Re: Inserting Raw SID Into User Group



Note: I have never tried this with a known invalid SID, but I have done
this while the needed trust to verify the SID was inaccessible.

If you script, the normal ways to add a member to a group do accept the
syntax winnt://<sid> instead of the AdsPath for the principal being added.

(so you are about to rebuld the box but first want to deny all access to
that box to the principal the sid represents ??? ok, I believe :-))
--
Roger Abell
Microsoft MVP (Windows Server : Security)

"Will" <westes-usc@xxxxxxxxxxxxxx> wrote in message
news:reKdnYQMJKBywWzeRVn-tw@xxxxxxxxxxxxxxx
On a computer that was hacked I have a user who created a raw SID in the
Administrator's group that doesn't appear to correspond to any forest on
our
network. Before I retire the machine and rebuilt it, I would like to
add
the SID in question to a group that is denied access to any resources on
the
computer. But I can't add in raw SID's in the User and Computers AD
administration application. Does anyone know how to put a raw SID into a
group? The hacker knew how to do it, apparently. :)

--
Will




.



Relevant Pages

  • Re: Inserting Raw SID Into User Group
    ... Try fileacl although I do not know if it will want to verify the SID ... Google fileacl ... Does anyone know how to put a raw SID ...
    (microsoft.public.windows.server.security)
  • Re: Inserting Raw SID Into User Group
    ... this while the needed trust to verify the SID was inaccessible. ... Before I retire the machine and rebuilt it, ... the SID in question to a group that is denied access to any resources on ... Does anyone know how to put a raw SID into ...
    (microsoft.public.windows.server.security)
  • Restricted SID vs Deny Only SID
    ... What exactly is the difference between Restricted SID's and Deny onyl SID ... mean all accesses to resources which contain thta SID in its descriptor is ... denied access. ...
    (microsoft.public.platformsdk.security)
  • Re: Trust Fails and Restored, now ACL has to be reassign
    ... These don't go away unless you remove them, but if you have other admins on your network with that capability, you'll want to verify this. ... If the SIDHistory is still there, then I would want to look at the trust to make sure that SID Filtering is turned off and that the Trust is fully functional. ...
    (microsoft.public.win2000.networking)
  • Re: Inserting Raw SID Into User Group
    ... raw SID into a group? ... I think the only reason you see a raw SID is because your system is not ... probebly a SID that belongs to the machine or network of the hacker. ...
    (microsoft.public.windows.server.security)