Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Unknown Administrator

Status
Not open for further replies.
lanraider

lanraider

IS-IT--Management
Nov 19, 2001
5
0
0
US
Hello All,

After running the MS Baseline Security Analyzer, it flagged me for having more than two administrator accounts. I recognize two, but the third...
This is the account name: S-1-5-21-2190867815-3604470327-847386435-1003. It is not listed in Local Administrators Group or anywhere else that I can find. I'd like to know who this mystery admin is. Anyone have an idea of how I can find out?
 
Sort by date Sort by votes
What is your setup? Dual boot, standalone, on a Network?
 
Upvote 0 Downvote
Sorry. That would help a little, wouldn't it?
XP Home, local network with 2 other PCs, one running W2K and the other another XP Home. Cable modem, Linksys 4port router. All PCs have ZA and Norton. My PC also has TDS-3, which says I am trojan free.
 
Upvote 0 Downvote
Has one of the attached PC's been accessing your computer as an Administrator user and left its details in there?

Also when you run TDS-3 is it scanning the other computers drives?
 
Upvote 0 Downvote
That S-1-5-... number is a SID. A SID is a random number assigned to every user on the system. The fact that you see the SID as a number, and that WinXP can't look up the real name probably means it is an artifact left behind by something. By any chance did you clone the WinXP from another system using ghost or driveimage?
 
Upvote 0 Downvote

linney and DanMc,

TDS-3 only used for my PC, so far.
A few weeks ago, the other WinXP PC was found to be infested with
Gator, and was restored from the Compaq restore CD. At that time, the
security log from that PC had numerous anonymous logons, some of which
were for my PC.I didn't connect the two events until you two brought up
the remote access questions.
This is great. I think this proves that three heads are better than
one. OK, we pretty much know where it came from, now how do I get rid of it?


 
Upvote 0 Downvote
If you want your machines to communicate and access files etc. some permissions (user rights) will be necessary if you are using NTFS.

As this is XP Home to access the Security Tab and thereby user permissions it will have to be done via Safe Mode.

Also I was reading in the TDS-3 forum that if you set TDS to scan "all logical drives" it will actually scan all the drives on your network. You might like to check that out and see if it is so.

This link might be interesting too.

 
Upvote 0 Downvote
Thanks very much for your input, guys.
linney, I'll post back about TDS-3.

Thanks again

lanraider
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

theConjurian
  • Locked
  • Question
No administrator rights after upgrading to Windows 11
Replies
19
Views
351
goombawaho
goombawaho
marcustherock
  • Locked
  • Question
access denied on all folders for administrator
Replies
2
Views
46
goombawaho
goombawaho
VicM
  • Locked
  • Question
Folder owner 'unknown', won't allow change to me or admin
Replies
2
Views
18
VicM
VicM
dan08
  • Locked
  • Question
Work as administrator while logged in as regular user 1
Replies
8
Views
42
dan08
dan08
debful
  • Locked
  • Question
Administrator privileges - Windows 7 Home 64 bit 1
Replies
1
Views
19
linney
linney

Part and Inventory Search

Sponsor

Back
Top