,release information
When hiding "Libraries" displayed in the left pane of Windows Explorer, I found an unknown account "S-1-5-21" in the permissions of the registry key "ShellFolder".
When I checked,
"Unknown account" was displayed because the profile corresponding to SID (S-1-5-21) does not exist.
Windows manages by giving a SID to the account, and internally manages it by giving a different SID even for the same account name.
Well, the main subject.
"S-1-5-21" given to an unknown account is a domain SID.I decided to delete it, so I decided to delete it.
I will share the steps I have taken.
Location of Shell Folder
Searching with ShellFolder will hit in multiple places, but the target for this article is in the following hierarchy:
\HKEY_CLASSES_ROOT\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\ShellFolder
Attempt to delete failed
When you try to delete "S-1-5-21", the following dialog is displayed.
Transcription
"This object cannot be deleted because xxxxx inherits permissions from its parent. To delete xxxxx you must prevent permission inheritance. Turn off the option for permission inheritance. Please try removing xxxxx again. "snap shot
Steps to delete unknown account
* Example of Windows 7 Pro 64-bit[Overall flow]
- Change the registry key owner to your account
- Set to "Full Control"
- Uncheck "Include inheritable permissions from this object's parent"
- Delete suspicious accounts
- End of procedure
Registry operations are at your own risk
Before working with Registry EditorMake a backup copy of your registry in case something goes wrong.
Permission
Display the right-click menu of the registry key ShellFolder and click "Permissions".Detailed settings
The access permission dialog is displayed. Click "Detailed settings".Change owner
- Select the Owner tab.
- Change the owner to your account.
- Uncheck "Replace owner of subcontainers and objects".
- Select your account listed in the Change Owner field and click Apply.
Addition-Detailed setting
- Open the [Permissions] tab and click [Add].
- Click Advanced from the user or group selection dialog.
Click Search
Full control
- Select your account from the search result list and click "OK".
- You will be returned to the user or group selection screen, so make sure that your account is displayed and click "OK".
- "Access permission entry" is displayed. Check "Allow" of "Full Control" and press "OK".
Ready to delete
- Go back to advanced security settings and confirm that your account has been added to "Permission Entry" with Full Control.
- Ready to delete.
By registering your account (currently logged in account) with full control permission, you can delete suspicious accounts.
Uncheck
- Access permission
- Include inheritable permissions from this object's parent
- Uncheck
Windows security
* Choosing to delete is dangerousReprinted full text of Windows security warning
Warning: If you continue, the inheritable permissions from the parent will no longer apply to this object.
- Convert the permissions that are inherited from the parent, to be added to this object as an explicit permission, [ add please click].
-Click Remove to remove the permissions inherited from the parent from this object.
-Click Cancel if you do not want to change the inheritance settings here.
End of procedure
- Select the suspicious account and click “Delete”.
- Click "OK".
- End of procedure
Afterword
2019/03/10The information provided is for Windows 7.
When I run it on Windows 10, it fails but I found PLAN-B.
Please read the related article for details.
If permission inheritance gets in the way, you can change the key one level higher.
Source: Permission inheritance
Access permission
"This object cannot be deleted because xxxxx inherits permissions from its parent. To delete xxxxx you must prevent permission inheritance. Turn off the option for permission inheritance. Please try removing xxxxx again. " External link
Verification: Windows 7 Pro 64-bit
Windows 10 Pro October 2018 Update, v1809.17763.316
Windows 10 Pro October 2018 Update, v1809.17763.316
このサイトを検索 | Search this site