Remove SID/User from a local Group Policy

[Justin]

I am simply trying to remove some old SIDs from the "Log on as a
Service" policy. I'm using the Group Policy editor. There is only an
"Add" button when I Right click on the policy and choose "Security...",
but no "Remove".

I'm Logged into the machine (Win 2k SP4) as a Domain Admin. I have
also checked that there is no overiding GPO at the Domain level. Is
there a way to remove the SIDs?

Thanks in advance.
-Justin

 

[Steven L Umbach]

Normally if I can add or remove local and domain groups I can remove
orphaned sids. Keep in mind that a sid showing could indicate a name
resolution or network connectivity problem in the domain. If you are sure
that you want to remove those sids you also could create a new security
template with just that user right defined with the groups added then you
want and then import that template. Also try logging on as the local
administrator. --- Steve