Hey Yall. Well, Im running Win XP Pro on my laptop and i was browsing thru the Local Security Settings. I came accross one titled "ACCESS THIS COMPUTER FROM THE NETWORK" I clicked it and theres a box inside the menu that comes up to add people who can access the computer from the network. well, theres some funky group name that displays along with "Everyone, Users, and Guest" and its "*S-1-5-21-790525478-1935655697-1060284298-1009" What is this:??
cargenius42 0 Junior Poster
bentkey 10 Posting Whiz
I don't know, but it doesn't show up on mine. You could try searching the registry with that value minus the quotes and leading astirick and see if you can find something that's a clue.
QKSTechTrainee 36 Light Poster
What network are you connecting to? If you only use this computer for the internet then it looks like someone has set themselves up with remote access to your machine (which is NOT good) That weird looking entry looks very much like an un-resolved Windows2000 Active directory SID (basically a user ID for someone on a win2k Active Directory domain)
So - If you connect to a windows domain at any time (say, at work, school or college) then it is a user on that network, and if you look it up when you are connected to the network then you should see a username there instead. If you never connect to this type of network, then it looks like unauthorised access from the internet....
By the way - do you really think you want to allow "Everyone", "User" & "Guest" access to your computer?
cargenius42 0 Junior Poster
Ok, should I delete this funky username or code or whatever it is? Cuz i have only used this computer to connect to my home network but im wondering if one of my neighbors may have done that or sumthin. they prob hacked into our wireless network. I just enabled WEP on our router so that should stop them from accessing our internet. Thank you for ur responses yall!
antioed 53 Posting Whiz
What you are seeing there is basically how Windows sees an account on the system level. When you create an account called "bob" the actual translation, Security ID (http://www.webopedia.com/TERM/S/SID.html), is stored in the Security Accounts Manager (SAM) in the way you're seeing in that access list. Obviously the SID you listed above would be very arduous to type everyday so Windows is nice enough to translate the SID into something easier for us to deal with. So when you see a SID like that it could be a couple things - user accounts, machine accounts or groups that at one point had a translation associated and now, for whatever reason, can no longer perform the translation...this could happen due to account deletion or if another computer was taken offline that was somehow configured in that particular ACL. QKS was right on the money about Active Directory accounts. Basically if the machine was a member of a domain and a domain account or group had access to that resource and then the account or group was deleted from AD you would be left with the SID in the ACL since the translation for that group or account from AD is no longer available. I'm not sure how that could have gotten there on your system since it sounds like you're not in a domain...maybe you had some sort of workgroup at some point or deleted an account that had rights to that resource. The good news is that if it was an account someone had put there I doubt it's associating properly with the SAM on your machine so most likely there would be no way to gain access to that system using whatever credentials may have been associated with that SID. You're probably ok do delete it. Cheers.
cargenius42 0 Junior Poster
Okeydokey, Thanks so much
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.