How to determine user behind unknown SID listed in User Rights Assignments?

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have an unknown SID (not one of the well-known ones) listed under some
user rights assignments in GP. The only registry reference to it is under
the HKLM\SECURITY\Policy\Accounts key. How do you determine which user this
is? The SID in question is S-1-5-domain-1137. There is also
S-1-5-domain-1135, S-1-5-domain-1136 and S-1-5-domain-1139. Not sure what
these are either.
 
If you have some knowledge of C and a compiler (like Visual Studio), you can
create a utility to call LsaLookupSids to determine the corresponding
username. You could also open the Local Security Policy for that machine
and view which users are assigned to that user right. You won't know which
Sid maps to which user but at least you'll know what users are assigned to
that right.

N
 
Look for a utilty called sid2name.exe - (it probably won't find any user
though) if they are sequential SIDs, they could be SMS related. Probably
just deleted accounts. After deleting an account, GPo references to the sid
are not cleaned up.

BH
 
I'm on a domain controller so local policies are not defined. Can't seam to
find sid2name.exe. I guess I could just delete the unknown SID and hope for
the best. Big SID strings makes GP hard to read. Seams kind of stupid
though.

Thanks
 
In trying your FindSID.js script, automation fails to create...... new ActiveXObject("gpmgmt.GPM"). I use the Group Policy Management Console (GPMC) but the "gpmgmt.GPM" progID is unknown on my machine. Are we talking about the same GPMC or is it a separate download?
 
GPMC is a separate download. It's a stand-alone tool that we just released a few months back.

You can get it from:
http://www.microsoft.com/windowsserver2003/gpmc/default.mspx

You need a Windows XP SP1 machine + the .NET framework, or a Windows Server 2003 machine, in order to run GPMC. It doesn't run on Windows 2000, though it can be used from a an XP or later box to manage your Windows 2000 domains.

-Mike
 
Back
Top