O/S Deployment Thread, NewSID has been retired in Technical; Originally Posted by cookie_monster
the username will be translated to a SID the username is for our benefit only.
9th November 2009, 09:49 AM #16
NB - This process relates to local user accounts.
Originally Posted by cookie_monster
Indeed, but this process happens at the remote machine (by the file server process as Mark refers to it) that the connection is being made to, so when connecting from machine A to machine B...
Machine A sends an SMB request to machine B. This includes the username/password. It would be pointless sending a SID as only machine A would know anything about it.
Machine B authenticates the username/password either against the domain or the local user account database. At this point a 'logon session' is created on Machine B holding the access token that will be used to access the resource on Machine B. A UID pointer is returned to Machine A
Machine A stores the UID in the open SMB request for Machine B.
When a request to access a secured resource goes from Machine A to Machine B, the open SMB channel is used along with the UID that Machine B then uses to refer to the original logon session created during authentication.
The point is that the SID does not travel from source PC to destination PC. The only place the Machine A SID has any relevance is on the Machine A and the same applies for the Machine B SID.
(apologies for multiple edits but I'm just coming to terms with this stuff myself)
Last edited by ajbritton; 9th November 2009 at 10:54 AM.
Reason: Added notes on 'logon session'
IDG Tech News
15th November 2009, 08:56 AM #17
A new comment on Marks original article has appeared that explains what I've been trying to, but does a much better job.
Mark's Blog : The Machine SID Duplication Myth
Comment dated Saturday, November 14, 2009 5:08 PM by Steve Gray
Thanks to ajbritton from:
cookie_monster (15th November 2009)
15th November 2009, 07:18 PM #18
Yep i'd forgotten how the process works on a workgroup level. It's still not much of an issue if no one logs on as the local admin and everyone else logs on with a domain account. Good article though.
By fooby in forum O/S Deployment
Last Post: 3rd November 2009, 04:48 PM
By TechSupp in forum O/S Deployment
Last Post: 29th July 2009, 02:00 PM
By HodgeHi in forum O/S Deployment
Last Post: 19th November 2008, 11:26 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)