There is a case that the UNKNOWN ACCOUNT of the registry key should not be deleted.

Atom | RSS

このサイトを検索 | Search this site

,Japan

There is a case that the UNKNOWN ACCOUNT of the registry key should not be deleted.

to japanese

Thank you for accessing.

This article has been removed.

The content of this blog can be searched by keyword.

Use the search window in the sidebar or at the top. Alternatively, please translate the original article using Google or other means.

Please find alternative content.

Remnants of articles that had been published (Click!)

While hiding the libraries displayed in the left pane of Windows Explorer, I found an unknown account "S-1-15-3-1024-xxx" with permissions on the registry key ShellFolder.

The unknown account is like the first snapshot.

You can find it in the following hierarchy in Registry Editor:

\HKEY_CLASSES_ROOT\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\ShellFolder

When I checked,

S-1-15-3-1024-xxx was what was called Application SID.

1024 was a number equivalent to [RID of capability | RID of device].

Even in Windows 7, there was an unknown account in ShellFolder, but since the SID value was S-1-5-21-xxx, this one is different.

S-1-5-21-xxx is called the domain account SID and is given to the accounts participating in Windows Active Directory.

Well, the main subject.

The SID I found this time was the application SID.

I decided that there is no problem in deleting it, so I deleted it, but so far no problem has occurred.

This article describes the steps I took.

There is an "unknown account" that should not be deleted, which is also the title of this article, so please be careful when performing the procedure in the next section.

I have written the survey results in the postscript, so I would like you to read it and decide whether to execute it.

The procedure in the next section uses the free software "ExecTI" that can start the registry editor as "TrustedInstaller", so there is no need to change the owner of Shell Folder.

If you're not comfortable installing ExecTI, there's also a way to take ownership of ShellFolder (the procedure you performed in Windows 7).

Please read the related article at the end of the sentence.

目次[表示]

• 1.
• 2.
• 3.

ShellFolder location

The ShellFolders described in this article are in the following hierarchy.

\HKEY_CLASSES_ROOT\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\ShellFolder

Please note that ShellFolder hits in multiple places, so ShellFolders that hit in other places are not relevant to this article.

ShellFolder inherits its permissions from the higher registry key {031E4825-7B94-4dc3-B131-E946B44C8DD5}.

Even if I logged in to Windows with an account that belongs to Administrators, when I try to delete S-1-15-1024, "Access is denied" is displayed.

Steps to delete unknown account

Use ExceTI, a free software that can start Registry Editor with TrustedInstaller permission, to delete unknown accounts.

[procedure]

1. Get ExecTI
2. Launch Registry Editor from ExecTI
3. Find ShellFolder
4. View the permissions that ShellFolder inherits from
5. Delete unknown account
6. End of procedure

Registry operations are at your own risk

Before working with Registry Editor
Make a backup copy of your registry in case something goes wrong.

1. Get ExecTI

ExecTI can be downloaded from winaero.com.

It's hard to understand, but look for the link below.

Download ExecTI-Run as TrustedInstaller

 External link

• ExecTI-Run as TrustedInstaller | winaero.com

2. Launch Registry Editor from ExecTI

Type regedit in the box next to Open and click OK .

3. Find ShellFolder

Edit> Search

Or, of the keyboard Ctrl key while F press the.

Type ShellFolder in the box next to the value you want to find and click Next .

Searching will be faster if ☑ other than the following options is unchecked.

• ☑ key
• ☑ Find only exact matches

ShellFolder hits in multiple places, so press F3 on your keyboard to continue searching until the ShellFolder you want to edit hits .

\HKEY_CLASSES_ROOT\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\ShellFolder

4. Show the permissions that ShellFolder inherits from

{031E4825-7B94-4dc3-B131-E946B44C8DD5} > Right click: Permission

Modify permissions on this registry key because ShellFolder permissions are inherited from {031E4825-7B94-4dc3-B131-E946B44C8DD5}.

5. Delete unknown account

Select the unknown account (S-1-15-xxx) and click Delete > Apply > OK .
Or go to Delete > Apply > OK on the keyboard .

6. End of procedure

This completes the procedure.

Let's open ShellFolder permissions and confirm that the unknown account has been deleted.

Afterword (about SID)

S-1-15-3-1024-xxx is called the application SID, and 1024 is a value corresponding to "RID of capability | RID of device".

It is not the SID that corresponds to the Windows account.

According to the article at atmarkit.co.jp,

Even if it is displayed as an unknown account, it is not given a name, and it may be the SID that Windows is using.

The SID with the given name is called the Well-Known capability SID, and it corresponds to [S-1-15-3-1 to S-1-15-3-10].

Therefore,

Since S-1-15-3-11 and later, no name is assigned, so it seems to be displayed as Un-Known capability SID (unknown account). (Refer to external link)

Write down the full Un-Known SID recorded this time.

Principal: S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681

And S-1-15-3-1024-xxx is the SID associated with the Active Directory.

Generally this happens when a PC is not communicating with Active Directory properly. Is your computer part of a domain?
reddit.com

My PC has no plans to participate in Active Directory, so I deleted S-1-15-3-1024-xxx, but if you are in an environment where Active Directory is installed at your company, leave this SID. I think it's better to wait.

Microsoft has a misleading specification that "unknown account = not an unknown account", so I would like you to do something about it.

At the very least, I want you not to be displayed as "unknown account".

 External link

• Isn't it really suspicious (?) What is the identity of an "unknown account" in Windows 10? (2/3) | atmarkit.co.jp
• [Unknown account S-1-15-3-1024 ...] ｜ Microsoft Community
• The Account Unknown (S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681): Windows10

Validation: Windows 10 Pro October 2018 Update, v1809.17763.437

  Ninja

1. How to avoid the problem that Synaptics Mouse 19.0.19.13 is detected repeatedly by Windows Update
2. Can I delete the MATS folder?
3. If the uninstall process stops, try using Microsoft easy fix
4. Delete unknown account in local user profile | Windows 7
5. How to delete an unknown account
6. Installing and using YouTube Video Downloader
7. Summary of measures against videos that cannot be downloaded
8. The Fukuoka University NTP server will stop!
9. How to set up a public NTP server on your PC
10. Tab Explorer with QTTabBar
11. EagleGet Installation Procedure v2.0.4.30 Stable
12. [Code: 80072EE2] Windows Update
13. GIMP Installation Procedure v2.10.14
14. Chrome error code 0x80070005
15. Checking for updates ... Windows Update
16. Eagleget spy module
17. How to remove suspicious service bundled with EagleGet
18. What generic keys might be used for a free Windows 10 upgrade?
19. [3/3] Alchohol 52% FE SFA removal procedure
20. How to change Chrome autoplay-policy to block autoplay conditions for videos
21. 5KPLAYER.com software...!
22. What to try when UMDF does not show up in Windows Service
23. Loseless cut m4a with Audio MP3 Editor
24. Free Audio Converter software found to register services without permission
25. How to fix Runtime Error that interferes with CubePDF installation
26. Remove SOME SETTINGS ARE MANAGED BY THE ORGANIZATION
27. How to install Anti-Adblock Killer
28. What is the relationship between Nano Defender and ad blockers?
29. How to slim down a bloated DataStore folder
30. If you can not change the default app, check the registry | for Windows 7
31. What to do when Chrome repeatedly asks you to restart it when you update it
32. How to repair MP3 files to restore normal time display
33. Revival! Stream Recorder
34. Be careful of option check when installing EagleGet
35. Things to try when the start menu stops responding
36. The rank of all professional shogi players is confirmed
37. Checkpoint when the Amazon Fire TV Stick Wi-Fi link is broken
38. What is the identity of User_Feed_Synchronization in the Task Scheduler?
39. Can I press [Yes] for the DCOM configuration warning caused by igfxSDK.exe?
40. How to use FilterProxy (Android local proxy server)
41. Keyboard Indicator Release Information v1.6.2.0
42. How to hide Administrator from the sign-in screen
43. [Robin] Steps to downgrade from Android 7.0 to 6.0.1
44. How to remove the traces of Wondershare Player
45. DPI setting when using WinShot on Windows 10
46. Snipping Tool feature comparison (Windows 10 and 7)
47. How to use DISM and SFC
48. IrfanView 4.51 installation procedure
49. How to deal with the problem that JPG/PNG association is reset after IrfanView update
50. What are structured data errors recorded in Google Search Console?
51. 【Anti-WebMinor】Block mining scripts such as Bitcoin
52. What to do if you can not copy and paste in Google Sheets
53. Instructions for installing TClock Light
54. How to get the Ruler Bar to work
55. How to disable Thunderbird 72-byte line breaks
56. How to Remove Xbox App from Windows 10
57. How to remove Spotify
58. How to switch from Feedly to Inoreader
59. How to delete remnants of notification area icon
60. How to create a batch file that deletes suspicious services registered by EagleGet
61. Screen capture anytime with Snip & Sketch
62. There is a case that the UNKNOWN ACCOUNT of the registry key should not be deleted.
63. Proxomitron - Ad cut with local proxy
64. Raziko is back on Google Play! ｜ Raziko 1.2.0267
65. How to change the background of the login screen to Black (black)
66. en[EVENT2484] Tile Database Corruption
67. What is the cause of the Google Spreadsheet, Server Error Occurred...?
68. Radicutter (β) v0.9.2 Area free deletion, but v0.9.1 APK can be downloaded
69. How to disable Google Update
70. MPC-BE 1.5.2.3148 beta Installation Procedure
71. Revo Uninstaller Free New installation
72. How to create a shortcut to launch Local Group Policy Editor
73. Google Play store error code 944, occurred during Chrome update
74. MPC-BE v1.5.2.3445 beta Release information
75. How to change Wi-Fi access point to pay-per-use connection
76. What to do if Windows Explorer ,Add current location to favorites, does not work
77. How to customize Thunderbird destination from 3 lines to 2 lines
78. Initialize Thunderbird using Profile Manager
79. How to initialize Thunderbird or remove it completely
80. How to custom install Thunderbird
81. How to remove debris from Windows Update files | Windows 7
82. How to Disable Notebook Keyboard (i8042prt)
83. How to completely remove OneDrive
84. How to choose what happens when you click a PDF link in Chrome 65
85. How to stop the dialog for cooperation in collecting incorrect conversion data (MS-IME)
86. Procedure to disable navigation start sound
87. en[EVENT10016] DCOM Error: RuntimeBroker {9CA88EE3-...}
88. How to use a TV as a second monitor for your PC
89. SpeedyFox: Software specializing in one-click optimization of SQLite
90. I think that home apps compatible with Robin are Google Now launchers
91. MPC-HC project suspension, MPC-BE project continuation
92. Precautions for Thunderbird+IMAP
93. How to restart the Explorer process 2 pattern
94. How to select the display to display the taskbar
95. Registry file specifications
96. DiffBrowser：Software that extracts and displays the updated part of the Web
97. CCleaner v 5.38 customized installation
98. Lhaplus installation procedure
99. How to insert a sequential number at the beginning of a line in Clibor
100. PsTools ｜ Microsoft genuine tool that can be used for offline authentication of Windows 10

Ninja の記事 (Articles about the Ninja)

1. How to avoid the problem that Synaptics Mouse 19.0.19.13 is detected repeatedly by Windows Update
2. Can I delete the MATS folder?
3. If the uninstall process stops, try using Microsoft easy fix
4. Delete unknown account in local user profile | Windows 7
5. How to delete an unknown account
6. Installing and using YouTube Video Downloader
7. Summary of measures against videos that cannot be downloaded
8. The Fukuoka University NTP server will stop!
9. How to set up a public NTP server on your PC
10. Tab Explorer with QTTabBar
11. Ninja ラベルの記事（要約付）
12. Japan が含まれる記事（要約付）

新着順 (New arrival order)

1. 【2024年度総括】藤井七冠(最優秀棋士)、羽生九段現役続行と会長退任を表明
2. 【バグ】TVerRec 3.4.2 のリネーム処理不具合とその原因を考察
3. 【恐怖】ポンジスキームとは？歴史から学ぶ詐欺の仕組み
4. 【終息】TVerRec 3.3.9（暫定）で機能制限ほぼ解除、3.4.0リリース！
5. 【緊急】TVerRec 3.3.6緊急リリース！仕様変更に暫定対応
6. 【未解決】TVerRecダウンロード不具合！TVerの仕様変更かも？
7. 【昇級／降級】全棋士ランキング確定、伊藤匠叡王B1へ昇級、羽生九段B2へ降級
8. 【将棋】なぜ藤井聡太は人々を魅了するのか？【2024年度振り返り】
9. 【更新】Lhaz 2.5.4リリース！法人利用が有料化へ
10. 【Pixel 3月／2025】カメラ、WebView 、Bluetooth、電話のバグ修正【Android 15】

タイトル：There is a case that the UNKNOWN ACCOUNT of the registry key should not be deleted. ：SC2

このサイトを検索 | Search this site