How in the heck do you get rid of the “Account Unknown” User.
I want to find where I can delete the user so it will be removed from every file at once.
Wheels
I want to find where I can delete the user so it will be removed from every file at once.
In the user administration part of the management screen. (Sorry I don’t know how is it called in english)
You can access it by right clicking on “my computer”.
The regular win10 user manager probably won’t do, I always use that old school one.
That user is already deleted, or rather Windows doesn’t know anything about it.
Each file in the filesystem has a header bit of metadata and stuff. Permissions are stored in a list where the accounts are assigned to the file by a unique Security Id. Each user and resource in Windows has a S-ID (the long number starting with S-1 above). When you upgraded or deleted a Windows user (probably during an upgrade) then the file marker gets left behind even though the account is gone. Windows will create a new account for you on upgrade and ‘migrate’ stuff across.
Even though they are on the files they are harmless, as the account is gone now. If you really want I could dig out how to find every file with that S-ID and remove it, but there’s no danger or any downside of them being there.
EDIT: Here’s a script if you really hate them, but it’s not trivial to use - Browse code samples | Microsoft Learn
Why would this unknown account continue to be added to every new file you create?
Thanks frog but that script hasn’t been shown to work with Win7.
Verified on the following platforms
Windows 10 No Windows Server 2012 No Windows Server 2012 R2 No Windows Server 2008 R2 Yes Windows Server 2008 Yes Windows Server 2003 No Windows Server 2016 No Windows 8 No Windows 7 No Windows Vista No Windows XP No Windows 2000 No
Wheels
The script works fine with all windows, that’s just the technet gallery legally saying they don’t test it on all platforms.
So you’re saying that you create a new ‘note.txt’ file in your Documents folder and this SID appears on it as well? For that, no idea. Maybe a previously scheduled task or something when you ran Vista that got migrated.
Yep, that is why I want to find it and kill it.
I created this file after I read your post and it has the “Account Unknown” user.
Wheels
Maybe the rights are inherited?
Not sure how windows does it, but on unix/linux a file inherits the rights from its parent directory.
1 Like
Could be if the computer was joined (or renamed) a workgroup or domain and then left. The S-1-5-21-XX shows it as a domain admin account. Windows will give admin permissions for it, even though the group is left.
Fun background reading if keen:
1 Like
Yeah, could be. Wheels, if you create a new folder in Explorer like C:/test then remove that SID from it in Details/Security and then create a .txt file in it with a save as… from notepad then is it still on the new file?
It’s probably because that old Vista admin user had ownership of all /Users/My Documents etc already and new files below that would inherit like Aginor said.
Ok that “Account Unknown” user was not created for the test file on the c drive or for the text or image files I saved in that folder. These were the users it created for that folder and files.
Wheels
1 Like
So that means if you look at folders ‘above’ the one that it is added to you can find where to remove it. Example:
If your ‘C:/users/Wheels’ has it one then any files like ‘C:/users/Wheels/Desktop’ etc would automatically inherit it, so if you remove it from the ‘top’ then it should be gone.
When you upgraded from an earlier windows it had an old admin account that ‘owned’ that top level file, so anything created since then ‘below it’ will have it too unless removed.
Sound ok?
Funny part is I have never upgraded Windows on this system. The only thing that gave me fits recently was TeamViewer when they blocked me from using their program.
Although i think i follow your line of reasoning on how to delete the user. Will give it a go and see what happens.
Wheels
Well I screwed up. I found the parent folder and deleted the Unknown user. All was going well until it hit the Malwarebytes folder and it wouldn’t allow the user to be removed from those files. I clicked OK to move past it several times and then I accidentally clicked cancel. That canceled the process and now the parent folder doesn’t show that user anymore but several of the subfolders still have it.
You guessed it, those subfolders will not let me delete that user since they say the permissions were inherited…
Wheels