0
1
While trying to sysprep my OS to move to a new hardware structure I stumbled upon the error described in this Microsoft support article. Trying to get rid of it I set up a Windows 10 Version 1703 VM and copied the MiracastView folder from there which didn't solve the issue.
On further investigation I found that there seems to be a user-SID which I cannot find connected to any actual account. Using Get-AppxPackage -AllUsers *mira*
produces the following output:
PS C:\WINDOWS\system32> Get-AppxPackage -AllUsers *mira*
Name : Windows.MiracastView
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Architecture : Neutral
ResourceId : neutral
Version : 6.3.0.0
PackageFullName : Windows.MiracastView_6.3.0.0_neutral_neutral_cw5n1h2txyewy
InstallLocation : C:\Windows\MiracastView
IsFramework : False
PackageFamilyName : Windows.MiracastView_cw5n1h2txyewy
PublisherId : cw5n1h2txyewy
PackageUserInformation : {S-1-5-21-1989392932-2341005969-1285330504-1000 [MyMainUseraccount]: Installed,
S-1-5-21-1989392932-2341005969-1285330504-1010
[S-1-5-21-1989392932-2341005969-1285330504-1010]: Installed(pending removal)}
IsResourcePackage : False
IsBundle : False
IsDevelopmentMode : False
IsPartiallyStaged : False
SignatureKind : System
Status : Ok
However using wmic useraccount get name,sid
shows this:
C:\WINDOWS\system32>wmic useraccount get name, sid
Name SID
Administrator S-1-5-21-1989392932-2341005969-1285330504-500
DefaultAccount S-1-5-21-1989392932-2341005969-1285330504-503
Gast S-1-5-21-1989392932-2341005969-1285330504-501
HomeGroupUser$ S-1-5-21-1989392932-2341005969-1285330504-1005
MyMainUseraccount S-1-5-21-1989392932-2341005969-1285330504-1000
WDAGUtilityAccount S-1-5-21-1989392932-2341005969-1285330504-504
missing the entry ending on 1010 seen in the output of the other command.
I chose to take a look in the registry to see where that sid showed up and these are some of the first paths that were found:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\UserManager\Users\1044476
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\DownlevelInstalled\S-1-5-21-1989392932-2341005969-1285330504-1010
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\EndOfLife\S-1-5-21-1989392932-2341005969-1285330504-1010
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{D6886603-9D2F-4EB2-B667-1971041FA96B}\S-1-5-21-1989392932-2341005969-1285330504-1010
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Creative\S-1-5-21-1989392932-2341005969-1285330504-1010
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\UserTile
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\NetCache\PurgeAtNextLogoff
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SystemProtectedUserData\S-1-5-21-1989392932-2341005969-1285330504-1010
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\{S-1-5-21-1989392932-2341005969-1285330504-1010}
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\{S-1-5-21-1989392932-2341005969-1285330504-1010}
Computer\HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\AppxAllUserStore\EndOfLife\S-1-5-21-1989392932-2341005969-1285330504-1010
but the SID didn't show up under the keys HKU
nor Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
.
By now I am completely lost where that key could come from, how I can remove it or whether it is safe to do so at all. Any hint in any direction would be highly appreciated!
After manually running the update to 1803 today, the SID doesn't show up in the registry anymore. However it still shows up for another problematic Appx-Package. If anyone knows the origin of that mysterious SID, I will gladly accept that as answer. – geisterfurz007 – 2018-06-20T08:43:01.550
Another update: ... It's back. At least two packages are installed for that user and won't uninstall because of that. I cannot log in as that user because it doesn't really exist. A new user I created for testing has SID 1012 in the end. In the registry it shows up as essentially a new account with a good amount of Microsoft Software installed as Appx-Packages. – geisterfurz007 – 2018-06-20T11:17:02.670