Is it okay to remove unknown accounts from user folder permissions?

[Keyes]

I have one user on my system which is the administrator as well. I noticed when I viewed the security tab of my user folder (My own specific user folder, e.g c:/users/(user) ) and noticed a few SIDs listed which the question mark symbols, and one listed as unknown - I presume all were unknown. I removed them and and then applied, and then Windows prompted me with a security error in that I could not change the security permissions of some files, and that I was to click continue. It did this for a few files (e.g the cardsspace folder) and then it showed the different files with the new setting being applied.

Eventually it finished and now those SIDs are gone, and are also gone from the folders within. My questions are 1. Is it okay to do this considering I only have one user on my system and is not connected to a home group, and 2. Is it normal for some files to prompt and error about having these permissions changed and deny access?

Thank you.

 

[Pyprohly]

Is it okay to do this considering I only have one user on my system and is not connected to a home group

If you think it's okay, it is okay—it's your computer—you decide how you administer your files.

It's usually safe to remove any unknown ACEs on permission lists. Gathering too many ACEs on an ACL of a file may reduce the performance of you system any time it tries to operate on that file. (Though this is not to be a concern, esp. when you're not on a network. I only say this to make you feel better about preforming SID genocide, Keyes.)

Given that you are the only user of your computer, and the fact that you're not on a network, I wouldn't have a clue as to where those extra ACEs came from, Keyes.

Is it normal for some files to prompt and error about having these permissions changed and deny access?

Yes. It happens occasionally.

Actually, I think there is a bug in Windows 7's Explorer where sometimes it will insist that you do not have permission to make permission changes to a file. I recall remember noticing this, and I vaguely remember reading somewhere that Explorer was bugged in this aspect, but it's been a while and I'm not too curious on test any thing out right now.

 

[Keyes]

Is it okay to do this considering I only have one user on my system and is not connected to a home group

If you think it's okay, it is okay—it's your computer—you decide how you administer your files.

It's usually safe to remove any unknown ACEs on permission lists. Gathering too many ACEs on an ACL of a file may reduce the performance of you system any time it tries to operate on that file. (Though this is not to be a concern, esp. when you're not on a network. I only say this to make you feel better about preforming SID genocide, Keyes.)

Given that you are the only user of your computer, and the fact that you're not on a network, I wouldn't have a clue as to where those extra ACEs came from, Keyes.

Is it normal for some files to prompt and error about having these permissions changed and deny access?

Yes. It happens occasionally.

Actually, I think there is a bug in Windows 7's Explorer where sometimes it will insist that you do not have permission to make permission changes to a file. I recall remember noticing this, and I vaguely remember reading somewhere that Explorer was bugged in this aspect, but it's been a while and I'm not too curious on test any thing out right now.

While I am not on a home group, I am on a network, apologies if I didn't make that clear incase I misused a term. There's two other Win 7 machines on the network, and there were previous users on the system as it was a prebuilt machine and was tested before being sent by the manufacturers.

I'm not sure of the inner workings of the SIDs but I might know of their origins? The SID for my machine was identical to unknown ones except for the last 4 digits - might this indicate its the same network?

 

[Pyprohly]

While I am not on a home group, I am on a network, apologies if I didn't make that clear incase I misused a term. There's two other Win 7 machines on the network, and there were previous users on the system as it was a prebuilt machine and was tested before being sent by the manufacturers.

There. Both or either point may explain the origins of those SIDs.

I'm not sure of the inner workings of the SIDs but I might know of their origins? The SID for my machine was identical to unknown ones except for the last 4 digits - might this indicate its the same network?

Unless you are on a domain, all but the last component of your user's SID matching with another user's SID is an indication that the other SID originated from your machine and not from a remote machine.

Given there are three computers on your network I'm going to assume you are not on a domain, and the unknown SIDs have actually originated from your local machine.


For more information about SIDs, see the documentation, especially the How Security Identifiers Work section which is very detailed.