February 3rd, 2010, 04:06 AM
Unidentified Local User
I have a user called "S-1-5-21-1761633107-36919189-275499408-1001" that I cannot seem to remove from security permissions. Not to sound like a novice, but what is this and how can I remove it. In my user accounts there is an ASP.NET account I never installed knowingly. Are they related and what is their function. The main reason for my concern is that I cannot download from the internet. Everything fails then disappears. And if I can trick the machine into downloading something I cannot access it due to permissions although I have full rights. The machine is on a workgroup network and I have checked for viral infections. Any thoughts?
P.S. I am using Firefox and Chrome. I have IE8 set to block everything except updates. Webpages work, just not downloadable content.
February 3rd, 2010, 11:51 AM
The user is a Security Identifier (SID) use by windows to control access and assign privs. Here's an overview...
The local user ASP.NET gets created when you install the microsoft .net framework.
In God We Trust....Everything else we backup.
February 3rd, 2010, 12:06 PM
To find out the name of the account associated with an SID you can (works with XP may not work with later versions of windows server though):
- Open Registry Editor and navigate to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion \ProfileList
- Under the ProfileList key, you will see the SIDs. By selecting each one individually, you can look at the value entry and see what user name is associated with that particular SID.
\"America is the only country that went from barbarism to decadence without civilization in between.\"
\"The reason we are so pleased to find other people\'s secrets is that it distracts public attention from our own.\"
February 3rd, 2010, 03:13 PM
Do you think this account has anything to do with me being locked out of running .exe files? I am getting a permissions error.
February 3rd, 2010, 03:24 PM
Are you administrator of the machine??
Are you member of a domain...maybe it is part of the group policy that you cant run .exes??
February 4th, 2010, 12:11 AM
Nope. It's my home desktop on a standard workgroup network. This issue just happened recently out of the blue.
February 4th, 2010, 01:49 PM
Not sure of what OS you are running...
but is sounds like someone has been playing with permissions and security settings???
You can reset
February 4th, 2010, 02:49 PM
I am running XP Pro. I haven't Done anything out of the ordinary since it is my primary system and do most experimentation in VMware. I will try the reset you posted.
February 4th, 2010, 08:13 PM
Does it drive a yellow, 1930's Maserati............... like my one does?
In my user accounts there is an ASP.NET account I never installed knowingly.
February 5th, 2010, 08:27 AM
Or Profile Corruption - Strange I know, but I have seen it
IMO, the best solution is to create a new account for yourself (with admin rights, at first) and then redo the security on the 'old profile' and copy your files/documents into your new profile folders.
Delete orphan SSID entries and delete the old account, and use your new one.
If there were no other symptoms and it was just an orphan SSID, it could be an account on a different computer that is not reachable. Think domain account or manual permissions for a small workgroup that is disconnected.....
"Any intelligent fool can make things bigger and more complex... It takes a touch of genius --- and a lot of courage to move in the opposite direction."
- Albert Einstein
By cheyenne1212 in forum Miscellaneous Security Discussions
Last Post: February 1st, 2012, 01:51 PM
By Irongeek in forum The Security Tutorials Forum
Last Post: February 16th, 2006, 11:22 AM
By steve.milner in forum IDS & Scanner Discussions
Last Post: August 12th, 2004, 12:23 PM
By -DaRK-RaiDeR- in forum Newbie Security Questions
Last Post: December 14th, 2002, 07:38 PM
By R0n1n in forum *nix Security Discussions
Last Post: November 20th, 2002, 01:20 PM