Skip navigation
Menu
Compute Engines

JSI Tip 0519 - Everyone can find your renamed administrator.

Downloads
sid.zip

Two small utilities for Windows NT allow you to query the SAM to find a SID for a given account name and vice versa.

Download SID.ZIP which contains User2sid.exe and Sid2user.exe.

User2sid is a command line interface to a WIN32 function, LookupAccountName. Usage:

user2sid \[\\computer_name\] account_name

Sid2user is a command line interface to a WIN32 function, LookupSidName. Usage:

sid2user \[\\computer_name\] authority subauthority1

Everyone can use these functions. To find out the name of your Administrator account:

user2sid "domain users"

S-1-5-21-201642981-56263093-24269216-513

This reveals the domain authority (5 21 201642981 56263093 24269216). The accounts are only different by the last string, the RID (513). To look up the built in Administrator:

sid2user 5 21 201642981 56263093 24269216 500

You can look up all the accounts:

sid2user 5 21 201642981 56263093 24269216 1000
sid2user 5 21 201642981 56263093 24269216 1001
sid2user 5 21 201642981 56263093 24269216 1002
.......

The Anonymous logon is also a member of Everyone, so if you don't disable it:

nslookup www.xyz.com      or      tracert www.xyz.com displays the IP Address.

net use \\131.107.2.200\ipc$ "" /user:""
The command completed successfully.

user2sid \\131.107.2.200 "domain users"

S-1-5-21-201642981-56263093-24269216-513

Number of subauthorities is 5
Domain is XYZ_domain
Length of SID in memory is 28 bytes
Type of SID is SidTypeGroup

sid2user \\131.107.2.200 5 21 201642981 56263093 24269216 500

Name is XYZAdmin
Domain is XYZ_domain
Type of SID is SidTypeUser

sid2user \\131.107.2.200 5 21 201642981 56263093 24269216 1000

Name is
Domain is XYZ_domain
Type of SID is SidTypeDeletedAccount

sid2user \\131.107.2.200 5 21 201642981 56263093 24269216 1001

Name is Simpson
Domain is XYZ_domain
Type of SID is SidTypeUser

sid2user \\131.107.2.200 5 21 201642981 56263093 24269216 1112

LookupSidName failed - no such account

To restrict Anonymous logons, edit:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA

On the edit menu, Add Value name RestrictAnonymous and set this REG_DWORD to 1. You must reboot.

Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
empty cockpit of autonomous car
What Is a Real-Time Operating System, and Who Needs One?
Mar 05, 2024
ERP button on keyboard
5 ERP Trends to Watch in 2024
Jan 17, 2024
automation key on keyboard
Storage Management as a Case Study for Network Automation Adoption
Dec 21, 2023
Abstract technology concept lighting effect on dark blue background
Top 10 Stories About Compute Engines, Linux in 2023
Dec 18, 2023