How to convert SID to username and username to SID

PsGetSid makes reading a computer's SID easy, and works across the network so that you can query SIDs remotely. PsGetSid also lets you see the SIDs of user accounts and translate a SID into the name that represents it.

Usage: psgetsid [\\computer[,computer[,...] | @file] [-u username [-p password]]] [account|SID]

If you want to see a computer's SID just pass the computer's name as a command-line argument. If you want to see a user's SID, name the account (e.g. "administrator") on the command-line and an optional computer name.

Specify a user name if the account you are running from doesn't have administrative privileges on the computer you want to query. If you don't specify a password as an option PsGetSid will prompt you for one so that you can type it in without having it echoed to the display.

-------------- End of Document -----------------

Tags: Active Directory, Windows XP, Windows Server 2000, Windows Server 2003

Published Date: 20070905

How to get detailed hardware information of HP / Compaq server

HP / compaq servers generally have the survey / hpdiags utility installed in %system drive%\hp\hpdiags folder. This utility generates a detailed system information file and can be very useful for many diagnostic and inventory purposes.

1. Run the hpdiags.exe utility and it would generate a survey%Date%%Time%.xml file. (This survey file can be quite cryptic and I generally use the following commands to make it a readable html file.)

2. Copy the surveyxxxx.xml file and survey.xsl file to your computer.

3. Download msxsl.exe from microsoft.com

4. Run the command msxsl.exe <input_file.xml> survey.xsl -o <outpul_file.html>at the command prompt. Give fully qualified path names wherever necessary.

-------------- End of Document -----------------

Tags: Windows XP, Windows Server 2000, Windows Server 2003

Published Date: 20070905

Do I have local admin rights?

Find out how in three mouse clicks (or two keys plus a mouse click)....

1. Click 1: Right-Click My Computer

2. Click 2: Select Properties

3. Click 3: Select the "Computer Name" tab

If the "Change" box is available, you're a local administrator. If it's greyed out, you're not. It's that simple.

So as to combine one tip into two, if you didn't know, you could change Clicks 1 and 2 above with 2 keyboard hits: Windows Key + Break.

-------------- End of Document -----------------

Tags: Windows XP, Windows Server 2000, Windows Server 2003

Published Date: 20070905

How to give Read-only access to Event logs to particular users

Sometimes it is necessary to permit certain groups of people access to event logs on domain controllers or other servers in the domain. The most common request is read-only access to various event logs to enable delegated administrators monitor the logs. A good example is giving DNSAdmins read-only access to the DNS event logs.

The process is very cryptic and involves modification of some registry keys. It is documented in the below mentioned KB articles:

http://support.microsoft.com/?id=323076
How to set event log security locally or by using Group Policy in Windows Server 2003
http://support.microsoft.com/kb/842209/en-us
You receive an "Access is denied" error message when you try to access an event log on a Windows Server 2003-based computer or on a Windows 2000-based computer

The default ACLs for each event log is below, which you need to start with as your base then add whatever additional ACLs you want:

Application Log:

O:BAG:SYD:(D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)

Directory Services:

O:BAG:SYD:(D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)

DNS Service:

O:BAG:SYD:(D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)

File Replication Service:

O:BAG:SYD:(D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)

Security Event Log:

O:BAG:SYD:(D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0007;;;SY)(A;;0x7;;;BA)

System Event Log:

O:BAG:SYD:(D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x5;;;SO)(A;;0x1;;;IU)(A;;0x1;;;SU)(A;;0x1;;;S-1-5-3)(A;;0x1;;;S-1-5-3)(A;;0x2;;;NS)

To add more groups or users to the ACL list, you first need to determine the SID of the user or group. It should start with an "S" and be quite long, such as S-1-5-21-702074188-2833732907-241959117-48998. You can use LDP or other methods to find the SID.

The SDDL syntax for adding read-only access to any of the logs above is:

(A;;0x1;;;<Insert SID here>), for example: (A;;0x1;;;S-1-5-21-702074188-2833732907-241959117-48998)

For the security event log the final ACL would look like:

O:BAG:SYD:(D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x1;;;S-1-5-21-702074188-2833732907-241959117-48998)

Just cut and paste this into the GPMC for the right event log, and viola! Instant read-only access is granted to a specific user or group

-------------- End of Document -----------------

Tags: Windows XP, Windows Server 2000, Windows Server 2003

Published Date: 20070829

Run command to lock windows

Ever wondered how can you lock your computer using a script?

Just try typing the below line verbatim on the run window and hit enter. Presto! Your computer is locked.

rundll32.exe user32.dll, LockWorkStation

-------------- End of Document -----------------

Tags: Windows XP, Windows Server 2000, Windows Server 2003

Published Date: 20080828