Is it okay to remove unknown accounts from user folder permissions?


  1. Keyes
    Posts : 122
    Windows 7 Home Premium 64 bit
       New #1

    Is it okay to remove unknown accounts from user folder permissions?


    I have one user on my system which is the administrator as well. I noticed when I viewed the security tab of my user folder (My own specific user folder, e.g c:/users/(user) ) and noticed a few SIDs listed which the question mark symbols, and one listed as unknown - I presume all were unknown. I removed them and and then applied, and then Windows prompted me with a security error in that I could not change the security permissions of some files, and that I was to click continue. It did this for a few files (e.g the cardsspace folder) and then it showed the different files with the new setting being applied.

    Eventually it finished and now those SIDs are gone, and are also gone from the folders within. My questions are 1. Is it okay to do this considering I only have one user on my system and is not connected to a home group, and 2. Is it normal for some files to prompt and error about having these permissions changed and deny access?

    Thank you.
      My Computer
    Quote Quote

  3. Pyprohly
    Posts : 721
    Windows 10, Windows 8.1 Pro, Windows 7 Professional, OS X El Capitan
       New #2

    Keyes said:
    Is it okay to do this considering I only have one user on my system and is not connected to a home group
    If you think it's okay, it is okay—it's your computer—you decide how you administer your files.

    It's usually safe to remove any unknown ACEs on permission lists. Gathering too many ACEs on an ACL of a file may reduce the performance of you system any time it tries to operate on that file. (Though this is not to be a concern, esp. when you're not on a network. I only say this to make you feel better about preforming SID genocide, Keyes.)

    Given that you are the only user of your computer, and the fact that you're not on a network, I wouldn't have a clue as to where those extra ACEs came from, Keyes.

    Keyes said:
    Is it normal for some files to prompt and error about having these permissions changed and deny access?
    Yes. It happens occasionally.

    Actually, I think there is a bug in Windows 7's Explorer where sometimes it will insist that you do not have permission to make permission changes to a file. I recall remember noticing this, and I vaguely remember reading somewhere that Explorer was bugged in this aspect, but it's been a while and I'm not too curious on test any thing out right now.
      My Computer
    Quote Quote

  4. Keyes
    Posts : 122
    Windows 7 Home Premium 64 bit
    Thread Starter
       New #3

    Pyprohly said:
    Keyes said:
    Is it okay to do this considering I only have one user on my system and is not connected to a home group
    If you think it's okay, it is okay—it's your computer—you decide how you administer your files.

    It's usually safe to remove any unknown ACEs on permission lists. Gathering too many ACEs on an ACL of a file may reduce the performance of you system any time it tries to operate on that file. (Though this is not to be a concern, esp. when you're not on a network. I only say this to make you feel better about preforming SID genocide, Keyes.)

    Given that you are the only user of your computer, and the fact that you're not on a network, I wouldn't have a clue as to where those extra ACEs came from, Keyes.

    Keyes said:
    Is it normal for some files to prompt and error about having these permissions changed and deny access?
    Yes. It happens occasionally.

    Actually, I think there is a bug in Windows 7's Explorer where sometimes it will insist that you do not have permission to make permission changes to a file. I recall remember noticing this, and I vaguely remember reading somewhere that Explorer was bugged in this aspect, but it's been a while and I'm not too curious on test any thing out right now.
    While I am not on a home group, I am on a network, apologies if I didn't make that clear incase I misused a term. There's two other Win 7 machines on the network, and there were previous users on the system as it was a prebuilt machine and was tested before being sent by the manufacturers.

    I'm not sure of the inner workings of the SIDs but I might know of their origins? The SID for my machine was identical to unknown ones except for the last 4 digits - might this indicate its the same network?
      My Computer
    Quote Quote

  6. Pyprohly
    Posts : 721
    Windows 10, Windows 8.1 Pro, Windows 7 Professional, OS X El Capitan
       New #4

    Keyes said:
    While I am not on a home group, I am on a network, apologies if I didn't make that clear incase I misused a term. There's two other Win 7 machines on the network, and there were previous users on the system as it was a prebuilt machine and was tested before being sent by the manufacturers.
    There. Both or either point may explain the origins of those SIDs.

    Keyes said:
    I'm not sure of the inner workings of the SIDs but I might know of their origins? The SID for my machine was identical to unknown ones except for the last 4 digits - might this indicate its the same network?
    Unless you are on a domain, all but the last component of your user's SID matching with another user's SID is an indication that the other SID originated from your machine and not from a remote machine.

    Given there are three computers on your network I'm going to assume you are not on a domain, and the unknown SIDs have actually originated from your local machine.


    For more information about SIDs, see the documentation, especially the How Security Identifiers Work section which is very detailed.
      My Computer
    Quote Quote

 

  Related Discussions
How to Add or Remove User Accounts from Groups in Vista, Windows 7, and Windows 8 This will show you how to limit the ability of users to be able to perform certain actions by adding or removing their user accounts from being a member of groups and the group's default rights and permissions....
Hi all, Hoping someone might be able to help. Recently, a few strange things have happened with the PC, which first started when I found I couldn't use the Backup & Recovery software in Windows 7. Whenever I clicked on one of the buttons with a shield, nothing would happen at all. I've looked...
Hi there, Wonder if you can help me. Noticed something strange today and trying to work out whether anything sinister is going on with my machine. Ran virus scans and such, all came back clear. I basically have a series of "Unknown Accounts" listed in advanced system properties. This...
I have two unknown user accounts showing in the security tab. They do not exist under "user accounts" in control panel. I have been unable to delete them and thought they might be part of Comodo firewall or Avast antivirus? I'm not familiar with how to navigate to the security tab other then...
Permissions on User Accounts
in Hardware & Devices

Hi I have set up a laptop running Windows 7 with an Administrator Account and a general User Account (not the Windows 7 Guest). When I log on to the User Account, I get two *.exe files trying to load which require administrator permissions. The files are part of the laptop manufacturers...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 09:02.
Find Us