Remaining SID's left behind after account deletion

From: Jeff.Wichman@junebox.com
Date: 09/28/01

• Previous message: Lawrence Sica: "Re: By the numbers: Comparing Windows security to Linux"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Message-ID: <3690BA4B41DAB94885106CB8C3714534D444@jbsmail1.junebox.com>
From: Jeff.Wichman@junebox.com
To: focus-ms@securityfocus.com
Subject: Remaining SID's left behind after account deletion
Date: Fri, 28 Sep 2001 11:33:06 -0500

Not sure if I am correct in my assumptions but I would like to find out from
the community before I break something. 8)

In the Domain Security Policy Settings I have some SIDs remaining that are
in their binary form (S-I-1-3-4-####...) I believe these were left behind
from an account being deleted from the domain but I am not positive. Is it
safe to delete these SID's? I have looked through the TechNet site and
found noting much in the way of help. These SID's appear under the "act as
part of operating system, Log on locally, Log on a batch job" and some other
settings and this is the reason for my concern before I go and delete them.

I found these because event viewer is giving these errors:

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: 9/28/2001
Time: 11:29:01 AM
User: NT AUTHORITY\SYSTEM
Computer: ServerName
Description:
The Group Policy client-side extension Security was passed flags (17) and
returned a failure status code of (1332).

Event Type: Warning
Event Source: SceCli
Event Category: None
Event ID: 1202
Date: 9/28/2001
Time: 11:29:01 AM
User: N/A
Computer: ServerName
Description:
Security policies are propagated with warning. 0x534 : No mapping between
account names and security IDs was done.
Please look for more details in TroubleShooting section in Security Help.

Any help would be greatly appreciated.

Thanks in advance.

Jeff

---

• Previous message: Lawrence Sica: "Re: By the numbers: Comparing Windows security to Linux"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Risks Digest 25.73 ... German electronic health card system failure ... Risks of the Cloud: Liquid Motors ... Oakland 2010, IEEE Symposium on Security and Privacy, CFP ... A friend's facebook account was hacked recently (a neat little short-term ... (comp.risks) Re: MBSA, Office Update, Versions, Failures ... I apologize for posting this to three groups (MBSA, Windows Update, ... with Domain User account. ... Microsoft Baseline Security Advisor (? ... Office 2000 Security Patches - Red X's, ... (microsoft.public.officeupdate) Re: write with cURL ... you can stop making excuses. ... up an account for you, process the billing, etc. ... possible features from a web site to make up for the security issues. ... Nothing you have told me shows me you know how to lock down a server ... (alt.php) Re: Basic Authentication fails with Error 401.2 where Integrated s ... On the IIS directory security tab, anonymous access is disabled, digest ... authentication is disabled, integrated authentication is disabled and basic ... account created has full permissions for the folder and the file that's in it. ... (microsoft.public.inetserver.iis.security) [NEWS] Vulnerability Enables Passport Account Hijackings (No Secret Question) ... Beyond Security in Canada ... to promote the most advanced vulnerability assessment solutions today. ... A newly disclosed vulnerability could enable attackers to reset the ... who needs to reset his account password can be manipulated by attackers on ... (Securiteam)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)