Re: Inserting Raw SID Into User Group



Try fileacl although I do not know if it will want to verify the SID
comes from a know account database. Google fileacl

"Will" <westes-usc@xxxxxxxxxxxxxx> wrote in message
news:hJedndd4huhoG2zeRVn-rw@xxxxxxxxxxxxxxx
It's a matter of time. I believe the hacker did his work long ago and
won't be back. The box will be rebuilt when there is time, roughly in
two
weeks. In the interim I want to do what I can.

Is there a command line utility that would take the SID as an argument, or
even the winnt://<sid> syntax as input?

--
Will



"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
news:OAulGjSMGHA.2416@xxxxxxxxxxxxxxxxxxxxxxx
Note: I have never tried this with a known invalid SID, but I have done
this while the needed trust to verify the SID was inaccessible.

If you script, the normal ways to add a member to a group do accept the
syntax winnt://<sid> instead of the AdsPath for the principal being
added.

(so you are about to rebuld the box but first want to deny all access to
that box to the principal the sid represents ??? ok, I believe :-))
--
Roger Abell
Microsoft MVP (Windows Server : Security)

"Will" <westes-usc@xxxxxxxxxxxxxx> wrote in message
news:reKdnYQMJKBywWzeRVn-tw@xxxxxxxxxxxxxxx
On a computer that was hacked I have a user who created a raw SID in
the
Administrator's group that doesn't appear to correspond to any forest
on
our
network. Before I retire the machine and rebuilt it, I would like
to
add
the SID in question to a group that is denied access to any resources
on
the
computer. But I can't add in raw SID's in the User and Computers AD
administration application. Does anyone know how to put a raw SID
into
a
group? The hacker knew how to do it, apparently. :)

--
Will








.



Relevant Pages

  • Re: Trust Fails and Restored, now ACL has to be reassign
    ... These don't go away unless you remove them, but if you have other admins on your network with that capability, you'll want to verify this. ... If the SIDHistory is still there, then I would want to look at the trust to make sure that SID Filtering is turned off and that the Trust is fully functional. ...
    (microsoft.public.win2000.networking)
  • Re: Inserting Raw SID Into User Group
    ... I have never tried this with a known invalid SID, ... this while the needed trust to verify the SID was inaccessible. ... the SID in question to a group that is denied access to any resources on ... Does anyone know how to put a raw SID into a ...
    (microsoft.public.windows.server.security)
  • Re: Inserting Raw SID Into User Group
    ... raw SID into a group? ... I think the only reason you see a raw SID is because your system is not ... probebly a SID that belongs to the machine or network of the hacker. ...
    (microsoft.public.windows.server.security)
  • Re: Inserting Raw SID Into User Group
    ... this while the needed trust to verify the SID was inaccessible. ... Before I retire the machine and rebuilt it, ... the SID in question to a group that is denied access to any resources on ... Does anyone know how to put a raw SID into ...
    (microsoft.public.windows.server.security)
  • Re: Multiple profile migration using ADMT
    ... How To Use Microsoft Visual Basic to Convert a Raw SID into a String SID ... the SID history - voila - the sam names are all matched.... ...
    (microsoft.public.windows.server.migration)