Usually you will see that if for some reason the server cannot refresh the account information for that particular user. Especially if the accounts are hosted on a separate machine (domain controller, etc...) Double-check to be sure that communication between the webserver, and wherever the account host resides are stable, and try to refresh the screen. If the account information does not get resolved, then either the original account has been deleted from the controller, or that account has been corrupted in some fashion. (I've seen it happen here a number of times. Usually I deleted an account, and forgot to remove it from some other machine where it was explicitly given access to some resource.) All you are seeing there is the fashion that Win2k actually records the lists of who has access to what. <======= AJ Decker ======> <==== System Manager ====> <=School of Architecture=> <== Temple University ===> <==== (215) 204-2270 ====> | This message was sent | | using 100% recycled | | electrons. | -----Original Message----- From: Mark Fagan [mailto:Mark.Faganat_private] Sent: Tuesday, May 28, 2002 11:30 AM To: incidentsat_private Subject: strange account in Win2k While setting additional privileges on a Win2k webserver I noticed that certain privileges (logon as batch job, act as part of o/s, logon locally and network) were applied to a very strange account - *S-1-5-21-527237240-162531612-725345543-1008 which is not seen as a user account. Any ideas folks ? ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue May 28 2002 - 11:22:26 PDT