How to delete an unknown account

このサイトを検索 | Search this site
,unknown
Thank you for accessing.

This article has been removed.

The content of this blog can be searched by keyword.

Use the search window in the sidebar or at the top. Alternatively, please translate the original article using Google or other means.

Please find alternative content.



Remnants of articles that had been published

When hiding "Libraries" displayed in the left pane of Windows Explorer, I found an unknown account "S-1-5-21" in the permissions of the registry key "ShellFolder".

When I checked,

"Unknown account" was displayed because the profile corresponding to SID (S-1-5-21) does not exist.

Windows manages by giving a SID to the account, and internally manages it by giving a different SID even for the same account name.

Well, the main subject.

"S-1-5-21" given to an unknown account is a domain SID.

I decided to delete it, so I decided to delete it.

I will share the steps I have taken.

Location of Shell Folder

Searching with ShellFolder will hit in multiple places, but the target for this article is in the following hierarchy:

\HKEY_CLASSES_ROOT\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\ShellFolder

Attempt to delete failed

When you try to delete "S-1-5-21", the following dialog is displayed.

Transcription
"This object cannot be deleted because xxxxx inherits permissions from its parent. To delete xxxxx you must prevent permission inheritance. Turn off the option for permission inheritance. Please try removing xxxxx again. "

snap shot

Shell Folder permissions-Win7

Steps to delete unknown account

* Example of Windows 7 Pro 64-bit

[Overall flow]
  1. Change the registry key owner to your account
  2. Set to "Full Control"
  3. Uncheck "Include inheritable permissions from this object's parent"
  4. Delete suspicious accounts
  5. End of procedure

Registry operations are at your own risk
Before working with Registry Editor
Make a backup copy of your registry in case something goes wrong.

Permission

Display the right-click menu of the registry key ShellFolder and click "Permissions".

Access permission

Detailed settings

The access permission dialog is displayed. Click "Detailed settings".

ShellFolder permissions

Change owner

  1. Select the Owner tab.
  2. Change the owner to your account.
  3. Uncheck "Replace owner of subcontainers and objects".
  4. Select your account listed in the Change Owner field and click Apply.

owner

Addition-Detailed setting

  1. Open the [Permissions] tab and click [Add].
  2. Click Advanced from the user or group selection dialog.

Advanced Setting

Click Search

Search

Full control

  1. Select your account from the search result list and click "OK".
  2. You will be returned to the user or group selection screen, so make sure that your account is displayed and click "OK".
  3. "Access permission entry" is displayed. Check "Allow" of "Full Control" and press "OK".

Full control

Ready to delete

  1. Go back to advanced security settings and confirm that your account has been added to "Permission Entry" with Full Control.
  2. Ready to delete.

By registering your account (currently logged in account) with full control permission, you can delete suspicious accounts.

Uncheck

  1. Access permission
  2. Include inheritable permissions from this object's parent
  3. Uncheck


Access permission

Windows security

* Choosing to delete is dangerous

Reprinted full text of Windows security warning

Warning: If you continue, the inheritable permissions from the parent will no longer apply to this object.

- Convert the permissions that are inherited from the parent, to be added to this object as an explicit permission, [ add please click].

-Click Remove to remove the permissions inherited from the parent from this object.

-Click Cancel if you do not want to change the inheritance settings here.

Windows security

End of procedure

  1. Select the suspicious account and click “Delete”.
  2. Click "OK".
  3. End of procedure

Afterword

2019/03/10

The information provided is for Windows 7.

When I run it on Windows 10, it fails but I found PLAN-B.

Please read the related article for details.

If permission inheritance gets in the way, you can change the key one level higher.

Source: Permission inheritance

Access permission
"This object cannot be deleted because xxxxx inherits permissions from its parent. To delete xxxxx you must prevent permission inheritance. Turn off the option for permission inheritance. Please try removing xxxxx again. "

Verification: Windows 7 Pro 64-bit
Windows 10 Pro October 2018 Update, v1809.17763.316

In some cases, 'unknown accounts' in the registry should not be deleted.

Unknown account 'S-1-15-3-1024' deleted. The 'Unknown account' may be an Un-Known SID (SID used by Windows) and should not be easily deleted.

How to delete unknown accounts [Windows 11].

You can delete local accounts using the Settings app or Computer Management. Deleting a local account leaves traces in the user profile as 'unknown account'.

SC2
Windowsランキング 将棋ランキング スマホ・携帯ランキング にほんブログ村 IT技術ブログ ライフハックへ にほんブログ村 その他趣味ブログ 将棋へ

このサイトを検索 | Search this site