RE: strange account in Win2k

From: AJ Decker (aj.deckerat_private)
Date: Tue May 28 2002 - 10:56:31 PDT

  • Next message: Rick Darsey: "RE: strange account in Win2k"

    Usually you will see that if for some reason the server cannot refresh the
    account information for that particular user. Especially if the accounts are
    hosted on a separate machine (domain controller, etc...) Double-check to be
    sure that communication between the webserver, and wherever the account host
    resides are stable, and try to refresh the screen.
    If the account information does not get resolved, then either the original
    account has been deleted from the controller, or that account has been
    corrupted in some fashion. (I've seen it happen here a number of times.
    Usually I deleted an account, and forgot to remove it from some other
    machine where it was explicitly given access to some resource.)
    All you are seeing there is the fashion that Win2k actually records the
    lists of who has access to what.
    <======= AJ Decker ======>
    <==== System Manager ====>
    <=School of Architecture=>
    <== Temple University ===>
    <==== (215) 204-2270 ====>
    | This message was sent |
    |  using 100% recycled  |
    |       electrons.      |
    -----Original Message-----
    From: Mark Fagan [mailto:Mark.Faganat_private]
    Sent: Tuesday, May 28, 2002 11:30 AM
    To: incidentsat_private
    Subject: strange account in Win2k
    While setting additional privileges on a Win2k webserver  I noticed that
    certain privileges (logon as batch job, act as part of o/s, logon locally
    and network) were applied to a very strange account -
    *S-1-5-21-527237240-162531612-725345543-1008 which is not seen as a user
    account. Any ideas folks ?
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:

    This archive was generated by hypermail 2b30 : Tue May 28 2002 - 11:22:26 PDT