Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Orphaned Sid's


  • Please log in to reply
3 replies to this topic

#1 Wendy K. Walker

Wendy K. Walker

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In The Treeline 300 Yards Behind You, Tracking Your Every Move Through A Sniper Scope
  • Local time:07:13 PM

Posted 22 December 2007 - 10:03 PM

Hi Everyone,

While browsing the topics in this forum I stumbled across this reply to someones question -->

When you create a user account XP generates a SID, security identifier, for that account. Windows uses SIDs instead of usernames. When you delete that user the SID still resides in the registry for the now deleted user account. I've heard of hackers accessing a computers registry to reacitvate accounts from the SID's. <--

Now, as I have created and deleted several Administrative accounts on my PC that reply causes me some concern. So I want to ask; 1.) Where do I look to find a list of the SID's that are on my machine? 2.) How do I tell which ones are no longer active? and 3.) How do I get rid of the ones that belong to deleted accounts?

Thanks

Wendy
TRUST NO ONE...! EXCEPT For The Beloved Computer Geek Helping You In The MALWARE FORUMS.

Do Unto Others Before They Have A Chance To Do Unto You.

HP Pavilion 512n [Rescued from a pile of trash on the side of the road] 128 MB SDRAM, 60 GB Hard Drive, Windows XP, Home Edition, SP3, COMODO Anti Vitus and Firewall.

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:03:13 PM

Posted 23 December 2007 - 10:25 AM

How to identify SIDS for certain user http://support.microsoft.com/kb/q154599/
There are also other SIDS to be concerned about and left alone http://support.microsoft.com/kb/243330
Removing any involves editing the registry. Not for the faint of heart All warnings apply-Back up the registry first
Providing you have a decent firewall and normal security items in place, I would not worry about it
Mark

Edited by garmanma, 23 December 2007 - 10:26 AM.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:03:13 PM

Posted 23 December 2007 - 10:40 AM

Be very, very careful with this! One slip of the mouse could easily render your system inoperable!

The "cure" for this is your Windows Updates - that'll prevent the hackers from exploiting this vulnerability.

Here's some common SID's on Windows systems: http://support.microsoft.com/kb/243330
Interestingly, this KB article doesn't seem to apply to XP Home - anyone know why?

As I understand it, Windows first asks for a password for a user name when logging in - and authenticates it against either the local system or the domain controller. Then it looks in the registry to see what SID corresponds to that user name. So you could search the registry for it by searching the user name and looking for SID's in the results

This link seems to do the trick for Win2K: http://support.microsoft.com/kb/177077/en-us
Dunno if it works with XP (the critical file getsid.exe isn't on my XP VM).

This link points you to the registry location where they're stored in Win2K (and the same location exists in WinXP): http://support.microsoft.com/kb/q154599/
Dunno if XP uses the same procedures as Win2K - but you'll be able to see the SID's and search the registry for them.

More good links on SID's:
http://en.wikipedia.org/wiki/Security_Identifier
http://www.microsoft.com/technet/security/...n/MS99-057.mspx
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#4 Wendy K. Walker

Wendy K. Walker
  • Topic Starter

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In The Treeline 300 Yards Behind You, Tracking Your Every Move Through A Sniper Scope
  • Local time:07:13 PM

Posted 30 December 2007 - 02:46 AM

Hi usasma, Hi garmanma, Thanks for the replies guys.

OK, thanks for all of those link. I did some reading and then I got real nervy and took a look at those SID things. None of those little buggers were associated with any of the old accounts that I've deleted so I got the heck out of there real quick.

I think that I shall leave well enough alone.

Happy New Years Guys!

Wendy

Edited by Wendy K. Walker, 30 December 2007 - 02:49 AM.

TRUST NO ONE...! EXCEPT For The Beloved Computer Geek Helping You In The MALWARE FORUMS.

Do Unto Others Before They Have A Chance To Do Unto You.

HP Pavilion 512n [Rescued from a pile of trash on the side of the road] 128 MB SDRAM, 60 GB Hard Drive, Windows XP, Home Edition, SP3, COMODO Anti Vitus and Firewall.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users