Q. What are the Relative Identifiers (RIDs) of a domain's built-in accounts?

A. Every object in a domain has a SID, which consists of the domain's SID and a RID. For built-in objects, such as built-in accounts, these RIDs are hard-coded. The table at Table lists the built-in objects, their RIDs, and the object type. The fact that RIDs are hard-coded explains why merely renaming, say, the Domain Administrator object doesn't often thwart an intruder, who can simply locate the account by using the RID 500. However, you can create a honeypot by renaming the Domain Administrator account and creating a new account called Domain Administrator that has no permissions. You can use the bogus Domain Administrator account to fool hackers into attacking it, then log the attacks and delay any real damage to the bona fide Domain Administrator account.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish