When you talk about SIDs in the context of files, you are probably referring to security descriptors. https://docs.microsoft.com/en-us/windows/desktop/api/winnt/ns-winnt-_security_descriptor
A security descriptor contains several SIDs: there's the owner SID, the group SID, and every ACE in the DACL and SACL has a SID too.
To change a security descriptor (for example change an SID in the security descriptor), you need the right to change the security descriptor, and that is encoded in the DACL (Discretionary Access Control List).
If you don't have the necessary rights, you could add the necessary right to the DACL provided that 1) you are the owner or 2) you can take ownership (if you are admin or system for example).
Security Descriptors are also copied when a file is copied, provided that the destination disk supports security descriptors. That is the case with the NTFS file system, but if you copy files to a USB stick for example, then it's likely that another file system than NTFS is being used, and then security descriptors are not supported and will thus not be copied.
Oh yeah, I forgot to add this: in case you would not be aware, making a copy of a file already changes the security descriptor. For example, on a Windows 10 machine file C:\Windows\notepad.exe is owned by TrustedInstaller (you can see that in the security descriptor). If you copy that file, for example to your desktop, then your user account will become the owner of copied file notepad.exe. The original owner SID in the security descriptor is changed to your SID.
Edited by Didier Stevens, 11 August 2018 - 05:54 AM.
SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.
Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"