Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
JSI Tip 0519 - Everyone can find your renamed administrator.
Jerold Schulman
May 7, 1998
2 Min Read
Two small utilities for Windows NT allow you to query the SAM to find a SID for a given account name and vice versa.
Download SID.ZIP which contains User2sid.exe and Sid2user.exe.
User2sid is a command line interface to a WIN32 function, LookupAccountName. Usage:
user2sid [\computer_name] account_name
Sid2user is a command line interface to a WIN32 function, LookupSidName. Usage:
sid2user [\computer_name] authority subauthority1
Everyone can use these functions. To find out the name of your Administrator account:
user2sid "domain users"
S-1-5-21-201642981-56263093-24269216-513
This reveals the domain authority (5 21 201642981 56263093 24269216). The accounts are only different by the last string, the RID (513). To look up the built in Administrator:
sid2user 5 21 201642981 56263093 24269216 500
You can look up all the accounts:
sid2user 5 21 201642981 56263093 24269216 1000
sid2user 5 21 201642981 56263093 24269216 1001
sid2user 5 21 201642981 56263093 24269216 1002
.......
The Anonymous logon is also a member of Everyone, so if you don't disable it:
nslookup www.xyz.com or tracert www.xyz.com displays the IP Address.
net use \131.107.2.200ipc$ "" /user:""
The command completed successfully.
user2sid \131.107.2.200 "domain users"
S-1-5-21-201642981-56263093-24269216-513
Number of subauthorities is 5
Domain is XYZ_domain
Length of SID in memory is 28 bytes
Type of SID is SidTypeGroup
sid2user \131.107.2.200 5 21 201642981 56263093 24269216 500
Name is XYZAdmin
Domain is XYZ_domain
Type of SID is SidTypeUser
sid2user \131.107.2.200 5 21 201642981 56263093 24269216 1000
Name is
Domain is XYZ_domain
Type of SID is SidTypeDeletedAccount
sid2user \131.107.2.200 5 21 201642981 56263093 24269216 1001
Name is Simpson
Domain is XYZ_domain
Type of SID is SidTypeUser
sid2user \131.107.2.200 5 21 201642981 56263093 24269216 1112
LookupSidName failed - no such account
To restrict Anonymous logons, edit:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLSA
On the edit menu, Add Value name RestrictAnonymous and set this REG_DWORD to 1. You must reboot.
About the Author(s)
You May Also Like
.jpg?width=700&auto=webp&quality=80&disable=upscale)
_(1).png?width=700&auto=webp&quality=80&disable=upscale)
.png?width=700&auto=webp&quality=80&disable=upscale)