I have an unknown SID (not one of the well-known ones) listed under some
user rights assignments in GP. The only registry reference to it is under
the HKLM\SECURITY\Policy\Accounts key. How do you determine which user this
is? The SID in question is S-1-5-domain-1137. There is also
S-1-5-domain-1135, S-1-5-domain-1136 and S-1-5-domain-1139. Not sure what
these are either.

If you have some knowledge of C and a compiler (like Visual Studio), you can
create a utility to call LsaLookupSids to determine the corresponding
username. You could also open the Local Security Policy for that machine
and view which users are assigned to that user right. You won't know which
Sid maps to which user but at least you'll know what users are assigned to
that right.

N

--
This posting is provided "AS IS" with no warranties, and confers no rights.
Any included code samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm


<.> wrote in message news:(E-Mail Removed)...
> I have an unknown SID (not one of the well-known ones) listed under some
> user rights assignments in GP. The only registry reference to it is under
> the HKLM\SECURITY\Policy\Accounts key. How do you determine which user
this
> is? The SID in question is S-1-5-domain-1137. There is also
> S-1-5-domain-1135, S-1-5-domain-1136 and S-1-5-domain-1139. Not sure what
> these are either.
>
>

Look for a utilty called sid2name.exe - (it probably won't find any user
though) if they are sequential SIDs, they could be SMS related. Probably
just deleted accounts. After deleting an account, GPo references to the sid
are not cleaned up.

BH

"Nick Finco [MSFT]" <(E-Mail Removed)> wrote in message
news:eKDR%(E-Mail Removed)...
> If you have some knowledge of C and a compiler (like Visual Studio), you
can
> create a utility to call LsaLookupSids to determine the corresponding
> username. You could also open the Local Security Policy for that machine
> and view which users are assigned to that user right. You won't know
which
> Sid maps to which user but at least you'll know what users are assigned to
> that right.
>
> N
>
> --
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> Any included code samples are subject to the terms specified at
> http://www.microsoft.com/info/cpyright.htm
>
>
> <.> wrote in message news:(E-Mail Removed)...
> > I have an unknown SID (not one of the well-known ones) listed under some
> > user rights assignments in GP. The only registry reference to it is
under
> > the HKLM\SECURITY\Policy\Accounts key. How do you determine which user
> this
> > is? The SID in question is S-1-5-domain-1137. There is also
> > S-1-5-domain-1135, S-1-5-domain-1136 and S-1-5-domain-1139. Not sure
what
> > these are either.
> >
> >
>
>

I'm on a domain controller so local policies are not defined. Can't seam to
find sid2name.exe. I guess I could just delete the unknown SID and hope for
the best. Big SID strings makes GP hard to read. Seams kind of stupid
though.

Thanks

In trying your FindSID.js script, automation fails to create...... new ActiveXObject("gpmgmt.GPM"). I use the Group Policy Management Console (GPMC) but the "gpmgmt.GPM" progID is unknown on my machine. Are we talking about the same GPMC or is it a separate download?

GPMC is a separate download. It's a stand-alone tool that we just released a few months back.

You can get it from:
http://www.microsoft.com/windowsserv...c/default.mspx

You need a Windows XP SP1 machine + the .NET framework, or a Windows Server 2003 machine, in order to run GPMC. It doesn't run on Windows 2000, though it can be used from a an XP or later box to manage your Windows 2000 domains.

-Mike


--
This posting is provided "AS IS" with no warranties, and confers no rights.

<.> wrote in message news:(E-Mail Removed)...
In trying your FindSID.js script, automation fails to create...... new ActiveXObject("gpmgmt.GPM"). I use the Group Policy Management Console (GPMC) but the "gpmgmt.GPM" progID is unknown on my machine. Are we talking about the same GPMC or is it a separate download?