How to delete an unknown account

SC2 2017-07-03

2024-05-16

Atom | RSS

このサイトを検索 | Search this site

,unknown

to japanese

Thank you for accessing.

This article has been removed.

The content of this blog can be searched by keyword.

Use the search window in the sidebar or at the top. Alternatively, please translate the original article using Google or other means.

Please find alternative content.

Remnants of articles that had been published

When hiding "Libraries" displayed in the left pane of Windows Explorer, I found an unknown account "S-1-5-21" in the permissions of the registry key "ShellFolder".

When I checked,

"Unknown account" was displayed because the profile corresponding to SID (S-1-5-21) does not exist.

Windows manages by giving a SID to the account, and internally manages it by giving a different SID even for the same account name.

Well, the main subject.

"S-1-5-21" given to an unknown account is a domain SID.

I decided to delete it, so I decided to delete it.

I will share the steps I have taken.

Location of Shell Folder

Searching with ShellFolder will hit in multiple places, but the target for this article is in the following hierarchy:

\HKEY_CLASSES_ROOT\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\ShellFolder

Attempt to delete failed

When you try to delete "S-1-5-21", the following dialog is displayed.

Transcription

"This object cannot be deleted because xxxxx inherits permissions from its parent. To delete xxxxx you must prevent permission inheritance. Turn off the option for permission inheritance. Please try removing xxxxx again. "

snap shot

Steps to delete unknown account

* Example of Windows 7 Pro 64-bit

[Overall flow]

Change the registry key owner to your account
Set to "Full Control"
Uncheck "Include inheritable permissions from this object's parent"
Delete suspicious accounts
End of procedure

Registry operations are at your own risk

Before working with Registry Editor
Make a backup copy of your registry in case something goes wrong.

Permission

Display the right-click menu of the registry key ShellFolder and click "Permissions".

Detailed settings

The access permission dialog is displayed. Click "Detailed settings".

Change owner

Select the Owner tab.
Change the owner to your account.
Uncheck "Replace owner of subcontainers and objects".
Select your account listed in the Change Owner field and click Apply.

Addition-Detailed setting

Open the [Permissions] tab and click [Add].
Click Advanced from the user or group selection dialog.

Click Search

Full control

Select your account from the search result list and click "OK".
You will be returned to the user or group selection screen, so make sure that your account is displayed and click "OK".
"Access permission entry" is displayed. Check "Allow" of "Full Control" and press "OK".

Ready to delete

Go back to advanced security settings and confirm that your account has been added to "Permission Entry" with Full Control.
Ready to delete.

By registering your account (currently logged in account) with full control permission, you can delete suspicious accounts.

Uncheck

Access permission
Include inheritable permissions from this object's parent
Uncheck

Windows security

* Choosing to delete is dangerous

Reprinted full text of Windows security warning

Warning: If you continue, the inheritable permissions from the parent will no longer apply to this object.

- Convert the permissions that are inherited from the parent, to be added to this object as an explicit permission, [ add please click].

-Click Remove to remove the permissions inherited from the parent from this object.

-Click Cancel if you do not want to change the inheritance settings here.

End of procedure

Select the suspicious account and click “Delete”.
Click "OK".
End of procedure

Afterword

2019/03/10

The information provided is for Windows 7.

When I run it on Windows 10, it fails but I found PLAN-B.

Please read the related article for details.

If permission inheritance gets in the way, you can change the key one level higher.