There is a case that the UNKNOWN ACCOUNT of the registry key should not be deleted.

このサイトを検索 | Search this site
,Japan
Thank you for accessing.

This article has been removed.

The content of this blog can be searched by keyword.

Use the search window in the sidebar or at the top. Alternatively, please translate the original article using Google or other means.

Please find alternative content.

Remnants of articles that had been published (Click!)

While hiding the libraries displayed in the left pane of Windows Explorer, I found an unknown account "S-1-15-3-1024-xxx" with permissions on the registry key ShellFolder.

The unknown account is like the first snapshot.

You can find it in the following hierarchy in Registry Editor:

\HKEY_CLASSES_ROOT\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\ShellFolder

When I checked,

S-1-15-3-1024-xxx was what was called Application SID.

1024 was a number equivalent to [RID of capability | RID of device].

Even in Windows 7, there was an unknown account in ShellFolder, but since the SID value was S-1-5-21-xxx, this one is different.

S-1-5-21-xxx is called the domain account SID and is given to the accounts participating in Windows Active Directory.

Well, the main subject.

The SID I found this time was the application SID.

I decided that there is no problem in deleting it, so I deleted it, but so far no problem has occurred.

This article describes the steps I took.

There is an "unknown account" that should not be deleted, which is also the title of this article, so please be careful when performing the procedure in the next section.

I have written the survey results in the postscript, so I would like you to read it and decide whether to execute it.

The procedure in the next section uses the free software "ExecTI" that can start the registry editor as "TrustedInstaller", so there is no need to change the owner of Shell Folder.

If you're not comfortable installing ExecTI, there's also a way to take ownership of ShellFolder (the procedure you performed in Windows 7).

Please read the related article at the end of the sentence.



ShellFolder location

The ShellFolders described in this article are in the following hierarchy.

\HKEY_CLASSES_ROOT\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\ShellFolder

Please note that ShellFolder hits in multiple places, so ShellFolders that hit in other places are not relevant to this article.

ShellFolder inherits its permissions from the higher registry key {031E4825-7B94-4dc3-B131-E946B44C8DD5}.

Even if I logged in to Windows with an account that belongs to Administrators, when I try to delete S-1-15-1024, "Access is denied" is displayed.

Steps to delete unknown account

Use ExceTI, a free software that can start Registry Editor with TrustedInstaller permission, to delete unknown accounts.

[procedure]
  1. Get ExecTI
  2. Launch Registry Editor from ExecTI
  3. Find ShellFolder
  4. View the permissions that ShellFolder inherits from
  5. Delete unknown account
  6. End of procedure

Registry operations are at your own risk
Before working with Registry Editor
Make a backup copy of your registry in case something goes wrong.

1. Get ExecTI
ExecTI can be downloaded from winaero.com.

It's hard to understand, but look for the link below.
Download ExecTI-Run as TrustedInstaller

winaerocom_execti
2. Launch Registry Editor from ExecTI
Type regedit in the box next to Open and click OK .

execti_regedit
3. Find ShellFolder
Edit> Search
Or, of the keyboard Ctrl key while F press the.

Edit_search

Type ShellFolder in the box next to the value you want to find and click Next .

Searching will be faster if ☑ other than the following options is unchecked.
  • ☑ key
  • ☑ Find only exact matches

Search_ShellFolder

ShellFolder hits in multiple places, so press F3 on your keyboard to continue searching until the ShellFolder you want to edit hits .
\HKEY_CLASSES_ROOT\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\ShellFolder
4. Show the permissions that ShellFolder inherits from
{031E4825-7B94-4dc3-B131-E946B44C8DD5} > Right click: Permission

Modify permissions on this registry key because ShellFolder permissions are inherited from {031E4825-7B94-4dc3-B131-E946B44C8DD5}.

031E4825_rightClick_AccessPermission
5. Delete unknown account
Select the unknown account (S-1-15-xxx) and click Delete > Apply > OK .
Or go to Delete > Apply > OK on the keyboard .

031E4825_AccessPermission
6. End of procedure
This completes the procedure.

Let's open ShellFolder permissions and confirm that the unknown account has been deleted.

ShellFolder_AccessPermission

Afterword (about SID)

S-1-15-3-1024-xxx is called the application SID, and 1024 is a value corresponding to "RID of capability | RID of device".

It is not the SID that corresponds to the Windows account.

According to the article at atmarkit.co.jp,

Even if it is displayed as an unknown account, it is not given a name, and it may be the SID that Windows is using.

The SID with the given name is called the Well-Known capability SID, and it corresponds to [S-1-15-3-1 to S-1-15-3-10].

Therefore,

Since S-1-15-3-11 and later, no name is assigned, so it seems to be displayed as Un-Known capability SID (unknown account). (Refer to external link)

Write down the full Un-Known SID recorded this time.

Principal: S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681

And S-1-15-3-1024-xxx is the SID associated with the Active Directory.

Generally this happens when a PC is not communicating with Active Directory properly. Is your computer part of a domain?
reddit.com

My PC has no plans to participate in Active Directory, so I deleted S-1-15-3-1024-xxx, but if you are in an environment where Active Directory is installed at your company, leave this SID. I think it's better to wait.

Microsoft has a misleading specification that "unknown account = not an unknown account", so I would like you to do something about it.

At the very least, I want you not to be displayed as "unknown account".

Validation: Windows 10 Pro October 2018 Update, v1809.17763.437

SC2
Windowsランキング 将棋ランキング スマホ・携帯ランキング にほんブログ村 IT技術ブログ ライフハックへ にほんブログ村 その他趣味ブログ 将棋へ

このサイトを検索 | Search this site