Re: IIS6.0 MSCS DCOM setting

From: Mike Rosado [MSFT] (mikeros_at_online.microsoft.com)
Date: 09/16/04 

Date: Wed, 15 Sep 2004 23:31:22 -0500

Hi Dragon Boy,

I'm by no means an expert in this subject matter in IIS, DCOM nor User
accounts, but I'll try to assist you to the best of my ability.
But if I'm not mistaken, the SELF is Prinicpal Self SID and SYSTEM is Local
System SID.

243330 Well Known Security Identifiers in Windows Server Operating Systems
http://support.microsoft.com/?id=243330

- SID: S-1-5-10 Name: Principal Self
Description: A placeholder in an inheritable ACE on an account object or
group object in Active Directory. When the ACE is inherited, the system
replaces this SID with the SID for the security principal who holds the
account.

- SID: S-1-5-18 Name: Local System
Description: A service account that is used by the operating system. 

-- 
Hope this helps,
Mike Rosado
Windows 2000 MCSE + MCDBA
Microsoft Enterprise Platform Support
Windows NT/2000/2003 Cluster Technologies
====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
<http://www.microsoft.com/info/cpyright.htm>
-----Original Message-----
"DragonBoy" <DragonBoy@discussions.microsoft.com> wrote in message
news:78F5E37C-9EB7-4C83-9FA6-17F273F85976@microsoft.com...
> Hi, all
>
> I just want to know about "SELF" user or group? I do not know about it and
> cannot obtain infomation about it. If you know some, please let me know.
>
> 1. Please try the following at a command prompt
>
> > dcomcnfg.exe
>
> 2. Expand Component Services/Computers
> 3. Right click on My Computer and select Properties.
> 4. From Properties, select the Default COM Security tab.
> 5. Under Access Permissions click on "Edit Default"
>
> Now, you should be able to see "SELF" and "SYSTEM", you know who they are?
> Where are they living? Where do they come from? What are they doing? What
> kinda authority they've got? Do they a user or group? I can't see "SELF"
> anywhere, it's a big myth now.
>
> If anyone knows about them, please let me know.
> Thanks.
>
> -- 
> Best regards,
>
> DragonBoy
>
>

Relevant Pages

  • RE: [in] Re: [Full-Disclosure] IE is just as safe as FireFox
    ... The first account created on Windows is Administrator, ... and even it had poor initial security when it was really tested. ... doesn't require admin either). ...
    (Full-Disclosure)
  • Re: Need help closing security holes in my Windows XP home system!
    ... >>stop using the win xp user account with admin, ... >>windows as the admin, ... then you really don't understand security for the ...
    (comp.security.firewalls)
  • Re: Home Networking/Firewall problem
    ... security design flaws. ... which open windows. ... Sebastian calles this an "attack vector", ... Add an extra user account. ...
    (comp.security.firewalls)
  • Re: EFS on crashed OS
    ... when the client logs on (user account was ... Under the new instance of Windows, import the EFS certificate that should've ... They got a new SID in the new instance ... use the Administrator account to take ownership and then give ownership ...
    (microsoft.public.security)
  • Re: what is reset account?
    ... No I don't think that policy value was available in Windows 2000. ... I believe the policy was added in K3, but the reg value works in 2K as well as NT. ... windows 2000 server security options. ... deployed based on computer account. ...
    (microsoft.public.win2000.active_directory)
Loading