[slyaii]

thanks, i'll try that tomorrow. gotta go. thanks a lot. i'll let u knw. i was place into an IT admin position because the original one got fired. it's all up to me now.

[Advertisements]

does the psgetsid need to be installed on a server that has Domain Controller or can it be any server?

[slyaii]

does the psgetsid need to be installed on a server that has Domain Controller or can it be any server?

[dsenette]

might need to be the domain controller...i've had mixed success with the tool in this regard...and it may be that i wasn't running it from the DC

[slyaii]

go here and download pstools to your server....then extract the psgetsid file to c:\windows\system32

then open a command prompt on the server and type
psgetsid <sid number>

<Sid number> is that number you see in the permissions list

.....

i downloaded the file, and unzipped it, i copy the one file of "psgetsid". went to my DC and C:\WINNT\system32 and installed the one file there.

inside the DC server and cmd prompt,

say my sid is s-1-5-21

do i type psgetsid s-1-5-21

[dsenette]

yeah...type the full SID number

[slyaii]

i typed in

psgetsid the whole number with dashes, and the cmd screen with black went active to nothing in a flash of an eye...did it work? and where can i see the result?

[dsenette]

where did you type it? in a cmd window or in the run comand box?

[slyaii]

i did it in the run command box...which i know is wrong now. knowing is half the battle...

i typed in cmd and pressed enter, got this screen...

c:\winnt\profiles\administrator> then type this after the >

psgetsid and my whole sid with dashes

result:

Error Querying account:
No mapping between account names and security IDs was done

[dsenette]

that (in my experience so far) means the user might be gone....or it's just not finding the mapping (which would explain why the SID shows instead of the username)...unfortunately...we've gone into an area where i have no sollutions

[slyaii]

thaks for the info on it...hey. i tried this:

psgetsid \\computer name (server) and it returns something, let's say it's s-1-54-254-45

well, i type in

psgetsid s-1-54-254-45 and it's giving me that same error

[slyaii]

dse,

any thoughts on that issue? I want to just delete the ?1-s-1244- (an example), but I don't really know if it's a disabled user or not...

[dsenette]

well...i personally suggest leaving it unless you can track down the SID....if it's a disabled or deleted user then the likely hood of the permissions being exploited are slim....if you really want to delete that user from the permissions...then make 100% certain that your domain admin account has full permissions on that folder....if that SID matches the domain account (by the numbers i don't think it does) and you delete it...then you've just locked the admin out of that folder...which is not a good thing