Re: Filtered Sid

Log: Security
Source: Microsoft Windows security auditing.
ID: 4675

The description says that a SID has been filtered, even though SID filtering
is deactivated on the trust relationship.

Thanks!

Jeff Courteau





"Jorge de Almeida Pinto [MVP - DS]" wrote:

to do you have the event in question? every info from it (ID, source,
description, etc)

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Jeff Courteau" <JeffCourteau@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:7A5AC91F-B779-464F-8F35-A4AE0D0D0986@xxxxxxxxxxxxxxxx
The security log on the 2008 file server. However, if the file server is a
Windows server 2003 member of my 2008 domain, there is no problem at
all...

Thanks!

Jeff Courteau



"Jorge de Almeida Pinto [MVP - DS]" wrote:

The security log says that a SID has been filtered.

which security log? (which DC?, 2003 or 2008?)
--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Jeff Courteau" <Jeff Courteau@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:25DF7EB9-9C81-4913-8A2B-404BD5032562@xxxxxxxxxxxxxxxx
Hi there,

We just created a forest trust relationship between an AD2003 domain
and
an
AD2008 domain. We are experiencing a really wierd issue. Here it is:

A user from the 2003 domain needs to have a permission to access a
shared
folder on a member server of the 2008 domain. If we put the 2003 domain
user
in a 2008 local domain group and then give the permission to this group
to
access the folder on the 2008 member server, it fails. The security log
says
that a SID has been filtered.

If we explicitly give the permission to the same user on the same
folder,
it
is successful.

If we put the 2003 user in a 2003 domain universal group, then put that
universal group in the 2008 local domain group then give permission to
the
local domain group on the 2008 file server, it still fails, and gives
the
same security event.

If we promote our 2008 file server as a DC, it starts to work. If we
demote
it back as a file server, it continues to work.

- I compared ALL the local and domain policies, and everything seems
fine.
- I made sure that SID filtering is disabled on the trust relationship
(anyway, it shouldn't be a concern, since it is a forest trust)
- I made sure SID History is enabled on the trust relationship (but
this
too
shouldn't be a concern since the user has not been migrated)

What could I do next to troubleshoot this issue?




.

Relevant Pages

  • Re: forest trust issue
    ... To improve the security of this external trust, security identifier filtering is enabled. ... However, if users have been migrated to the trusted domain and their SID histories have been preserved, you may choose to turn off this feature. ... For more information about SID filtering and how to turn it off, see the help for the netdom trust /FilterSids or see Help and Support. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Least User Priviledges for Network Administrators
    ... Trust how? ... Do we trust them to maintain network equipment? ... Do we trust them to observe proper security practices on the desktop, ... Training users that need administrator access to logon as a regular ...
    (microsoft.public.windowsxp.security_admin)
  • Re: SID History and SID Filtering questions (netdom)
    ... group policies rebooted the lab DC's and tried the command, netdom ... ... Oh and by the way the Technet doc on how to create a SID mapping file ... SID filtering is enabled automatically on any trust relationships created by domain controllers running Windows 2000 Service Pack 4 or Windows Server 2003. ...
    (microsoft.public.windows.server.migration)
  • Re: That Old Anthrax Case
    ... trust anything that comes from the federal government anymore. ... to do with the anthrax mailings and sued the FBI, ... Apparantly security is rather lax and there are ... contractors who don't use such documentation. ...
    (soc.retirement)
  • Re: SID History and SID Filtering questions (netdom)
    ... SID filtering is enabled automatically on any trust relationships created ... by domain controllers running Windows 2000 Service Pack 4 or Windows Server ... you can manually enable it by using the Netdom trust command line ... To disable SID ...
    (microsoft.public.windows.server.migration)