beb sent a subspace message on 2/28/2006 3:04 AM:
Copy into note pad, select save, name it what you would like, save with a
vbs extension -for example test.vbs, to desktop, go to desktop and click on
icon.
UserSID.vbs
I ran the script from my primary account (an administrative one).
Exactly what is that script supposed to do? Is it supposed to display
something? A small dialog box appeared with no text other than an OK
button. I clicked on that and another box with an OK button and no text
came up. I clicked on OK again and the box went away. So what exactly
did it do?
HARD DRIVE - PROPERTIES - SECURITY
Next I went into the properties for each drive (sharing & security), and
that 1012 SID is still in there. It still has a different icon than the
other user choices, same as yesterday. It has a white person icon with a
question mark. The other users and groups have blue person icons without
question marks. I deleted S-1-5-21-746137067-1292428093-725345543-1012
from one drive's properties and tried to add it again. An error message
displayed saying it's invalid.
S-1-5-21-746137067-1292428093-725345543-1012 does not seem to be a valid
object. Should I just delete it from all my drives' Sharing & Security
Properties? It doesn't show up in the registry either. I did a full search.
Is there any software that could match up SID numbers with our user
accounts? We'd still like to know who belongs to these. The first two
were mentioned in Computer Management > Users and Groups. The others are
still unknown. I'm guessing the ones that are shorter are Users and the
longer ones are Administrators. Would our Power User be long or short?
Which one is the Guest account, or would it not show up since it's
disabled?
DOCUMENTS AND SETTINGS
We have the following: Administrator, All Users, Default User,
LocalService, Network, NetworkService, Administrator1, Administrator2,
User, and PowerUser. Do all of those have an SID?
COMPUTER MANAGEMENT - USERS AND GROUPS
We have the following: Administrator, ASPNET, Guest (disabled),
HelpAssistant (disabled), Administrator1, Administrator2, User,
PowerUser, SUPPORT_388945a0 (disabled). Can ASPNet be disabled or is
that required for network and Internet access?
USER SIDs
Here are all the ones we could find in the registry and Computer Management.
S-1-5-4 (NT AUTHORITY\INTERACTIVE)
S-1-5-11 (NT AUTHORITY\Authenticated Users)
S-1-5-18
S-1-5-19
S-1-5-20
S-1-5-21-746137067-1292428093-725345543-1003
S-1-5-21-746137067-1292428093-725345543-1009
S-1-5-21-746137067-1292428093-725345543-1012
USER ACCOUNTS
There are two administrative accounts, plus the built-in Administrator
account for XP, so that makes 3 administrators. There is one Power User
account and one (limited) User account. The built-in Guest account is
disabled.
An account can belong to different user-level groups at the same time,
but we want to delete any memberships for each account that are not
needed. Administrator2 was just added yesterday. All other accounts have
been there a while.
1. Do Administrators need to have Users as a group? If not, can we
delete Users from their membership or would that cause problems? If the
built-in XP Administrator is supposed to also belong to the Users group,
we can add that to it. Let us know.
2. Do Power Users need to have Users as a group? They do when you
upgrade and downgrade their privileges through Control Panel - Users,
because XP only lets you choose between Administrators and Users. Power
Users is not in the list, and that has to be custom configured through
Computer Management - Local Users and Groups. Once that has been done,
can we delete User from the Power User account's membership? Upgrading
that account to Power User was the only way to give it write access on
all drives. We don't want to give it the full control of an administrator.
USER MEMBERSHIPS:
Administrator (built-in for XP) belongs to:
- Administrators
- Nero
Administrator1 and Administrator2 (created by us) belong to:
- Administrators
- Nero
- Users
PowerUser1 belongs to:
- Power Users
- Nero
- Users
User1 belongs to:
- Nero
- Users
Please let us know. Thanks.