+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 18 of 18
O/S Deployment Thread, NewSID has been retired in Technical; Originally Posted by cookie_monster the username will be translated to a SID the username is for our benefit only. NB ...
  1. #16
    ajbritton's Avatar
    Join Date
    Jul 2005
    Location
    Wandsworth
    Posts
    1,632
    Thank Post
    23
    Thanked 75 Times in 45 Posts
    Rep Power
    34
    Quote Originally Posted by cookie_monster View Post
    the username will be translated to a SID the username is for our benefit only.
    NB - This process relates to local user accounts.

    Indeed, but this process happens at the remote machine (by the file server process as Mark refers to it) that the connection is being made to, so when connecting from machine A to machine B...

    Machine A sends an SMB request to machine B. This includes the username/password. It would be pointless sending a SID as only machine A would know anything about it.

    Machine B authenticates the username/password either against the domain or the local user account database. At this point a 'logon session' is created on Machine B holding the access token that will be used to access the resource on Machine B. A UID pointer is returned to Machine A

    Machine A stores the UID in the open SMB request for Machine B.

    When a request to access a secured resource goes from Machine A to Machine B, the open SMB channel is used along with the UID that Machine B then uses to refer to the original logon session created during authentication.

    The point is that the SID does not travel from source PC to destination PC. The only place the Machine A SID has any relevance is on the Machine A and the same applies for the Machine B SID.

    (apologies for multiple edits but I'm just coming to terms with this stuff myself)
    Last edited by ajbritton; 9th November 2009 at 09:54 AM. Reason: Added notes on 'logon session'

  2. #17
    ajbritton's Avatar
    Join Date
    Jul 2005
    Location
    Wandsworth
    Posts
    1,632
    Thank Post
    23
    Thanked 75 Times in 45 Posts
    Rep Power
    34
    A new comment on Marks original article has appeared that explains what I've been trying to, but does a much better job.

    Mark's Blog : The Machine SID Duplication Myth

    Comment dated Saturday, November 14, 2009 5:08 PM by Steve Gray

  3. Thanks to ajbritton from:

    cookie_monster (15th November 2009)

  4. #18
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,203
    Thank Post
    394
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    Yep i'd forgotten how the process works on a workgroup level. It's still not much of an issue if no one logs on as the local admin and everyone else logs on with a domain account. Good article though.

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. NewSID Retirement TODAY
    By fooby in forum O/S Deployment
    Replies: 8
    Last Post: 3rd November 2009, 03:48 PM
  2. [Fog] NewSid
    By TechSupp in forum O/S Deployment
    Replies: 16
    Last Post: 29th July 2009, 01:00 PM
  3. Net-restore is now retired, looks like for good!
    By HodgeHi in forum O/S Deployment
    Replies: 15
    Last Post: 19th November 2008, 10:26 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •