Referring to HKEY_USERS\S-1-5-21-83194588-1107328243-1373009395-1018\Software\Classes
does S-1-5-21-83194588-1107328243-1373009395-1018 identify any particular computer? What's the meaning of the S-1-5-21-83194588-1107328243-1373009395-1018?
HKEY_USERS\S-1-5-21-83194588-1107328243-1373009395-1018
-
- 2StarLounger
- Posts: 105
- Joined: 19 Apr 2010, 10:25
- Location: Hong Kong
HKEY_USERS\S-1-5-21-83194588-1107328243-1373009395-1018
Regards,
Armstrong
Armstrong
-
- Administrator
- Posts: 78588
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Re: HKEY_USERS\S-1-5-21-83194588-1107328243-1373009395-1018
S-1-5-21-83194588-1107328243-1373009395-1018 refers to one of the user accounts - it is the internal security identifier that won't change even if you change the username.
S-1-5-18 is 'Local System'.
S-1-5-19 is 'NT authority - local service'.
S-1-5-20 is 'NT authority - network service'.
These accounts are used by the operating system.
The long user IDs are actual users, such as you. To find out which one you are, look at HKEY_CURRENT_USERS\Identities and compare the Default User ID to those under HKEY_USERS.
S-1-5-18 is 'Local System'.
S-1-5-19 is 'NT authority - local service'.
S-1-5-20 is 'NT authority - network service'.
These accounts are used by the operating system.
The long user IDs are actual users, such as you. To find out which one you are, look at HKEY_CURRENT_USERS\Identities and compare the Default User ID to those under HKEY_USERS.
Best wishes,
Hans
Hans
-
- 2StarLounger
- Posts: 105
- Joined: 19 Apr 2010, 10:25
- Location: Hong Kong
Re: HKEY_USERS\S-1-5-21-83194588-1107328243-1373009395-1018
Hi HansV,
Thanks for your useful help.
Looking up http://support.microsoft.com/kb/243330" onclick="window.open(this.href);return false;, S-1-5-21 turns out to be a guest.
Does exposing, say, HKEY_USERS\S-1-5-21-83194588-1107328243-1373009395-1018 facilitate hacker attacks and thus pose a security concern?
Thanks for your useful help.
Looking up http://support.microsoft.com/kb/243330" onclick="window.open(this.href);return false;, S-1-5-21 turns out to be a guest.
Does exposing, say, HKEY_USERS\S-1-5-21-83194588-1107328243-1373009395-1018 facilitate hacker attacks and thus pose a security concern?
Regards,
Armstrong
Armstrong
-
- Administrator
- Posts: 78588
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Re: HKEY_USERS\S-1-5-21-83194588-1107328243-1373009395-1018
No, I don't think so. The currently active user is always HKEY_CURRENT_USER, regardless of its security identifier. Hackers don't have to take any guesses about that.
Best wishes,
Hans
Hans
-
- 2StarLounger
- Posts: 105
- Joined: 19 Apr 2010, 10:25
- Location: Hong Kong
-
- SilverLounger
- Posts: 2072
- Joined: 25 Jan 2010, 02:12
Re: HKEY_USERS\S-1-5-21-83194588-1107328243-1373009395-1018
The SID you've listed is your user account. The guest account would end in 501. A domain guest account would end in 514.
Joe
Joe
Joe
-
- 2StarLounger
- Posts: 105
- Joined: 19 Apr 2010, 10:25
- Location: Hong Kong
Re: HKEY_USERS\S-1-5-21-83194588-1107328243-1373009395-1018
Hi Joe,
Thanks for your quick help. Do you mean 1018 signify a user account?
Thanks for your quick help. Do you mean 1018 signify a user account?
Regards,
Armstrong
Armstrong
-
- SilverLounger
- Posts: 2072
- Joined: 25 Jan 2010, 02:12
Re: HKEY_USERS\S-1-5-21-83194588-1107328243-1373009395-1018
Not necessarily. It can be a user or group. See Wikipedia - Windows SID, Describe the Windows SID, and Technet - SID structure.
Joe
Joe
Joe
-
- 2StarLounger
- Posts: 105
- Joined: 19 Apr 2010, 10:25
- Location: Hong Kong
Re: HKEY_USERS\S-1-5-21-83194588-1107328243-1373009395-1018
Joe,
Thanks for the extensive links.
Thanks for the extensive links.
Regards,
Armstrong
Armstrong