Trojan or bugs?

  • Thread starter Thread starter crapit
  • Start date Start date
C

crapit

Browse through the local security settings and happen to saw this.

From local polices -\ User Rights Assignment,

Under policy column.
Access this computer from this network,

Under local Setting
MISC, Administrators, Backup Operators, Power Users,
Users, Everyone,
*S-1-5-21-842925246-1801674531-72
5345543-1000


What the crap is this user?
->>> *S-1-5-21-842925246-1801674531-72
5345543-1000
 
So how do I removed it
Steven L Umbach said:
That would indicate that a user or group that one time had that right was deleted and
therefore the user/group name can no longer be resolved to friendly name. It does not
necessarily mean a compromise but if you are the only person that ever configured the
computer then you may want to give it a thorough checkout. It is not on the list of
well known sids. -- Steve

http://support.microsoft.com/defaul...port/kb/articles/Q243/3/30.ASP&NoWebContent=1
Click to expand...
 
Assuming you are not in a domain, try unchecking the user right for that
unknown user and I believe it will go away after a reboot or two. If that
does not work you can use the secedit command as described in the KB link
below to reset your local security settings to default defined levels. You
could append the switch " /areas user_rights " to the end of the command to
reset just your user rights. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;EN-US;313222
 
Yes, my computer is in a workgroup. With regard to user right, where can I
find the setting for it?
 
Yes, my computer is in a workgroup. After unchecking the user right for the
unknown user, it go away after reboot. Thanks for your help and guidance.
BTW, can u help me with the following problem that I've post in win2000
networking newsgroup?


Here's the description
---------------------
I have 2 PC of which both are using win2k pro and have account created in
both PC.

Both are under the same workgroup name "workgroup", same subnet mask and
IP address assigned manually.

I have this problem of accessing the workgroup (from PC-2) and got
"workgroup is
not accessible" error message.
I deleted and recreated the account called "misc" (member of administrator)
at computer PC-2. Hence the problem was solved, the shared folder at
computer PC-2 become accessible from PC-1.

However, when I change the password for that "misc" account, I cant
access the workgroup again. What is wrong with that?

Additional query, how do I make multiple account appear at the log in dialog
so as not to type the user account name
 
In Local Security Policy [secpol.msc] security settings/local policies/user rights
assignments - access this computer from the network. When you click on the defined
list for the setting you should have the option to uncheck unwanted entries. ---
Steve
 
It sounds as if you are logged onto the other computer with the same user account but
different password than on the computer offering shares and hence you are denied
access until the passwords are the same which is normal behavior in a workgroup
setting.

There is no way to have multiple accounts appear in the logon box, only that last
user name will show as long as that is allowed in Local Security Policy. To have
otherwise would be a big security risk. If your network consists of all trusted users
and you have a firewall protecting your computers from the internet you can enable
the guest account on a computer and everyone will get access to shares that have
permissions for the everyone group. --- Steve
 
Steven L Umbach said:
It sounds as if you are logged onto the other computer with the same user account but
different password than on the computer offering shares and hence you are denied
access until the passwords are the same which is normal behavior in a
Click to expand...
workgroup setting.

But the problem (for this problem PC, I called it MISC), it cannot even
access the workgroup, so what can be wrong?
After removing those no longer exist user group, I make a comparision b/w
the the PC local security setting and found out that

From local polices -\ User Rights Assignment,

Under policy column for CRAP PC Under local Setting
Access this computer from this network MISC, Administrators,
Backup Operators, Power Users,Users, Everyone,


Under policy column for MISC PC Under local Setting
Access this computer from this network Administrators, Backup
Operators, Power Users,Users, Everyone,

CRAP is missing, I cannot add "CRAP" to MISC PC as it cant access the
workgroup.

There is no way to have multiple accounts appear in the logon box, only that last
user name will show as long as that is allowed in Local Security Policy. To have
otherwise would be a big security risk. If your network consists of all trusted users
and you have a firewall protecting your computers from the internet you can enable
the guest account on a computer and everyone will get access to shares that have
permissions for the everyone group. --- Steve
Click to expand...

I wonder whether I've phrase it correctly, When logon ,at the User Name, how
to make the combo menu appear as the different account name appear?
 
If I understand correctly, you are trying to add a local group to the user
right for access this computer from the network and when you select add the
group you want is not there. If that is the problem then possbily the group
has been deleted. You can use the command "net localgroup" to view the local
groups on each computer and use Computer Management/local users and groups
to create or modify a group. -- Steve
 
I seem to have bring your attention to something else instead. My point is
From PC-2 <MISC>, I cant access workgroup, as clicking on "Computers near
me" icon give <network is not accessible> error message.
From PC-1 <CRAP>, I can access the workgroup, see MISC in the workgroup,
access the shared folders on MISC computer.
 
Try logging onto PC-2 with an account that is an administrator on the other PC using
the same exact password that the administrator account has on the computer you are
having trouble accessing. See if you can access the computer that way via My Network
Places. If that does not work in the run box try using UNC to access the other
computer as in \\PC-1. If that does not work try the actual IP address for PC-1 as
shown in ipconfig /all as in \\xxx.xxx.xxx.xxx . Make sure that you do not have a
personal firewall installed on PC-1 that may be blocking access to the shares. If
none of that works run an ipconfig /all on both computers and post it in a
eply. --- Steve
 
WOW, YOU ARE FANTASTIC.

I log in another account on PC-2 with administrator rights.
Using UNC to access did really work as to access the shared folders at PC-1.
However, pinging on each other failed. And 1st attempt (that is when the
PC has boot up) to access other PC shared folders give "incorrect user name
or password".
 
Any solution???
I log in another account on PC-2 with administrator rights.
Using UNC to access did really work as to access the shared folders at PC-1.
However, pinging on each other failed. And 1st attempt (that is when the
PC has boot up) to access other PC shared folders give "incorrect user name
or password".
 
Try pinging each other by IP address and then name to see if either of those
works. Any personal firewall products can block ping attempts if configured
to do so. The computer accounts must match on each computer in both logon
name and password which is case sensitive in order to get access. Try
pasting an ipconfig /all for both computers in a reply so that we can see
what they look like as there is a lot of helpful info there. Below is an
example of what one of mine looks like. --- Steve

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : server1-2000
Primary DNS Suffix . . . . . . . : umbach1.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : umbach1.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 3Com EtherLink XL 10/100 PCI NIC
(3C
905-TX)
Physical Address. . . . . . . . . : 00-60-97-26-67-60
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.105
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.105
Primary WINS Server . . . . . . . : 192.168.1.105


C:\Documents and Settings\Administrator>
 
Result for ping for both PC is the same
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.2.1X:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

Steven L Umbach said:
Try pinging each other by IP address and then name to see if either of those
works. Any personal firewall products can block ping attempts if configured
to do so. The computer accounts must match on each computer in both logon
name and password which is case sensitive in order to get access. Try
pasting an ipconfig /all for both computers in a reply so that we can see
what they look like as there is a lot of helpful info there. Below is an
example of what one of mine looks like. --- Steve

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : server1-2000
Primary DNS Suffix . . . . . . . : umbach1.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : umbach1.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 3Com EtherLink XL 10/100 PCI NIC
(3C
905-TX)
Physical Address. . . . . . . . . : 00-60-97-26-67-60
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.105
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.105
Primary WINS Server . . . . . . . : 192.168.1.105
Click to expand...


Ipconfig /all for PC-1
For PC-2 other than MAC and IP address, and Host Name, others are the same
--------------------------------------------------------------------------
Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : crap
Primary DNS Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : D-Link DFE-538TX 10/100 Adapter
Physical Address. . . . . . . . . : 00-50-BA-87-86-62
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.2.11
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.1
DNS Servers . . . . . . . . . . . : 192.168.2.1
 
Try to ping while both computers are booted into safe mode with networking
to see if there is a startup application or such interfering with access. If
that does not work post ipconfig /all for both computers in a reply. There
is no risk in showing "private" IP addresses here such as the popular
192.168.xxx.xxx C class. --- Steve
 
Pinging in safeboot did generate reply from both side

ipconfig/all from crap, misc is the same except IP is 192.168.218
Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : crap
Primary DNS Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : D-Link DFE-538TX 10/100 Adapter
Physical Address. . . . . . . . . : 00-50-BA-87-86-62
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.2.11
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.1
DNS Servers . . . . . . . . . . . : 192.168.2.1
 
That means you have a startup program/service/driver causing the pings to fail.
A personal firewall or ipsec filtering would be my first thoughts. Ipsec
filtering is something that would not be a default setup but you could look in
Local Security Policy/security settings/ipsec policies to see if you have any
policy assigned. Otherwise use msconfig to troubleshoot what is causing the
problem by using selective startup in a trial and error mode. You can get
msconfig from an XP box or download from various internet sites - search Google
for "msconfig download". --- Steve
 
Back
Top