Unidentified Local User
Results 1 to 10 of 10

Thread: Unidentified Local User

  1. #1
    Senior Member
    Join Date
    Nov 2001
    Posts
    127

    Unidentified Local User

    I have a user called "S-1-5-21-1761633107-36919189-275499408-1001" that I cannot seem to remove from security permissions. Not to sound like a novice, but what is this and how can I remove it. In my user accounts there is an ASP.NET account I never installed knowingly. Are they related and what is their function. The main reason for my concern is that I cannot download from the internet. Everything fails then disappears. And if I can trick the machine into downloading something I cannot access it due to permissions although I have full rights. The machine is on a workgroup network and I have checked for viral infections. Any thoughts?

    P.S. I am using Firefox and Chrome. I have IE8 set to block everything except updates. Webpages work, just not downloadable content.
    sandwich.

  2. #2
    AO's Filibustier Cheap Scotch Ron's Avatar
    Join Date
    Nov 2008
    Location
    Swamps of Jersey
    Posts
    378

    re: ULU

    The user is a Security Identifier (SID) use by windows to control access and assign privs. Here's an overview...
    http://en.wikipedia.org/wiki/Security_Identifier

    The local user ASP.NET gets created when you install the microsoft .net framework.

    CSR
    In God We Trust....Everything else we backup.

  3. #3
    AO Guinness Monster MURACU's Avatar
    Join Date
    Jan 2004
    Location
    paris
    Posts
    1,003
    Hi,
    To find out the name of the account associated with an SID you can (works with XP may not work with later versions of windows server though):

    1. Open Registry Editor and navigate to:

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion \ProfileList
    2. Under the ProfileList key, you will see the SIDs. By selecting each one individually, you can look at the value entry and see what user name is associated with that particular SID.

    http://support.microsoft.com/kb/154599

    Cheers
    Muarcu
    \"America is the only country that went from barbarism to decadence without civilization in between.\"
    \"The reason we are so pleased to find other people\'s secrets is that it distracts public attention from our own.\"
    Oscar Wilde(1854-1900)

  4. #4
    Senior Member
    Join Date
    Nov 2001
    Posts
    127
    Do you think this account has anything to do with me being locked out of running .exe files? I am getting a permissions error.
    sandwich.

  5. #5
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Are you administrator of the machine??

    Are you member of a domain...maybe it is part of the group policy that you cant run .exes??

    MLF

  6. #6
    Senior Member
    Join Date
    Nov 2001
    Posts
    127
    Nope. It's my home desktop on a standard workgroup network. This issue just happened recently out of the blue.
    sandwich.

  7. #7
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Not sure of what OS you are running...

    but is sounds like someone has been playing with permissions and security settings???

    You can reset

    http://support.microsoft.com/kb/313222


    MLF

  8. #8
    Senior Member
    Join Date
    Nov 2001
    Posts
    127
    I am running XP Pro. I haven't Done anything out of the ordinary since it is my primary system and do most experimentation in VMware. I will try the reset you posted.
    sandwich.

  9. #9
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hi Bob,

    In my user accounts there is an ASP.NET account I never installed knowingly.
    Does it drive a yellow, 1930's Maserati............... like my one does?


  10. #10
    Keeping The Balance CybertecOne's Avatar
    Join Date
    Aug 2004
    Location
    Australia
    Posts
    660
    Or Profile Corruption - Strange I know, but I have seen it

    IMO, the best solution is to create a new account for yourself (with admin rights, at first) and then redo the security on the 'old profile' and copy your files/documents into your new profile folders.

    Delete orphan SSID entries and delete the old account, and use your new one.

    ----

    If there were no other symptoms and it was just an orphan SSID, it could be an account on a different computer that is not reachable. Think domain account or manual permissions for a small workgroup that is disconnected.....
    "Any intelligent fool can make things bigger and more complex... It takes a touch of genius --- and a lot of courage to move in the opposite direction."
    - Albert Einstein

Similar Threads

  1. Windows Error Messages
    By cheyenne1212 in forum Miscellaneous Security Discussions
    Replies: 7
    Last Post: February 1st, 2012, 02:51 PM
  2. Protecting your privacy at the local coffee shop
    By Irongeek in forum The Security Tutorials Forum
    Replies: 8
    Last Post: February 16th, 2006, 12:22 PM
  3. Logwatch
    By steve.milner in forum IDS & Scanner Discussions
    Replies: 5
    Last Post: August 12th, 2004, 01:23 PM
  4. Newbies, list of many words definitions.
    By -DaRK-RaiDeR- in forum Newbie Security Questions
    Replies: 9
    Last Post: December 14th, 2002, 08:38 PM
  5. Solaris Hardening
    By R0n1n in forum *nix Security Discussions
    Replies: 3
    Last Post: November 20th, 2002, 02:20 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •