Re: Inserting Raw SID Into User Group



Note: I have never tried this with a known invalid SID, but I have done
this while the needed trust to verify the SID was inaccessible.

If you script, the normal ways to add a member to a group do accept the
syntax winnt://<sid> instead of the AdsPath for the principal being added.

(so you are about to rebuld the box but first want to deny all access to
that box to the principal the sid represents ??? ok, I believe :-))
--
Roger Abell
Microsoft MVP (Windows Server : Security)

"Will" <westes-usc@xxxxxxxxxxxxxx> wrote in message
news:reKdnYQMJKBywWzeRVn-tw@xxxxxxxxxxxxxxx
On a computer that was hacked I have a user who created a raw SID in the
Administrator's group that doesn't appear to correspond to any forest on
our
network. Before I retire the machine and rebuilt it, I would like to
add
the SID in question to a group that is denied access to any resources on
the
computer. But I can't add in raw SID's in the User and Computers AD
administration application. Does anyone know how to put a raw SID into a
group? The hacker knew how to do it, apparently. :)

--
Will




.