Local Security Settings: why the long string *S-1-5-23498...?

[raylopez99]

Local Security Settings: why the long string *S-1-5-23498...? where
Admin, Power User, User are.

Sometimes this long string is found together where the traditionally
defined users (Admin, Power User, etc) are.

Since I program in Visual Studio and recently added SQL Server 2005, I
surmise perhaps this was added by those programs for their own
purposes, perhaps debugging?

THen again it could be a hacker?!

Anybody else having these strings in your Local Security Settings?

I have a standalone PC connected to the internet through a firewalled
DSL modem.

RL

 

[Bruce Sanderson]

Those long strings are SIDs. They are the identifier for "security
principles". The names (e.g. Administrator, or a user account's logon name)
are merely attributes of the SID for humans to know them by. The SID is the
key for the security principle in the "SAM" database that is manipulated by
Computer Management, Local Users and Groups (or in a domain, in the Active
Directory database by Active Directory Users and Computers).

If someone adds a user account or group to a permission list or other place
where such things can be put, then that user account or group gets deleted,
Windows can no longer determine what the "user friendly" name associated
with the SID was (because the corresponding SAM database record no longer
exists), so the actual SID is displayed instead.

If you look in the registry at the sub keys under HKEY_USERS or
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList,
you'll see these SIDs.