new Random Users/groups?

H

hjahmad

New Member
i was working on a windows xp 64 bit, with the latest updates and randomly found some users/groups had been added to the permissions list for some files in the system32 folder. the users/groups that showed up were: BATCH, INTERACTIVE, SERVICE. anyone know what these users/groups are, their purpose or are they just completely random? no one i know had added them or even seen them before. these users/groups are not even listed in the master list for the computer, but some how are randomly given access to files in system32.
any ideas?
on a slightly related issue, i had previously set the Users group with the proper list, however next time i came back to check the list, there 2 users that were not there before: NT Authority\authenticated users, and NT authority\(name i forgot after i deleted).
any way these 2 things could be related?
anyone else seen something like this happen?
 
Is this machine managed? Do multiple users have access? Are they admin accounts?

Sounds to me like some sort of auto script has ran and done something to your machine.
 
What do you mean by is the machine managed?
multiple users do have access but it was last touched by one on thursday, and was being checked for accredidation today, but we found this. there are a few admin accounts but they havent been used yet except for those 2 users
we did think it was a script issue at first. i wrote a script to set permissions just of a given list of files in the system32 folder. to give admins system and users their respective permissions while getting rid of power users. so the script wouldnt have created those accounts and if they did exist at the time, just ignore them. but they werent there when i checked, and my scrpt isnt the issue, it hasnt occured on any of the others machines i ran it on. also, these user showed up on files that i did not use the script on. and, this is only affecting some executables, non of the dll files have this problem.
is there something i can add to my script to remove all the other users from the permissions list while keeping the 3 i need? im using cacls to do this.
thanks
 
Is it managed by group policy from a domain controller? If so, is policy being pushed out that may affect those files?
 
we just looked it up, during the setup of the computer, a mistake was made that enabled smart card logins, that created the service that added those users. but thats all been fixed.
is there a way to script it that all other users except for the ones listed will be removed from the permissions list?
 
hjahmad said:
we just looked it up, during the setup of the computer, a mistake was made that enabled smart card logins, that created the service that added those users. but thats all been fixed.
is there a way to script it that all other users except for the ones listed will be removed from the permissions list?
Click to expand...

Most likely, but I am a Unix guy not a Windows guy. A BATCH file would most likely do the trick but I am not all that familiar with the vocabulary of BATCH.

you could install the optional power shell and give yourself a very robust scripting language, or at least more so than what is included in Windows. If these are a part of Active Directory you should be able to do it via group policy.
 
Last edited:
but in cacls, i use it to list the 3 users i need, and give them their permissions, but i dont see a command to delete all the others
 
hjahmad said:
but in cacls, i use it to list the 3 users i need, and give them their permissions, but i dont see a command to delete all the others
Click to expand...

Do you have any background, as simple as HTML even, in programming? This could be done with what is called a loop, and perhaps either hard coded variables or some sort of string being pulled from the loop to remove unwanted users.
 
You must log in or register to reply here.
Back
Top