Boswell's Q&A
Eyes of the World SID
How to find the Everyone group where you might not think to look.
- By Bill Boswell
- 01/01/2004
Bill: I installed Microsoft Exchange 2003 on
a Windows 2000 server; Exchange 2000 was already installed on the same
server but not in use. We upgraded to Exchange 2003 over the top of Exchange
2000, then migrated mail boxes, etc., over to the new server. Mail works
fine, and other groups are visible and work fine. But, I can not, for
the life of me, find the "Everyone" group! If I try to create
it, it says it already exists. I can't see it in Active Directory either.
Any ideas? I searched briefly in my Exchange 2003 Admin guide, but no
luck.
—James
James: The "Everyone" group is not so much a
group as it is a label, like Deadheads. You don't need ever to have seen
Jerry Garcia in concert to belong to the Deadheads. All you need to do
is put a Deadhead sticker on the primer covering the trunk of your Pontiac
Bonneville and you're in.
The Everyone group belongs to set of special accounts called Well-Known
SIDs. The Everyone group SID is S-1-1-0, also known as the World SID.
So, automatically consider yourself a member of that account.
Get
Help from Bill |
Got a Windows or Exchange question or need troubleshooting
help? Or maybe you want a better explanation than provided
in the manuals? Describe your dilemma in an e-mail
to Bill at mailto:[email protected];
the best questions get answered in this column.
When you send your questions, please include your
full first and last name, location, certifications (if
any) with your message. (If you prefer to remain anonymous,
specify this in your message but submit the requested
information for verification purposes.)
|
|
|
When you log onto a Windows 2000, Windows 2003 or Windows machine, the
Local Security Authority Subsystem (LSASS) puts any Well-Known SIDs that
apply to your logon situation into your access token. If you make a network
connection to a server, then your local access token would contain the
Network SID S-1-1-20 along with the Everyone SID and a few other well-known
SIDs. If you were to log onto the console of the server instead, you'd
get the Interactive SID in your access token and not the Network SID.
You can find the well-known SIDs in Active Directory in a container called
WellKnown Security Principals. To see this container, launch Adsiedit.msc
or Ldp from the Windows Server 2003 Support Tools and use it to view the
top-level containers inside the Configuration naming context. Here's a
list of the well-known SIDs and their friendly names:
Friendly
Name |
Well-Known
SID |
Anonymous Logon |
S-1-5-7 |
Authenticated Users |
S-1-5-11 |
Batch |
S-1-5-3 |
Creator Group |
S-1-3-0 |
Creator Owner |
S-1-3-1 |
Dialup |
S-1-5-1 |
Digest Authentication |
S-1-5-64-21 |
Enterprise
Domain Controllers |
S-1-1-9 |
Everyone |
S-1-1-0 |
Interactive |
S-1-5-4 |
Local Service |
S-1-15-19 |
Network |
S-1-5-2 |
Network Service |
S-1-1-20 |
NTLM Authentication |
S-1-5-64-10 |
Other Organization |
S-1-5-1000 |
Proxy |
S-1-5-8 |
Remote
Interactive Logon |
S-1-5-14 |
Restricted |
S-1-5-12 |
SChannel Authentication |
S-1-5-64-14 |
Self |
S-1-5-10 |
Service |
S-1-5-6 |
Terminal Server User |
S-1-5-13 |
This Organization |
S-1-5-15 |
Well-Known-Security-
Id-System |
S-1-5-18 |
|
The Everyone group takes on a new significance in Windows Server 2003
because, for the first time in a Windows operating system, the Everyone
group does not get added to the access token of a null session. In other
words, if a process makes an anonymous network connection to a Windows
2003 server, the process does not get the Everyone SID. It only gets the
Anonymous Logon SID, which has virtually no privileges in the operating
system.
Hope this helps.
Clearing the Air on Antivirus
After
last week's column concerning cleaning out Norton Antivirus
(NAV) entries from the Registry, a few readers wrote in with the names
of Symantec tools that specialize in this work so you can avoid digging
around in the Registry yourself. (Sort of a digital drain cleaner, I guess.)
For the personal edition of NAV, Phillip recommends using the RNAV utility.
Download it from http://service1.symantec.com/SUPPORT/nav.nsf/docid/2001092114452606?
Open&src=sg&docid=1999092715593506&nsf=nav.nsf&view=
df0a595864594c86852567ac0063608c&dtype=&prod=&ver=&osv=&osv_lvl=.
For the corporate edition of NAV, Gabriele recommends the NoNAV utility,
which can be obtained by calling Symantec technical support.
About the Author
Contributing Editor Bill Boswell, MCSE, is the principal of Bill Boswell Consulting, Inc. He's the author of Inside Windows Server 2003 and Learning Exchange Server 2003 both from Addison Wesley. Bill is also Redmond magazine's "Windows Insider" columnist and a speaker at MCP Magazine's TechMentor Conferences.