SID Filtering

  • Thread starter Thread starter caddo65590
  • Start date Start date
C

caddo65590

All,
When a trust is created between two domains that does not belong to the same
forest SID filtering is automatically tuned on.
Does any one know how to turn off the SID filtering?
The SIDHist.doc on Microsoft website recommend using Netdom.exe to turn it
off but that is not working for me.
Any ideas?
Thanks
 
Hello,

C:\>netdom trust DomainA /D:DomainB /UD:DomainB\Administrator /PD:*
/UO:DomainA\Administrator /PO:* /Quarantine no

Set the /Quarantine to no, todisable SID Filtering -- is this the command
that you used?

Thank You.

Diana.
 
Thanks Diana,
I found an article at MS site that used the netdom command but slightly
differs from yours but did not work.
C:\>winnt\netdom /filtersids no DomainB
This is the commandline I got from MS site but does not work for me.
Can you tell me what the /D, /UD, ?PD:* , PO:* means in your commandline?
Is all that one command?
Can you get me any article on this ?
I would appreciate it.
 
Hello,

The related command to disable SID filtering is:

netdom trust RESDOM /D:ACCDOM /UD:ACCDOM\Administrator /PD:adminpwd
/UO:RESDOM\Administrator /PO:"" /qurantine:no
/Pd* ---> Password for accdom admin
Click to expand...
/Po* ---> Password for resdom admin
Click to expand...
/D --> Domain Name
Click to expand...
/UD -> Domain Name with \admin appended
Click to expand...

Article that has everything except /quarantine switch, I have requested
that this article gets corrected.
289243 MS02-001: Forged SID Could Result in Elevated Privileges in Windows
2000
http://support.microsoft.com/?id=289243

Thank You.

Diana.

(e-mail address removed)

This posting is provided "AS IS" with no warranties, and confers no rights.
 
after running this command netdom trust RESDOM /D:ACCDOM /UD:ACCDOM\Administrator /PD:adminpwd /UO:RESDOM\Administrator /PO:adminpwd /filtersids:no I get parameter is incorrect and it have typed it many times in different ways I also used the one with the switch /Quarantine:no and when I dod that I get /Quarantine:no was unexpected. I really would appreciate any light shedding on this issue. thanks
 
Hello Juan,

Here is the command to disable sid filtering:

To disable SIDFiltering run the following command:

C:\>netdom trust DomainA /D:DomainB /UD:DomainB\Administrator /PD:*
/UO:DomainA\Administrator /PO:* /Quarantine no

/D: name of trusting domain

/UD: user account used to make the connection with the domain specified by
the /D

/PD: password of user account specified by user /UD

/UO: User account for making the connection with the trusting domain

/PO: Password of the user account specified by the /UO

Thanks, Juan.

Diana.

Juan said:
after running this command netdom trust RESDOM /D:ACCDOM
Click to expand...
/UD:ACCDOM\Administrator /PD:adminpwd /UO:RESDOM\Administrator /PO:adminpwd
/filtersids:no I get parameter is incorrect and it have typed it many times
in different ways I also used the one with the switch /Quarantine:no and
when I dod that I get /Quarantine:no was unexpected. I really would
appreciate any light shedding on this issue. thanks
 
Back
Top