Re: strange user id's

Hi,

i don't know if i'm right. But that has got nothing to do with IIS.
What you have seen is the SID of a user account which was given access to a
particular folder.
The SID gets stored in the DACL of the object. When you remove the account
from AD, the SID in the DACL is not removed.
That results in you seeing that long string of numbers.

You can safely remove this because that account has been removed from your
AD.
You can reproduce this error by creating a user account, grant it permission
to a file. Then delete the user from AD and you should see the long string
of numbers after acouple of hours.

As for the removing of the accounts, the permission was added at a higher
level. Don't do what you are practising. Identify the parent folder and try
to look for the entry from the top. Hint: If its the top, the permissions
will not be greyed out. If its greyed out, its permission inserted from the
current object's parent.

Have fun,
Dennis

"bbxrider" <bxtrap01@xxxxxxxxxxx> wrote in message
news:O9Kw2VAWFHA.2072@xxxxxxxxxxxxxxxxxxxxxxx
> for win2k adv server and iis 5.0
> i have these strange user ids showing up in my persmissions for folders
> accessed by .asp progs that handle forms from web pages.
> for example
> s-1-5-21-1708537768-436374069-8542455398-1015, with a kinda greyed out
> profile logo with a question mark. they only have write and modify
> persmissions
> for the asp prog to be able to write there, i gave the internet guest
> acct,
> read and write privilege only
>
> it seems they are somehow being generated by win2k or iis?? yes??
> don't understand why they don't go away after reboots, etc if they are in
> fact 'temp' accts used by the system to get its work done, when i go to
> remove, get message they can't be removed until i take away its ability to
> inherit permissions. so i do that, but am concerned my setup isn't right
> for
> these to be left hanging out there.
> anybody seen this before??
>
>


.

Relevant Pages

  • RE: IUSR_ (Server A) -> Account Unknown (Server B) problem
    ... to adjust the permissions manually. ... Each user account has a unique SID. ...
    (microsoft.public.windows.server.migration)
  • RE: Permission error?
    ... | You do not have permission to view this page using your current user ... | If you have another user account with a higher level of permission, ... I am logged in as administrator. ...
    (microsoft.public.frontpage.extensions.windowsnt)
  • Re: cant modify a users profile path
    ... You have two specific user account in the SBS domain that you cannot change ... please try to verify the permission on those two specific user ... Check whether the administrator account have the full control ...
    (microsoft.public.windows.server.sbs)
  • Re: Migrating NT accounts with SID History - What happens when old domain is removed?
    ... We're in the process of migrating users from our NT_Domain to our ... At the moment i use ADMT v2 and migrate the SID history also. ... This means that when a user with the NT_Domain account has access to ... permission due to the SID being the same. ...
    (microsoft.public.windows.server.active_directory)
  • RE: Odd requirements from IIS 5
    ... Log in locally and permission on Full D drive is not at all required. ... permission is enough to act as a FTP account. ... Please create simple user account Tom with default user permission ... Create folders called "tom" inside the FTP folder and give full ...
    (microsoft.public.win2000.advanced_server)
Quantcast