Re: S-1-5-21...



This link might be of some assistance and maybe help explain why
you're seeing the group:
http://www.cygwin.com/cygwin-ug-net/ntsec.html

Hope that helps.

--
Anthony Petito

On Mon, Jul 21, 2008 at 11:26 PM, Red Cat <redcat9876@xxxxxxxxx> wrote:

Hey,

Thanks a lot for the comments so far. I'm starting to grasp the basic
idea of SID's and AD. But now my question is, why does that user,
"None" or that SID S-1-5-21... appear only for this specific folder?
I'm almost 100% positive it has nothing to do with past accounts
because I've never deleted any to my knowledge. Why does it show up
now and only for this specific folder? The only thing different I can
think of is that this folder was created from a tarball using Cygwin.
(The tarball was downloaded from John the Ripper)... Does that have
anything to do with it? Is Cygwin or John the Ripper burrowing into my
system? Is that why it's coming up? Should I delete it? (I thought
John the Ripper was safe enough...) Once again, thanks for all the
great comments and thanks in advance.

On Mon, Jul 21, 2008 at 2:50 PM, Randhir Vayalambrone
<vayalambrones@xxxxxxxxx> wrote:
computername\none is a special group (hidden in the local users/groups mmc; try creating a user or a group named None on Windows, it will fail with an error group exists). None equates to the domain users in AD.
Read Keith Brown's "Programming Windows Security" (if it is still available) to understand the internals of Windows security.

Regards,
Randhir Vayalambrone



----- Original Message ----
From: Charles Hardin <fonestorm@xxxxxxxxx>
To: Erik Boles <eboles@xxxxxxxxxxx>
Cc: Dennis Li <dennis.li.sh@xxxxxxxxx>; Red Cat <redcat9876@xxxxxxxxx>; "focus-ms@xxxxxxxxxxxxxxxxx" <focus-ms@xxxxxxxxxxxxxxxxx>
Sent: Monday, 21 July, 2008 7:50:52 PM
Subject: Re: S-1-5-21...

You guys are missing the part that he said its COMPUTERNAME\none. This
means its a local account, nothing to do with AD. Im not that familiar
with vista users but I would not be suprised if this was some sort of
system generated account.

Charles Hardin


On Mon, Jul 21, 2008 at 2:37 PM, Erik Boles <eboles@xxxxxxxxxxx> wrote:
Also -- if the user is deleted from A-D that had access to that folder it will show the SID rather than the name of the user as that container for the user still exists, it just doesn't have a name any longer.
Erik





-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of Dennis Li
Sent: Monday, July 21, 2008 11:30 AM
To: Red Cat
Cc: focus-ms@xxxxxxxxxxxxxxxxx
Subject: Re: S-1-5-21...

Hi,

Normal, the user like 'S-1-5....' is a domain account. After your
computer is added into a domain (AD), the administrator account of the
domain is added to your local administrators group automatically. And
when you browse the security property of the folder, OS will query the
real name of that domain user. Before the query is done, you'll see
the name is 'S-x-x-xxx'.

Dennis

On Tue, Jul 22, 2008 at 12:56 AM, Red Cat <redcat9876@xxxxxxxxx> wrote:

Hey,

I have a question on something I saw on my computer today. I'm on a
Windows Vista. I was looking at some of the "properties" of some
folders in my "Public" folder and clicked on the "Security" tab. Then
I noticed my usual login user, "Everyone", and one other user, whose
id seemed to be S-1-5-21...and some numbers. Then after a couple
moments it turned into the user, "None" with (My computer name\None)
right next to it. I looked at the permissions it was given and
apparently it was given "Special Permissions." I was pretty sure I
didn't and never had created a user named "None". But I still checked
the Users folder to see if there was indeed a user named "None". There
wasn't. I even checked to see if there were any hidden users using the
"view hidden folder option", but there was no uesr by the name of
"None". I looked on google for some time but all I managed to find was
that it could possibly be a remnant from a past OS or something. But
this computer had Vista installed on it when I got it. Also, it might
be some sort of guest that was made for my computer or something. My
own speculation is that it has something to do with the fact that I
used Cygwin to open up a tarball and create this folder. Anyway, what
does this user mean? Why does it have special permissions? Is it some
sort of sign that I have a back door somewhere on my computer or that
I'm being keylogged or something? Thanks in advance.






--
Anthony Petito



Relevant Pages

  • Re: S-1-5-21...
    ... think of is that this folder was created from a tarball using Cygwin. ... system generated account. ... apparently it was given "Special Permissions." ... be some sort of guest that was made for my computer or something. ...
    (Focus-Microsoft)
  • Re: S-1-5-21...
    ... Read Keith Brown's "Programming Windows Security" to understand the internals of Windows security. ... system generated account. ... apparently it was given "Special Permissions." ... the Users folder to see if there was indeed a user named "None". ...
    (Focus-Microsoft)
  • Re: S-1-5-21...
    ... means its a local account, nothing to do with AD. Im not that familiar ... system generated account. ... apparently it was given "Special Permissions." ... the Users folder to see if there was indeed a user named "None". ...
    (Focus-Microsoft)
  • Re: Access Security Issue
    ... account ... I went into the folder and and the file and change ... > greyed out but checked for "Special Permissions" and "Write". ...
    (microsoft.public.dotnet.framework.adonet)
  • Re: Help with configuration
    ... to redirect their My Documents folder to a share on the fileserver. ... GPo, if it is already redirecting by default? ... account profile is blank, also). ... Your GPO settings do not apply to your Terminal Server. ...
    (microsoft.public.windows.terminal_services)