Why do I get error "1337 The security ID structure is invalid" when using SubInAcl?

I have a standard Windows 7 account called popuser to which I'd like to grant start and stop permissions for the OpenVPNService. I've used the following command successfully on other machines, but for some reason on a new Acer Aspire 5830T it doesn't do the trick for me:

subinacl /service OpenVPNService /grant=popuser=TO

I keep getting the following error message:

LookupAccountName : OpenVPNService:popuser 1337 The security ID structure is invalid.

Current object OpenVPNService will not be processed

Elapsed Time: 00 00:00:00
Done: 0, Modified 0, Failed 0, Syntax errors 1
Last Syntax Error:WARNING : /grant=popuser=to : Error when checking arguments - OpenVPNService

I've tried adding the machine name to the username and the service name to no avail. I'm running command prompt as an administrator.

What's going on, and how can I make this work?

ralbatross

Posted 2012-11-12T20:09:08.130

Reputation: 143

1Is it appropriate if someone made a 1337 joke here? – 6pack kid – 2016-05-23T02:04:19.380

Answers

The problem was that my 'popuser' account had originally been created with another name and then was renamed to popuser. subinacl did not recognize the new name as an account. I deleted and added the account properly and now it works.

ralbatross

Posted 2012-11-12T20:09:08.130

Reputation: 143

This happens when the user account in question cannot be identified from the name entered. In this case, the problem was that an account had been renamed. I'm guessing that only the display name was changed, not the technical SAM name; you can get the SAM name by running whoami as the user.

A common cause of this error with built-in accounts and groups (e.g. Administrators) is localization - on non-English systems, you need to specify the translated name of such principals.

Ben N

Posted 2012-11-12T20:09:08.130

Reputation: 32 973

It doesn't work for Swedish name of the administrator group (Administratörer), the solution for me was to use the SID of the group instead, see https://superuser.com/a/914409/422715

– 244an – 2019-06-12T21:27:06.770