This article has been removed.
The content of this blog can be searched by keyword.
Use the search window in the sidebar or at the top. Alternatively, please translate the original article using Google or other means.
Please find alternative content.
Remnants of articles that had been published (Click!)
While hiding the libraries displayed in the left pane of Windows Explorer, I found an unknown account "S-1-15-3-1024-xxx" with permissions on the registry key ShellFolder.
The unknown account is like the first snapshot.
You can find it in the following hierarchy in Registry Editor:
\HKEY_CLASSES_ROOT\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\ShellFolder
When I checked,
S-1-15-3-1024-xxx was what was called Application SID.
1024 was a number equivalent to [RID of capability | RID of device].
Even in Windows 7, there was an unknown account in ShellFolder, but since the SID value was S-1-5-21-xxx, this one is different.
S-1-5-21-xxx is called the domain account SID and is given to the accounts participating in Windows Active Directory.
Well, the main subject.
The SID I found this time was the application SID.
I decided that there is no problem in deleting it, so I deleted it, but so far no problem has occurred.
This article describes the steps I took.
There is an "unknown account" that should not be deleted, which is also the title of this article, so please be careful when performing the procedure in the next section.
I have written the survey results in the postscript, so I would like you to read it and decide whether to execute it.
The procedure in the next section uses the free software "ExecTI" that can start the registry editor as "TrustedInstaller", so there is no need to change the owner of Shell Folder.
If you're not comfortable installing ExecTI, there's also a way to take ownership of ShellFolder (the procedure you performed in Windows 7).
Please read the related article at the end of the sentence.
ShellFolder location
The ShellFolders described in this article are in the following hierarchy.Please note that ShellFolder hits in multiple places, so ShellFolders that hit in other places are not relevant to this article.
ShellFolder inherits its permissions from the higher registry key {031E4825-7B94-4dc3-B131-E946B44C8DD5}.
Even if I logged in to Windows with an account that belongs to Administrators, when I try to delete S-1-15-1024, "Access is denied" is displayed.
Steps to delete unknown account
Use ExceTI, a free software that can start Registry Editor with TrustedInstaller permission, to delete unknown accounts.[procedure]
- Get ExecTI
- Launch Registry Editor from ExecTI
- Find ShellFolder
- View the permissions that ShellFolder inherits from
- Delete unknown account
- End of procedure
Make a backup copy of your registry in case something goes wrong.
It's hard to understand, but look for the link below.
Type ShellFolder in the box next to the value you want to find and click Next .
Searching will be faster if ☑ other than the following options is unchecked.
- ☑ key
- ☑ Find only exact matches
ShellFolder hits in multiple places, so press F3 on your keyboard to continue searching until the ShellFolder you want to edit hits .
Modify permissions on this registry key because ShellFolder permissions are inherited from {031E4825-7B94-4dc3-B131-E946B44C8DD5}.
Or go to Delete > Apply > OK on the keyboard .
Let's open ShellFolder permissions and confirm that the unknown account has been deleted.
Afterword (about SID)
S-1-15-3-1024-xxx is called the application SID, and 1024 is a value corresponding to "RID of capability | RID of device".It is not the SID that corresponds to the Windows account.
According to the article at atmarkit.co.jp,
Even if it is displayed as an unknown account, it is not given a name, and it may be the SID that Windows is using.
The SID with the given name is called the Well-Known capability SID, and it corresponds to [S-1-15-3-1 to S-1-15-3-10].
Therefore,
Since S-1-15-3-11 and later, no name is assigned, so it seems to be displayed as Un-Known capability SID (unknown account). (Refer to external link)
Write down the full Un-Known SID recorded this time.
And S-1-15-3-1024-xxx is the SID associated with the Active Directory.
Generally this happens when a PC is not communicating with Active Directory properly. Is your computer part of a domain?
reddit.com
My PC has no plans to participate in Active Directory, so I deleted S-1-15-3-1024-xxx, but if you are in an environment where Active Directory is installed at your company, leave this SID. I think it's better to wait.
Microsoft has a misleading specification that "unknown account = not an unknown account", so I would like you to do something about it.
At the very least, I want you not to be displayed as "unknown account".
- Isn't it really suspicious (?) What is the identity of an "unknown account" in Windows 10? (2/3) | atmarkit.co.jp
- [Unknown account S-1-15-3-1024 ...] | Microsoft Community
- The Account Unknown (S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681): Windows10
このサイトを検索 | Search this site
![en[EVENT131] Metadata staging failed](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjbs_msUKZLXTDaVteZjV5ArZ81T5bssP-FzmGA4DS0Z_dUZvgX9mWFkyF-3lHlicLk2TttAC5q2QunMSDeCYpYJAzk1Ghmj5KeZhDBCPGayeNyuq9C78mizcxzI84AvFw28Z258Tz5_HSO/w680/WinR300px.png)
![[EventId 131] メタデータステージングが失敗しました (DeviceSetupManager)](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiN6dqRB2WfXdfAKB10FDjdJ2p22frW5ahcNd07xf7-Dux9uDfiM1RGf7v6iO-QRooVfr3FsZNkpRKcO8Or0JcmQeJ5ud_ns3dfE7tQwoVZB2bsZbTKUaxVjG_CqSTho3hre6kT7T4mOBGz/w680/redyellow_317x.gif)
ブロトピ:今日のブログ更新