none
Registry permissions after 1703 update - Unknown Account

    Question

  • Under many registry locations, specifically Computer\HKEY_LOCAL_MACHINE\SOFTWARE, there is a strange account with read access, Unknown Account {S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681}. This account appeared after I updated my PC to 1703 and is included on any clean install of 1703 I have tested. 

    It does not connect to an active account however when I remove this account from the permissions list (in test systems) Edge ceases to function and crashes before fulling loading. As the account is unknown I cannot add it back to the permissions on the registry key and must reinstall so the account has access again. 

    Where I work security on this and other keys is controlled by Group Policy from 1607/1511 which we have updated with the policies from 1703. The policy sets specific permissions on registry components and inherits them down to some degree. As the account is unknown it cannot be added to the policy and any 1703 install that picks up the policy requires a reinstall to resolve issue with Edge failing to launch. We have creatd a test OU and policy that does not include the permissions changes and that policy implements without issue.

    We use software that requires specific permissions on the above registry component or so I have been told by the admin who manages that software. In order to implement 1703 we need to resolve this issue with the unknown account and the permissions change either by adding the unknown account to the Group Policy or removing whatever it is needed to allow Edge to launch.

    This also leads the deeper questions of what this account is for, when it is created and removed, what other permissions it has, why it is necessary to keep around, and similar. 

    If I am missing something please let me know. I am happy to privide more information about our Group Policy settings, software, and other items.



    Monday, April 24, 2017 7:29 PM

All replies

  • Hi,

    If other App has same issue?

    You may need to enum all ACLs for your C:\Program files folder can see if the account you mentioned has some special permission on which folder. 

    From Systernals you can download this tool: AccessEnum
    https://technet.microsoft.com/en-us/sysinternals/bb842062.aspx

    Please know that We should have certain SID which refer to Security manager: 

    S-1-15-3-1024-3635283841-2530182609-996808640-1887759898-3848208603-3313616867-983405619-2501854204


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Friday, April 28, 2017 7:20 AM
    Moderator
  • I have this same issue - home computer, it is NOT supposed to be a client or server.  I am not a developer, or an IT administrator.  I know a little about objects and permissions, enough to know I don't know enough.  I have clean installed with the media creation tool from USB - at one point I even used Samsung Magician to completely erase one of my SSD's before re-installing the OS but nevertheless these strange phantom "users?" i guess with their permissions somehow creep in.  I would appreciate some guidance!
    Thursday, February 15, 2018 9:13 AM
  • I've found the same mysterious 'unknown account' on my Windows 10 laptop (Account Unknown(S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681).  I've been researching, and trying to fix, 10016 system errors on my laptop for the past week.  I am finally down to 2 or 3 fixes, but during all of my research I've noticed that this 'unknown account' pops up periodically.

    WE ARE NOT ALONE!  I have not kept track of the number of people impacted by this 'unknown account', but I can easily state that this topic has come up a lot.  I'm thinking that the average user has no idea what a 10016 error means, nor would a normal user ever think to fix these error (until they realize their performance is slow, or they have slow startups).  At this point, I think most people will have a technical person perform the cleanup of their device.

    With that said, I'm thinking this 'unknown account' exists in every Windows 10 device that has recently upgraded.  Most people simply have no idea what this is or how to fix the problem.

    IT WOULD BE WONDERFUL, if Microsoft actually acknowledged that the 'unknown account' problem exists on devices that upgraded to Windows 10 xxxx edition, AND actually create a 'fixit' app (or implement some other simple procedure/update)  to help normal, every day users, remove/fix this problem. (This is one of my gripes with Windows 10... A user sees their computer slowing down, and they have no idea what to do, so they spend good money having to have a technician fix and speed up their system).

    I'm not a super techie guy, but I can search online and eventually I can figure things out (or I create a huge mess).  Please, if anyone finds a good, working solution, keep us posted.

    kind regards,

    Wednesday, April 4, 2018 1:21 AM