- From: "Anthony Petito" <anthonypetito@xxxxxxxxx>
- Date: Tue, 22 Jul 2008 20:18:51 -0500
This link might be of some assistance and maybe help explain why
you're seeing the group:
Hope that helps.
On Mon, Jul 21, 2008 at 11:26 PM, Red Cat <redcat9876@xxxxxxxxx> wrote:
Thanks a lot for the comments so far. I'm starting to grasp the basic
idea of SID's and AD. But now my question is, why does that user,
"None" or that SID S-1-5-21... appear only for this specific folder?
I'm almost 100% positive it has nothing to do with past accounts
because I've never deleted any to my knowledge. Why does it show up
now and only for this specific folder? The only thing different I can
think of is that this folder was created from a tarball using Cygwin.
(The tarball was downloaded from John the Ripper)... Does that have
anything to do with it? Is Cygwin or John the Ripper burrowing into my
system? Is that why it's coming up? Should I delete it? (I thought
John the Ripper was safe enough...) Once again, thanks for all the
great comments and thanks in advance.
On Mon, Jul 21, 2008 at 2:50 PM, Randhir Vayalambrone
computername\none is a special group (hidden in the local users/groups mmc; try creating a user or a group named None on Windows, it will fail with an error group exists). None equates to the domain users in AD.
Read Keith Brown's "Programming Windows Security" (if it is still available) to understand the internals of Windows security.
----- Original Message ----
From: Charles Hardin <fonestorm@xxxxxxxxx>
To: Erik Boles <eboles@xxxxxxxxxxx>
Cc: Dennis Li <dennis.li.sh@xxxxxxxxx>; Red Cat <redcat9876@xxxxxxxxx>; "focus-ms@xxxxxxxxxxxxxxxxx" <focus-ms@xxxxxxxxxxxxxxxxx>
Sent: Monday, 21 July, 2008 7:50:52 PM
Subject: Re: S-1-5-21...
You guys are missing the part that he said its COMPUTERNAME\none. This
means its a local account, nothing to do with AD. Im not that familiar
with vista users but I would not be suprised if this was some sort of
system generated account.
On Mon, Jul 21, 2008 at 2:37 PM, Erik Boles <eboles@xxxxxxxxxxx> wrote:
Also -- if the user is deleted from A-D that had access to that folder it will show the SID rather than the name of the user as that container for the user still exists, it just doesn't have a name any longer.
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of Dennis Li
Sent: Monday, July 21, 2008 11:30 AM
To: Red Cat
Subject: Re: S-1-5-21...
Normal, the user like 'S-1-5....' is a domain account. After your
computer is added into a domain (AD), the administrator account of the
domain is added to your local administrators group automatically. And
when you browse the security property of the folder, OS will query the
real name of that domain user. Before the query is done, you'll see
the name is 'S-x-x-xxx'.
On Tue, Jul 22, 2008 at 12:56 AM, Red Cat <redcat9876@xxxxxxxxx> wrote:
I have a question on something I saw on my computer today. I'm on a
Windows Vista. I was looking at some of the "properties" of some
folders in my "Public" folder and clicked on the "Security" tab. Then
I noticed my usual login user, "Everyone", and one other user, whose
id seemed to be S-1-5-21...and some numbers. Then after a couple
moments it turned into the user, "None" with (My computer name\None)
right next to it. I looked at the permissions it was given and
apparently it was given "Special Permissions." I was pretty sure I
didn't and never had created a user named "None". But I still checked
the Users folder to see if there was indeed a user named "None". There
wasn't. I even checked to see if there were any hidden users using the
"view hidden folder option", but there was no uesr by the name of
"None". I looked on google for some time but all I managed to find was
that it could possibly be a remnant from a past OS or something. But
this computer had Vista installed on it when I got it. Also, it might
be some sort of guest that was made for my computer or something. My
own speculation is that it has something to do with the fact that I
used Cygwin to open up a tarball and create this folder. Anyway, what
does this user mean? Why does it have special permissions? Is it some
sort of sign that I have a back door somewhere on my computer or that
I'm being keylogged or something? Thanks in advance.
- Prev by Date: Re: S-1-5-21...
- Next by Date: Re: S-1-5-21...
- Previous by thread: Re: S-1-5-21...
- Next by thread: Re: S-1-5-21...