a dollar sign.

另一方面，Active Directory 使用 SID 来标识每台域成员计算机……您可以通过获取域中计算机帐户的 SID 来获取该 SID —— 以美元符号结尾的 SID。

E.g., using the above PowerShell function for a domain member called "CLIENT", you can type get-sid "CLIENT$".

例如，对名为“CLIENT”的域成员使用上述 PowerShell 函数，您可以键入get-sid "CLIENT$".

You can simply run reg query HKLM\SOFTWARE\Microsoft\Cryptography /v MachineGuidfrom Windows command line.

您可以简单地reg query HKLM\SOFTWARE\Microsoft\Cryptography /v MachineGuid从 Windows 命令行运行。

Here is Windows batch file example:

这是 Windows 批处理文件示例：

set KEY_REGKEY=HKLM\SOFTWARE\Microsoft\Cryptography
set KEY_REGVAL=MachineGuid

REM Check for presence of key first.
reg query %KEY_REGKEY% /v %KEY_REGVAL% 2>nul || (echo No theme name present! & exit /b 1)

REM query the value. pipe it through findstr in order to find the matching line that has the value. only grab token 3 and the remainder of the line. %%b is what we are interested in here.
set KEY_NAME=
for /f "tokens=2,*" %%a in ('reg query %KEY_REGKEY% /v %KEY_REGVAL% ^| findstr %KEY_REGVAL%') do (
    set KEY_NAME=%%b
)
echo %KEY_NAME%

Found a tool from microsoft website which can get you the SID easily

从微软网站上找到了一个可以轻松获取 SID 的工具

http://technet.microsoft.com/en-us/sysinternals/bb897417.aspx

http://technet.microsoft.com/en-us/sysinternals/bb897417.aspx

Just download the file, unzip it, open a command prompt and then run psgetsid.exe.

只需下载文件，解压缩，打开命令提示符，然后运行 ​​psgetsid.exe。

There are some good explanation on SID from microsoft website as well

微软网站上的 SID 也有一些很好的解释

http://blogs.msdn.com/b/aaron_margosis/archive/2009/11/05/machine-sids-and-domain-sids.aspx

http://blogs.msdn.com/b/aaron_margosis/archive/2009/11/05/machine-sids-and-domain-sids.aspx