unknowen user added themself with full permissions XP
Results 1 to 6 of 6

Thread: unknowen user added themself with full permissions XP

  1. #1
    Senior Member
    Join Date
    Feb 2003
    Posts
    282

    unknowen user added themself with full permissions XP

    A unknowen user has poped into my system. I have file shareing enabled for my network and this user has somehow added themself to certian folder shares with full permissions. It is a numeric username and apears it might have been machine generated but I am unsure. Each time this user apeard in my shares I deleted without thinking to take a screenshot. However the user can still be seen in my registry as attached. My administrative tools, computer management does not list this user. And this is what I don't understand.

    Can someone help me out, might I have become comprimized, or perhaps a machine generated user for shareing purposes.

    Should I be woryed?

  2. #2
    Banned
    Join Date
    Apr 2003
    Posts
    1,147
    No worries, mate. That's the local system account. It should have full access to everything.


  3. #3
    Junior Member
    Join Date
    Sep 2003
    Posts
    9
    I just checked my registry and have the same person, but I have no shared files or printers. As a matter of fact my sharing is disabled for the sheer fact of intrusion which I understand is not an option for you on a network. I would save the settings and change the values if you are that worried. Sometimes by changing the values you can ruin or distort what the intuder (if there is one) is seeing or has the ability to run. Just a thought and I am sure someone has way better ideas, but I thought I would share my experience.

  4. #4
    Senior Member
    Join Date
    Feb 2003
    Posts
    282
    Thank you, glad its my system. My file shares are not visible with network scaners as I have tested outside my network, so it seemed strange how this account apeared.

    This makes me feel much safer now that my system is the culprit. Thanks.

  5. #5
    Junior Member
    Join Date
    Dec 2003
    Posts
    2
    I also have the same users under my registry. Do you have Visual Studio .net installed in your computer? I think the users added in your registry was a result of installing dot net..

  6. #6
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    This SID, S-1-5-18 is the "LocalSystem" account. You can see this here

    http://msdn.microsoft.com/library/de...known_sids.asp

    It isn't a security risk, so there is nothing to worry about.

    I don't know why it's shown in numeric form in an ACL box, rather than "NT Authority\LocalSystem", as I would expect.

    Slarty

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •