Click here to Skip to main content
1,837 members
Articles / Windows

Account Unknown

Rate me:
Please Sign up or sign in to vote.
5.00/5 (2 votes)
16 Apr 2012CPOL 12.7K   1
Recently while looking at the the security tab on a file, I found there was a user that was an unknown account. It wasn’t registered with the Windows Vista System. Looking around the system I found several more files, so …Continue reading →

Recently while looking at the the security tab on a file I found there was a user that was an unknown account. It wasn’t registered with the Windows Vista System.

accountunknown2

Looking around the system I found several more files, so I decided to figure out where this account came from.

An internet search about Account SID’s turned up a page on Wikipedia about Security identifier. This Box from the chart gave me the answer.

http://en.wikipedia.org/wiki/Security_Identifier

DomainSIDnfo

I needed to find the SID of the system I found in the file, but how ?

So Back to the internet search again. First I needed a way to easily get the information from the file, secondly I needed to get the SID of the system. The answer to that was to build 2 new programs.

GetAclNfo

In the screen shot above you see that the known accounts return the name only but the unknown returns the SID only.

GetFileSecurityInfo (above) and GetComputerSID (below)

GetComputerSIDa

I have a dual boot system (Windows Vista Ultimate x64 (my main) and Windows 7 Ultimate x64)  also 2 VHD’s . Since I had only 4 systems to check it was just a matter of checking computer SID’s till one matched.

The SID turned out to belong to Windows 7 .

Now that we found the system where the SID comes from, that brings me to another 1 of 2 tools I built previously for getting the user SID of known users.

 UserAccountNfo4

This one above called All User Account NFO or, the one below called User name Account Information.

UserAccountNfo5

What we are looking for is to match the SID for the first section to the system SID, then the last 4 numbers will give us the user account on that system. These particular screen shots above are  from the Vista VHD , which does not match the number in either section of the SID we are looking for. (See screen shot below to compare the numbers)

getaclnfoCropNoted

The User turned out to be my account on Windows 7.

So how did it get on the system to start with?

While booted into the Windows 7 OS I navigated to the partition for the Windows Vista and had to click a box to allow the windows 7 access on that partition for the areas I needed to get access to. It is amazing how far the inheritance travels in a system.

Well, another mystery solved.

I have not tested if a deleted account on the same system would leave a Unknown Account  on a file or not.

Reference:

The Code basis for the GetComputerSID.exe was found at an MSDN Forum where I added my code to the page after the person that originally listed it. I had to convert what they had to VB then get it to work.

The Code basis for the GetFileSecurityInfo.exe was found at EGGHEADCAFE.com

To get the SID of the computer you can also use a command line tool called PsGetSid located on the Windows Sysinternals web site.

The 2 new Programs are not yet Listed on my website.

Remember to Check your references and imports in VB to get the code to work.


Tagged: Account Unknown, security tab, User Account Tools, VB

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


Written By
CEO PC's Xcetra
United States United States
My first experience with computers was when my mom gave a Timex Sinclair 1000 to me for Christmas some time in the late 70's (I still have it)There I learned to copy code from magazines to save to cassette tapes for playing games.

Since then I have dabbled in:
Basic,Qbasic,ruby,python,Java Script, HTML, CSS, C#, C++, Perl, and a few other I can't think of off hand.
Now I Mainly work with VB Script and VB.Net
I Prefer to build programs that make use of the GUI so I don't have to remember all of the syntax for console apps. I realy don't care much for HTML because of the way you build and then run to see if it looks right. Also the new WPF is to much like HTML so I steer clear of it for now.
Most of what I build is for getting information from a system to use in system repair.I make heavy use of the WMI classes. Why reinvent something.

Comments and Discussions

 
GeneralMy vote of 5 Pin
Michael Haephrati8-Sep-13 6:05
Michael Haephrati8-Sep-13 6:05 
Great article

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.