Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Subject: Re: Account Unknown
From: Mike T (webdvlprHOTMAIL.COM)
Date: Fri Sep 22 2000 - 15:11:39 CDT
- Next message: George Milliken: "twofish encrypting version of netcat released by farm9"
- Previous message: sozni: "Re: FTP on IIS servers"
- In reply to: Conor Crowley: "Account Unknown"
- Reply: Mike T: "Re: Account Unknown"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> Has anybody seen a case where a NT Group contains member(s) "account
> unknown"? And could this be indicative of a comprimised system?
Nope, but it DOES, however, indicate poor practice. In NT4, when you delete
an account without removing it from a group, it'll leave a "ghost" SID in
all groups that it's a member of. Not to start any holy wars, but I remove
an account from all groups which is was a member of, and prepend the account
ID with dis_ before disabling it. There's no dangling SID's, and it's easy
to find who's alive and who's not.