-1
This is an offshoot of trying to fix UAC from re-enabling itself at logon after changing registry keys. I'm trying to remove all write permissions to the HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System key, but I keep getting an unknown account that adds itself back to the list after removing it, which I suspect is the culprit.
I read somewhere that this is because of inherited permissions, so I went to the root HKLM to remove it from there, but it still persists.
This unknown account does not appear in the list of user accounts under 'Users and groups' or anywhere else. I've upgraded my Windows installation from 8 to 10, but even then shouldn't it show up in the list of users?
Is there a way to stop this behavior and get rid of the unknown account?
Rex
Posted 2018-07-25T06:31:53.933
Reputation: 390
1To be honest, removing all of the write permissions on the
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Systemis essentially what my father used to call "hunting roaches with a shotgun." It will get the job done, but the collateral damage is inevitably worse than the original problem. Your operating system is destined to encounter numerous problems if you do that. – Run5k – 2018-07-25T14:24:14.7502
I agree with Run5k here - this is probably not the best approach. That said, if you want to identify what is writing, you should try to identify the SID (that is, the unique key attached to the presumably unnamed account). You should be ablt to read the SID with PowerShell. From there, you should try to fgure out why it's being written to, and, if needed, stop it at the source - rather than fiddling with permissions in a way that might cause "mysterious" breakage half a year later.
– Bob – 2018-07-25T14:26:56.450