Security identifiers hidden that refer users to local administrator

[Tabita]

I'm using a VBS script to verify the network that I manage, which are PCs that still have the end user in local administrator group. For 3 PC network I have a strange result. In substance and the name of an end user who is administrator, I also have a SID type S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxx-xxxx. On the other hand if I check the status of users with "User Account" control panel, I see only the actual users nothing about what sid or which may be traced to another user. Sid that is as identifying a user that no longer exists but the control panel is no longer visible. You think you can clear this situation and get rid of in some way so that sid that the script did not intercept more?

[Mishra S]

When I was going through the same issue so at that time I have tried the following command: C: \ Program Files \ Test> PsGetsid.exe S-1-5-21-3184021381-1799195637-3160463927-2244. And I get this result: PsGetSid v1.44 - Translates SIDs to names and vice versa, Copyright (C) 1999-2008 Error querying SID: no mapping between account names and security IDs. And 'as if the SID is no longer associated with any but who remained in the system. It would be interesting to know how it can be deleted. Please note that this SID appears only querying the system with a vb script. So this much information I have related to it and I am sure you will get some kind of help from it.

[Unwanted]

I have also faced the same problem. And it was due to problems with the logon clients the times were too long and was generated from a temporary profile and user accounts it appeared the problem you mentioned. I solved this way: removing the offending account on the client from computer management, user accounts, checking the contents of the folder documents & settings and eventually I removed all the time profiles (from System Properties, Advanced, User Profiles, click Settings, select and delete the profiles. Cleanup of temp and registry and virus scanning. In my case the logon times were slowed by the presence of malware (viruses and spywares). Probably you are talking about 3 pc, have such problems. Check and let me know.

[Tabita]

I had already made the checks showing, because it seems obvious that this is the SID of users who have had access to the system and then removed. All three PCs have in effect a history of testing and management, "many hands" and then let it reinstall them but it would be good. But for a couple to reinstall it would be very heavy due to the presence of industrial applications to manage a bit 'dated and does not know anything installation, documentation missing. The interesting thing is that if you go to do some 'browsing in the local groups are seen these sid (instead of the name) in front with an asterisk to indicate I think the lack of matching with a user. Now try to remove them from those groups but I do not know enough for it to be completely erased. Basically it is about whether there is a way to do a thorough cleaning of the CIS remained of the user that was not taken properly. Next week I do some tests on one of these PCs (one XP Pro) because the other 2 are win2000 and for those it will be harder to clean.

[DaaruWala]

I read that you have found the cause of everything, but I wanted to add a few details: membership groups and ACL information is based on the CIS, as you know. Unfortunately you cannot update all the ACLs and group membership when a user is deleted automatically mean the operations of deleting a user could take few days! Similarly you can prepare a script to delete these items in a gradual manner from all folders. by repeating the command is:

Code:

xcacls.vbs cscript c: \ testss / R SID # <S-1-5-21-746137067-1606980248-1801674431-7026>

Where is the part of SID which is to be removed? Let me know if you need a hand with the script.