|
Posted by Roger Abell [MVP] on February 14, 2006, 9:58 pm
Please log in for more thread options Try fileacl although I do not know if it will want to verify the SID
comes from a know account database. Google fileacl
> It's a matter of time. I believe the hacker did his work long ago and
> won't be back. The box will be rebuilt when there is time, roughly in
> two
> weeks. In the interim I want to do what I can.
>
> Is there a command line utility that would take the SID as an argument, or
> even the winnt://<sid> syntax as input?
>
> --
> Will
>
>
>
>> Note: I have never tried this with a known invalid SID, but I have done
>> this while the needed trust to verify the SID was inaccessible.
>>
>> If you script, the normal ways to add a member to a group do accept the
>> syntax winnt://<sid> instead of the AdsPath for the principal being
> added.
>>
>> (so you are about to rebuld the box but first want to deny all access to
>> that box to the principal the sid represents ??? ok, I believe :-))
>> --
>> Roger Abell
>> Microsoft MVP (Windows Server : Security)
>>
>> > On a computer that was hacked I have a user who created a raw SID in
>> > the
>> > Administrator's group that doesn't appear to correspond to any forest
>> > on
>> > our
>> > network. Before I retire the machine and rebuilt it, I would like
>> > to
>> > add
>> > the SID in question to a group that is denied access to any resources
>> > on
>> > the
>> > computer. But I can't add in raw SID's in the User and Computers AD
>> > administration application. Does anyone know how to put a raw SID
>> > into
> a
>> > group? The hacker knew how to do it, apparently. :)
>> >
>> > --
>> > Will
>> >
>> >
>>
>>
>
>
| 
XML Sitemap