Re: Inserting Raw SID Into User Group
- From: Jan Hugo Prins <jhp@xxxxxxxxxxx>
- Date: Fri, 17 Feb 2006 17:33:41 +0100
On Mon, 13 Feb 2006 20:31:03 -0800, Will wrote:
On a computer that was hacked I have a user who created a raw SID in the
Administrator's group that doesn't appear to correspond to any forest on
our network. Before I retire the machine and rebuilt it, I would like
to add the SID in question to a group that is denied access to any
resources on the computer. But I can't add in raw SID's in the User and
Computers AD administration application. Does anyone know how to put a
raw SID into a group? The hacker knew how to do it, apparently. :)
I think the only reason you see a raw SID is because your system is not
able to find what the name is that belongs to this SID. This SID is
probebly a SID that belongs to the machine or network of the hacker. That
is also the reason that he was able to at is to your ACL, he was able to
resolve it. He did not at a raw SID but he just added his account.
Jan Hugo
.
- References:
- Inserting Raw SID Into User Group
- From: Will
- Inserting Raw SID Into User Group
- Prev by Date: Re: Windows Explorer changes user account during connection to share folder
- Next by Date: remote desktop security
- Previous by thread: Re: Inserting Raw SID Into User Group
- Next by thread: event id 22
- Index(es):
Relevant Pages
|
|
