User Information ------------------------- Username : Administrator [500] Full Name : User Comment : Built-in account for administering the computer/domain Account Type : Default Admin User Account Created : Thu Sep 16 18:35:50 2010 Z Last Login Date : Tue Jul 14 04:53:58 2009 Z Pwd Reset Date : Tue Jul 14 04:55:45 2009 Z Pwd Fail Date : Never Login Count : 1 --> Password does not expire --> Account Disabled --> Normal user account Username : Guest [501] Full Name : User Comment : Built-in account for guest access to the computer/domain Account Type : Default Guest Acct Account Created : Thu Sep 16 18:35:50 2010 Z Last Login Date : Never Pwd Reset Date : Never Pwd Fail Date : Never Login Count : 0 --> Password does not expire --> Account Disabled --> Password not required --> Normal user account Username : Wolfe [1000] Full Name : User Comment : Account Type : Default Admin User Account Created : Thu Sep 16 15:38:15 2010 Z Password Hint : what it is Last Login Date : Fri Oct 1 13:58:22 2010 Z Pwd Reset Date : Thu Sep 16 15:38:15 2010 Z Pwd Fail Date : Thu Sep 30 18:26:41 2010 Z Login Count : 21 --> Password does not expire --> Password not required --> Normal user account Username : HomeGroupUser$ [1002] Full Name : HomeGroupUser$ User Comment : Built-in account for homegroup access to the computer Account Type : Custom Limited Acct Account Created : Thu Sep 16 15:46:22 2010 Z Last Login Date : Never Pwd Reset Date : Thu Sep 16 15:46:22 2010 Z Pwd Fail Date : Never Login Count : 0 --> Password does not expire --> Normal user account Username : Master of Disaster [1003] Full Name : Master of Disaster User Comment : Account Type : Custom Limited Acct Account Created : Thu Sep 30 18:02:18 2010 Z Last Login Date : Fri Oct 1 10:58:21 2010 Z Pwd Reset Date : Never Pwd Fail Date : Never Login Count : 3 --> Password does not expire --> Normal user account ------------------------- Group Membership Information ------------------------- Group Name : Users [3] LastWrite : Thu Sep 30 18:02:18 2010 Z Group Comment : Users are prevented from making accidental or intentional system-wide changes and can run most applications Users : S-1-5-4 S-1-5-21-2454118320-1537452945-2807297798-1003 S-1-5-11 Group Name : Event Log Readers [0] LastWrite : Tue Jul 14 04:34:12 2009 Z Group Comment : Members of this group can read event logs from local machine Users : None Group Name : Guests [1] LastWrite : Thu Sep 16 17:06:52 2010 Z Group Comment : Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted Users : S-1-5-21-2454118320-1537452945-2807297798-501 Group Name : Distributed COM Users [0] LastWrite : Tue Jul 14 04:34:12 2009 Z Group Comment : Members are allowed to launch, activate and use Distributed COM objects on this machine. Users : None Group Name : Administrators [2] LastWrite : Thu Sep 16 15:38:15 2010 Z Group Comment : Administrators have complete and unrestricted access to the computer/domain Users : S-1-5-21-2454118320-1537452945-2807297798-500 S-1-5-21-2454118320-1537452945-2807297798-1000 Group Name : Network Configuration Operators [0] LastWrite : Thu Sep 16 17:07:08 2010 Z Group Comment : Members in this group can have some administrative privileges to manage configuration of networking features Users : None Group Name : Cryptographic Operators [0] LastWrite : Thu Sep 16 17:07:08 2010 Z Group Comment : Members are authorized to perform cryptographic operations. Users : None Group Name : Power Users [0] LastWrite : Thu Sep 16 17:07:08 2010 Z Group Comment : Power Users are included for backwards compatibility and possess limited administrative powers Users : None Group Name : Performance Log Users [0] LastWrite : Tue Jul 14 04:34:12 2009 Z Group Comment : Members of this group may schedule logging of performance counters, enable trace providers, and collect event traces both locally and via remote access to this computer Users : None Group Name : Replicator [0] LastWrite : Thu Sep 16 17:07:08 2010 Z Group Comment : Supports file replication in a domain Users : None Group Name : Performance Monitor Users [0] LastWrite : Tue Jul 14 04:34:12 2009 Z Group Comment : Members of this group can access performance counter data locally and remotely Users : None Group Name : Remote Desktop Users [0] LastWrite : Thu Sep 16 17:07:08 2010 Z Group Comment : Members in this group are granted the right to logon remotely Users : None Group Name : IIS_IUSRS [1] LastWrite : Tue Jul 14 04:34:12 2009 Z Group Comment : Built-in group used by Internet Information Services. Users : S-1-5-17 Group Name : Backup Operators [0] LastWrite : Thu Sep 16 17:07:08 2010 Z Group Comment : Backup Operators can override security restrictions for the sole purpose of backing up or restoring files Users : None Analysis Tips: - For well-known SIDs, see http://support.microsoft.com/kb/243330 - S-1-5-4 = Interactive - S-1-5-11 = Authenticated Users - Correlate the user SIDs to the output of the ProfileList plugin ----------------------------------------