Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Is This Normal? Unknown User Access

  • Please log in to reply
1 reply to this topic

#1 Infern0


  • Members
  • 16 posts
  • Location:Canada
  • Local time:10:17 AM

Posted 30 August 2006 - 04:30 PM


Recently i've noticed that if I click the properties of any file on my computer, and check the security settings.. this user is on the list of every file: ?(*S-1-5-21-1993962763-1844823847-839522115-1001) It used to appear all the time, but now when I click security I only see it on the list for a fraction of a second before it dissapears. What does this mean? I'm new to computers and i'm not sure if this is a problem or not, but i'd rather be safe than sorry. Here's some more information.

This is what I found in Local Security Settings in Administrative Tools. Everything I could find that has this user in it.

Policy Local Setting Effective Setting

(Deny Logon Locally) *S-1-5-21-19939627.. *S-1-5-21-19939627..

(Access This Computer
From The Network) *S-1-5-21-19939627.. *S-1-5-21-19939627..

(Impersonate A Client
After Authenication) *S-1-5-21-19939627.. *S-1-5-21-19939627..

(Log On As A Batch Job) *S-1-5-21-19939627.. *S-1-5-21-19939627..

(Log On As A Service) *S-1-5-21-19939627.. *S-1-5-21-19939627..

Ok , I think that's it. If anyone can help me figure out what this means, it would be greatly appreciated.

Thanks Everyone!
Posted Image

BC AdBot (Login to Remove)


#2 -David-


  • Members
  • 10,603 posts
  • Gender:Male
  • Location:London
  • Local time:04:17 PM

Posted 04 September 2006 - 06:31 AM

Hey there Infern0, welcome to BleepingComputer.
Sorry for the delay in the reply.

This is a SID, which stands for Security Identifier and is used within NT/2000 as a value to uniquely identify an object such as a user or a group.

"The SID assigned to a user becomes part of the access token, which is then attached to any action attempted or process executed by that user or group. If a duplicate SID did exist then all users with this SID would authenticate as what would be seen as the same user. It is possible for cloned machines to have the same SID, which would be seen by the authentication mechanism as the same machine. The SID under normal operation will be unique and will identify an individual object such as a user, group or a machine."

In simple terms Windows uses SIDs instead of usernames. For example, if you double-click a folder, Windows checks whether your SID is allowed to access it; it doesn't use your username.

You can read more about this at the link below:


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users