We are running Windows 2003 DC's.
Normally, we assign security permissions to objects using groups...so, for instance, if had a folder I would assign Group1 modify permissions to it. Group1 would then be consisted of the users that needed these rights. This way it's easier to manage.
I have come across a few folders where a SID has certain permission - I can't see the group (or user's) name. I assume this is the case where a user has been added explicity and then deleted (we haven't deleted any groups recently).
Couple of questions;
a) Is there anyway to find out the name of the account this SID belonged to?
b) If we have a situation where User1 belonged to Group1 and User1's account was deleted, what would appear in the membership of Group1? A SID I assume?
c) If User1 had explicit permissions on Folder1 and the account was then deleted, a SID appears in place of 'User1'. What happens if the User1 account was disabled, not deleted? Does the name or SID appear?
d) What is the difference between permissions and rights?
e) If User1 has explicit permissions on a number of folders and I need to disable the account, is there anyway I can find out the names of these folders?
Hope someone can help.