I’m (still) running Win-7 Home Premium. I understand the risks and, for a number of reasons, still DO NOT want to upgrade to Win-10 or to rebuild my win-7 installation to correct this problem. The system was built 8 years ago and, over the years, I have created and deleted numerous user accounts. I currently have three user accounts:
Administrator (SID 500)
AdminUser (SID 1003)
NormalUser (SID 1007)
Somewhere along the way, I deleted the original user account that Windows created during its original install which I believe was assigned SID 1000.
On the current system, things generally work as desired. But I occasionally encounter strange behavior and failures. During troubleshooting, I discovered that many folders retain ACL entries that refer to the now-orphaned SID 1000. For example, the command
icacls c:\ProgramData /save output.txt
produces the following
ProgramData
D:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;FA;;;S-1-5-21-xxx-yyy-zzz-1000)
The above indicates that NT AUTHORITY\SYSTEM
and BUILTIN\Administrators
have Full Control
permissions. It also lists the full SID for the now-orphaned 1000 user account. I'd like to remove these references to the bogus SID, but the command:
icacls C:\ProgramData /remove S-1-5-21-xxx-yyy-zzz-1000
does nothing when run from an elevated command prompt, reporting Successfully processed 0 files
. When using File Manager, the Remove
button is grayed-out on the Advanced Security Settings
dialog of the Security
tab of the Folder’s Properties
. So I cannot remove the permission that way either.
How do I remove the reference to this orphaned SID? Or change it to refer to a legitimate SID?
Alternatively, how do I change the SID associated with the existing 1003 user to 1000 so that references to SID 1000 get properly resolved to an active user account?
Any suggestions would be appreciated.
No sooner did I post my question, than I found an answer:
Not sure why I didn't think to use an elevated File Explorer earlier. But it successfully updated the ACLs and now the references to the bogus SID are gone. :-)