Saturday, March 14, 2009

Unresolved SIDs

When we are working on cleaning up security in a Active Directory environment using Varonis DatAdvantage, one of the common problems that we run across are SIDs that Varonis cannot resolve to a useful name. In most cases this is because someone has deleted the user from Active Directory, rather than just disabling the user account. However, there are cases when the SID (security identifier) represents a group or machine account. Here is an example:

SID: S-1-5-32-544

Nobody ever remembers what those are. In walks Jennifer!

A Varonis user that we were working with, Jennifer Crusade, found this great Knowledge Base article that explains common security identifiers in Windows operating systems.

Hope this helps you resolve a question or two.

Friday, March 6, 2009

Turning off the Windows Server - Shutdown Event Tracker

I often need to reboot the lab server that I am working on. One of the minor annoyances is the Shutdown Event Tracker that pops up and asks for a reason. When you are restarting the box several times during one work period this can be a real pain. So I learned how to shut it off.

Running gpedit.msc (Group Policy Object Editor) gives you the option to change this. Go to Computer Configuration:Administrative Templates:System and find the Display Shutdown Event Tracker settting.

Change the setting to Disabled and you are all set. Another minute saved.