Focus on Microsoft
Re: S-1-5-21... Jul 21 2008 09:50PM
Randhir Vayalambrone (vayalambrones yahoo com)
computername\none is a special group (hidden in the local users/groups mmc; try creating a user or a group named None on Windows, it will fail with an error group exists). None equates to the domain users in AD.
Read Keith Brown's "Programming Windows Security" (if it is still available) to understand the internals of Windows security.
Randhir Vayalambrone

----- Original Message ----
From: Charles Hardin <fonestorm (at) gmail (dot) com [email concealed]>
To: Erik Boles <eboles (at) mxlogic (dot) com [email concealed]>
Cc: Dennis Li < (at) gmail (dot) com [email concealed]>; Red Cat <redcat9876 (at) gmail (dot) com [email concealed]>; "focus-ms (at) securityfocus (dot) com [email concealed]" <focus-ms (at) securityfocus (dot) com [email concealed]>
Sent: Monday, 21 July, 2008 7:50:52 PM
Subject: Re: S-1-5-21...

You guys are missing the part that he said its COMPUTERNAME\none. This
means its a local account, nothing to do with AD. Im not that familiar
with vista users but I would not be suprised if this was some sort of
system generated account.

Charles Hardin

On Mon, Jul 21, 2008 at 2:37 PM, Erik Boles <eboles (at) mxlogic (dot) com [email concealed]> wrote:
> Also -- if the user is deleted from A-D that had access to that folder it will show the SID rather than the name of the user as that container for the user still exists, it just doesn't have a name any longer.
> Erik
> -----Original Message-----
> From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Dennis Li
> Sent: Monday, July 21, 2008 11:30 AM
> To: Red Cat
> Cc: focus-ms (at) securityfocus (dot) com [email concealed]
> Subject: Re: S-1-5-21...
> Hi,
> Normal, the user like 'S-1-5....' is a domain account. After your
> computer is added into a domain (AD), the administrator account of the
> domain is added to your local administrators group automatically. And
> when you browse the security property of the folder, OS will query the
> real name of that domain user. Before the query is done, you'll see
> the name is 'S-x-x-xxx'.
> Dennis
> On Tue, Jul 22, 2008 at 12:56 AM, Red Cat <redcat9876 (at) gmail (dot) com [email concealed]> wrote:
>> Hey,
>> I have a question on something I saw on my computer today. I'm on a
>> Windows Vista. I was looking at some of the "properties" of some
>> folders in my "Public" folder and clicked on the "Security" tab. Then
>> I noticed my usual login user, "Everyone", and one other user, whose
>> id seemed to be S-1-5-21...and some numbers. Then after a couple
>> moments it turned into the user, "None" with (My computer name\None)
>> right next to it. I looked at the permissions it was given and
>> apparently it was given "Special Permissions." I was pretty sure I
>> didn't and never had created a user named "None". But I still checked
>> the Users folder to see if there was indeed a user named "None". There
>> wasn't. I even checked to see if there were any hidden users using the
>> "view hidden folder option", but there was no uesr by the name of
>> "None". I looked on google for some time but all I managed to find was
>> that it could possibly be a remnant from a past OS or something. But
>> this computer had Vista installed on it when I got it. Also, it might
>> be some sort of guest that was made for my computer or something. My
>> own speculation is that it has something to do with the fact that I
>> used Cygwin to open up a tarball and create this folder. Anyway, what
>> does this user mean? Why does it have special permissions? Is it some
>> sort of sign that I have a back door somewhere on my computer or that
>> I'm being keylogged or something? Thanks in advance.

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus