[thelist] IIS Security
Paul Cowan
paul at wishlist.com.au
Wed Jul 25 02:46:39 CDT 2001
Hi Norman,
What you're probably seeing is a SID (Security IDentifier -- something
like {S-1-2-34-5678901234-5678901234-567890123-4567}), which is how NT
accounts are referenced internally (they are just converted to 'friendly'
account names like DOMAIN\username to stop admins from going mad).
You will sometimes see SIDs crop up on security permissions... e.g. a
file has "read" permission for DOMAIN\bob. The DOMAIN\bob account is later
deleted, but that doesn't go through the filesystem and remove all those
references. So when you view the file security permissons, it says:
Read: Fred
Change: Mohammed
Read: {S-1-2-34-5678901234-5678901234-567890123-4567}
(or words to that effect) because it now has no idea who that SID belongs
to.
If this is the sort of context you're seeing them in, you are GENERALLY
safe to delete those permissions. No guarantees they're not security
tokens from some other domain or something though...
Cheers,
Paul
More information about the thelist
mailing list