Remove SID/User from a local Group Policy

Archived from groups: microsoft.public.win2000.security (More info?)

Normally if I can add or remove local and domain groups I can remove
orphaned sids. Keep in mind that a sid showing could indicate a name
resolution or network connectivity problem in the domain. If you are sure
that you want to remove those sids you also could create a new security
template with just that user right defined with the groups added then you
want and then import that template. Also try logging on as the local
administrator. --- Steve


"Justin" <j.searles@verizon.net> wrote in message
news:1110384029.503760.91420@z14g2000cwz.googlegroups.com...
>I am simply trying to remove some old SIDs from the "Log on as a
> Service" policy. I'm using the Group Policy editor. There is only an
> "Add" button when I Right click on the policy and choose "Security...",
> but no "Remove".
>
> I'm Logged into the machine (Win 2k SP4) as a Domain Admin. I have
> also checked that there is no overiding GPO at the Domain level. Is
> there a way to remove the SIDs?
>
> Thanks in advance.
> -Justin
>