How do you deal with Unknown (S-1-15-3-xxxxxxxxxxxxxxxxxxxxxxxxxx)


S

siliconbeaver

Well-known member
Member
Local time
1:23 PM
Posts
270
OS
Windows 7/11
on my Windows 11 24H2, several folders (NOT all) cannot be accessed. likely ownership taken by Unknown (S-1-15-3-xxxxxxxxxxxxxxxxxxxxxxxxxx)

1730352424865.png

In past, I had removed the Unknown accounts, re-taken over ownership. That fixed the access problem.
As Windows 24H2 is new, so I did google to see if any "improved" solution. it's noticed that answers.microsoft.com had this posted



--- Windows creates hidden security accounts in the background of the operating system, they all begin with S-1-15-XXXX, all Windows systems have those accounts, they are used for administrative tasks like Windows Security, installing updates, file management...etc. those accounts are normal and rest assured you have nothing to worry about, you should never try to remove those hidden accounts.

I am a little shocked by the statement above.
  1. This is a hostile takeover by Windows and Microsoft tries to hide it?
  2. Even you have noticed by chance, --- you should never try to remove those hidden accounts.

I hope to restore access to those folders. would like to know how you guys deal with this case.
"never try to remove those hidden accounts." ? then these must be a proper way.
(indeed, as long as the folder was shared in past. while PC got new OS installed (no matter W7/10/11). this problem always happened)
 

My Computer

System One

  • OS
    Windows 7/11
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP/Lenovo/Asus
    CPU
    Intel i7-11800H
    Motherboard
    Lenovo Legion 5i Pro Gen 6
    Memory
    32GB DDR4 3200MHz
    Graphics Card(s)
    NVIDIA GeForce RTX 3070
    Hard Drives
    1TB PCIe SSD
I found out to my cost that you can't mess with them.
 

My Computer

System One

  • OS
    WIN 11 Pro 24H2 - 26100.3323
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom Build
    CPU
    Intel XEON E5-2699 v3
    Motherboard
    ASUS X99-A
    Memory
    64GB Teamgroup UD4-3600
    Graphics Card(s)
    NVIDIA GeForce GTX 1080 Ti
    Sound Card
    Integrated
    Monitor(s) Displays
    ACER X34 Predator
    Screen Resolution
    3440 x 1440
    Hard Drives
    Crucial CT1000P 3P SSD8 1TB
    Crucial CT1000 BX500 SSD 1TB
    PSU
    GameMax Pro
    Case
    Fractal Design
    Cooling
    Corsair H110iGT + 6 140mm Fans
    Keyboard
    Corsair K4
    Mouse
    G-Skill G502
    Internet Speed
    50MBs
    Browser
    Chrome
    Antivirus
    OEM
Anyway, I removed them on my data partitions (like I did before). now access of those folders has been restored.

I didn't do it on OS partition, OS folders can be sensitive.
 

My Computer

System One

  • OS
    Windows 7/11
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP/Lenovo/Asus
    CPU
    Intel i7-11800H
    Motherboard
    Lenovo Legion 5i Pro Gen 6
    Memory
    32GB DDR4 3200MHz
    Graphics Card(s)
    NVIDIA GeForce RTX 3070
    Hard Drives
    1TB PCIe SSD
I have a fresh backup, so...
I removed Unknown (S-1-15-3-xxxxxxxxxxxxxxxxxxxxxxxxxx) on my OS partition, rebooted, and it just grew back.
 
Last edited:

My Computers

System One System Two

  • OS
    Win 11 Home ♦♦♦26100.3775 ♦♦♦♦♦♦♦24H2 ♦♦♦non-Insider
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® [May 2020]
    CPU
    AMD Ryzen 7 3700X
    Motherboard
    Asus Pro WS X570-ACE (BIOS 5002)
    Memory
    G.Skill (F4-3200C14D-16GTZKW)
    Graphics Card(s)
    EVGA RTX 2070 (08G-P4-2171-KR)
    Sound Card
    Realtek ALC1220P / ALC S1220A
    Monitor(s) Displays
    Dell U3011 30"
    Screen Resolution
    2560 x 1600
    Hard Drives
    2x Samsung 860 EVO 500GB,
    WD 4TB Black FZBX - SATA III,
    WD 8TB Black FZBX - SATA III,
    DRW-24B1ST CD/DVD Burner
    PSU
    PC Power & Cooling 750W Quad EPS12V
    Case
    Cooler Master ATCS 840 Tower
    Cooling
    CM Hyper 212 EVO (push/pull)
    Keyboard
    Ducky DK9008 Shine II Blue LED
    Mouse
    Logitech Optical M-100
    Internet Speed
    300/300
    Browser
    Firefox (latest)
    Antivirus
    Bitdefender Internet Security
    Other Info
    Speakers: Klipsch Pro Media 2.1
  • Operating System
    Windows XP Pro 32bit w/SP3
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® (not in use)
    CPU
    AMD Athlon 64 X2 5000+ (OC'd @ 3.2Ghz)
    Motherboard
    ASUS M2N32-SLI Deluxe Wireless Edition
    Memory
    TWIN2X2048-6400C4DHX (2 x 1GB, DDR2 800)
    Graphics card(s)
    EVGA 256-P2-N758-TR GeForce 8600GT SSC
    Sound Card
    Onboard
    Monitor(s) Displays
    ViewSonic G90FB Black 19" Professional (CRT)
    Screen Resolution
    up to 2048 x 1536
    Hard Drives
    WD 36GB 10,000rpm Raptor SATA
    Seagate 80GB 7200rpm SATA
    Lite-On LTR-52246S CD/RW
    Lite-On LH-18A1P CD/DVD Burner
    PSU
    PC Power & Cooling Silencer 750 Quad EPS12V
    Case
    Generic Beige case, 80mm fans
    Cooling
    ZALMAN 9500A 92mm CPU Cooler
    Mouse
    Logitech Optical M-BT96a
    Keyboard
    Logitech Classic Keybooard 200
    Internet Speed
    300/300
    Browser
    Firefox 3.x ??
    Antivirus
    Symantec (Norton)
    Other Info
    Still assembled, still runs. Haven't turned it on for 15 years?
Ghot said:
I have a fresh backup, so...
I removed Unknown (S-1-15-3-xxxxxxxxxxxxxxxxxxxxxxxxxx) on my OS partition, rebooted, and it just grew back.
Click to expand...
I once tried that and had to do a re-install, Windows exploded.
 

My Computer

System One

  • OS
    WIN 11 Pro 24H2 - 26100.3323
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom Build
    CPU
    Intel XEON E5-2699 v3
    Motherboard
    ASUS X99-A
    Memory
    64GB Teamgroup UD4-3600
    Graphics Card(s)
    NVIDIA GeForce GTX 1080 Ti
    Sound Card
    Integrated
    Monitor(s) Displays
    ACER X34 Predator
    Screen Resolution
    3440 x 1440
    Hard Drives
    Crucial CT1000P 3P SSD8 1TB
    Crucial CT1000 BX500 SSD 1TB
    PSU
    GameMax Pro
    Case
    Fractal Design
    Cooling
    Corsair H110iGT + 6 140mm Fans
    Keyboard
    Corsair K4
    Mouse
    G-Skill G502
    Internet Speed
    50MBs
    Browser
    Chrome
    Antivirus
    OEM

My Computers

System One System Two

  • OS
    Win 11 Home ♦♦♦26100.3775 ♦♦♦♦♦♦♦24H2 ♦♦♦non-Insider
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® [May 2020]
    CPU
    AMD Ryzen 7 3700X
    Motherboard
    Asus Pro WS X570-ACE (BIOS 5002)
    Memory
    G.Skill (F4-3200C14D-16GTZKW)
    Graphics Card(s)
    EVGA RTX 2070 (08G-P4-2171-KR)
    Sound Card
    Realtek ALC1220P / ALC S1220A
    Monitor(s) Displays
    Dell U3011 30"
    Screen Resolution
    2560 x 1600
    Hard Drives
    2x Samsung 860 EVO 500GB,
    WD 4TB Black FZBX - SATA III,
    WD 8TB Black FZBX - SATA III,
    DRW-24B1ST CD/DVD Burner
    PSU
    PC Power & Cooling 750W Quad EPS12V
    Case
    Cooler Master ATCS 840 Tower
    Cooling
    CM Hyper 212 EVO (push/pull)
    Keyboard
    Ducky DK9008 Shine II Blue LED
    Mouse
    Logitech Optical M-100
    Internet Speed
    300/300
    Browser
    Firefox (latest)
    Antivirus
    Bitdefender Internet Security
    Other Info
    Speakers: Klipsch Pro Media 2.1
  • Operating System
    Windows XP Pro 32bit w/SP3
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® (not in use)
    CPU
    AMD Athlon 64 X2 5000+ (OC'd @ 3.2Ghz)
    Motherboard
    ASUS M2N32-SLI Deluxe Wireless Edition
    Memory
    TWIN2X2048-6400C4DHX (2 x 1GB, DDR2 800)
    Graphics card(s)
    EVGA 256-P2-N758-TR GeForce 8600GT SSC
    Sound Card
    Onboard
    Monitor(s) Displays
    ViewSonic G90FB Black 19" Professional (CRT)
    Screen Resolution
    up to 2048 x 1536
    Hard Drives
    WD 36GB 10,000rpm Raptor SATA
    Seagate 80GB 7200rpm SATA
    Lite-On LTR-52246S CD/RW
    Lite-On LH-18A1P CD/DVD Burner
    PSU
    PC Power & Cooling Silencer 750 Quad EPS12V
    Case
    Generic Beige case, 80mm fans
    Cooling
    ZALMAN 9500A 92mm CPU Cooler
    Mouse
    Logitech Optical M-BT96a
    Keyboard
    Logitech Classic Keybooard 200
    Internet Speed
    300/300
    Browser
    Firefox 3.x ??
    Antivirus
    Symantec (Norton)
    Other Info
    Still assembled, still runs. Haven't turned it on for 15 years?
siliconbeaver said:
--- Windows creates hidden security accounts in the background of the operating system, they all begin with S-1-15-XXXX, all Windows systems have those accounts, they are used for administrative tasks like Windows Security, installing updates, file management...etc. those accounts are normal and rest assured you have nothing to worry about, you should never try to remove those hidden accounts.

I am a little shocked by the statement above.
  1. This is a hostile takeover by Windows and Microsoft tries to hide it?
  2. Even you have noticed by chance, --- you should never try to remove those hidden accounts
Click to expand...

1. When you perform a clean install, Windows creates a random SID (Security Identifier) for the entire system. This randomized SID is designed to make this PC unique, and distinct from all other PC's in the universe. Every time you re-install Windows on this exact same PC, a different SID will be created for the system. It's a designed security feature.

2. After the system SID is generated, Windows creates a series of default user for its own use. Some of the pre-defined user profiles have a SID derivated from the system's SID, by appending the last few digits. There is a hierarchy of which SID's are pre-assigned to either "well known SID's" which have fixed ID numbers, and those that are derived by appending.

3. The first legitimate user account is assigned the SID with S-.-.-.-1000. Every new user is assigned the next available number (1001, 1002...).

4. If you have folders or files created by a previous Windows install (or transferred from another PC), their SID's will have wildly different numbers. Again, because those folders were made on a PC with a different random SID. Since your PC doesn't recognize the SID numbers, it's treated as "Unknown User". While you can take ownership of these files so you have control, that action doesn't clear the other SID from the file's security info. You have to perform the additional step of updating the security info, and explicitly removing that SID.

5. Folks who've reinstalled their Windows over and over, but left their external drives untouched will always see this problem. System SID's are not interchangeable, you can't import the previous Windows' SID into your new Windows. It doesn't work that way for security reasons.
 

My Computer

System One

  • OS
    Windows 7
Thanks,

unique

That's right like NIC MAC address or phone's IMEI number. I see.

garlin said:
1. This randomized SID is designed to make this PC unique, and distinct from all other PC's in the universe. Every time you re-install Windows on this exact same PC, a different SID will be created for the system. It's a designed security feature.
Click to expand...
 

My Computer

System One

  • OS
    Windows 7/11
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP/Lenovo/Asus
    CPU
    Intel i7-11800H
    Motherboard
    Lenovo Legion 5i Pro Gen 6
    Memory
    32GB DDR4 3200MHz
    Graphics Card(s)
    NVIDIA GeForce RTX 3070
    Hard Drives
    1TB PCIe SSD
You must log in or register to reply here.

Similar threads

How do you deal with "Desktop" being both a parent and a child in Win 11 File Explorer
Replies
16
Views
4K
Hguilmette
Hguilmette

Latest Support Threads

Latest Tutorials

Back
Top Bottom