All, Many thanks for the assistance in clearing this up. The issue was indeed with a changed SID to the server due to imaged installs. -----Original Message----- From: Dan Cuthbert [mailto:dcuthbertat_private] Sent: 28 May 2002 17:59 To: Mark Fagan Cc: incidentsat_private Subject: Re: strange account in Win2k Is this machine part of a Domain? if so that is normally the domain acc * Mark Fagan (Mark.Faganat_private) Tapped away: > While setting additional privileges on a Win2k webserver I noticed that > certain privileges (logon as batch job, act as part of o/s, logon locally > and network) were applied to a very strange account - > *S-1-5-21-527237240-162531612-725345543-1008 which is not seen as a user > account. Any ideas folks ? > > Mark Fagan > TDA > Esat Business > 1 Grand Canal Quay > Dublin 2, Ireland. > E mark.faganat_private > www.esatbusiness.com > > > > > > ************************************************************************ > This email and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom they are addressed. > If you have received this email in error please notify the system manager. > > http://www.esatbusiness.com > > Subscribe to the Esat Business Online Magazine: > http://www.esatbusiness.com/news/subscribe.asp > > Subscribe to REALISE - the online magazine from BT Ignite: > http://www.btignite.com/realise > > ************************************************************************ > > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > Dan Cuthbert Network Security Consultant IdSec Key fingerprint = 9BFB 60F1 1B46 F9F0 4E2C 84A6 8D04 E771 54A6 1116 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ************************************************************************ This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. http://www.esatbusiness.com Subscribe to the Esat Business Online Magazine: http://www.esatbusiness.com/news/subscribe.asp Subscribe to REALISE - the online magazine from BT Ignite: http://www.btignite.com/realise ************************************************************************ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed May 29 2002 - 08:50:25 PDT