In Windows, security identifiers (SID) are unique value of variable length that is used to identify a security principal such a user name or group. Usually, some of SIDs are well known and have their value constant for the entire system. SIDs are expected to resolve into friendly names except at some locations. If you spot the Account Unknown SID in Windows 10 or Server and don’t know why it is there, this article is for you.
To locate SID for an item in Windows, you’ve to right click on it and select Properties. On the property sheet, when you go to Security tab, you should be able to locate SIDs under Groups or user names. To get more information about SIDs mentioned there, you can click on Advanced button. This should take you to Advanced Security Settings window. Here, you can see access and inheritance for the SIDs as shown in above screenshot. However, sometimes you may spot Account Unknown SID. You might be wondering why it is appearing and is it suspicious? Let us try to find out an answer for these questions.
Account Unknown SID in Windows 10/Server
According to Microsoft, some special SIDs are known as capability SID. These SIDs made their debut to Windows family with Windows 8 and Server 2012. These capability SIDs are so designed that they didn’t resolve to a friendly name. Places such as File Explorer, Security Audit reports and ACLs in registry usually have capability SID. So ‘Account Unknown’ SID in question here is actually a capability SID. A capability SID is not supposed to resolve into friendly name and it is by design, says Microsoft. According to the company, the capability is an unforgeable token of authority that grants a Windows component or a Universal Windows Application access to resources such as documents, cameras, locations, and so forth.
In Windows 10 Version 1809 or later, there are more than 300 capability SIDs exists. The most common capability SID in Windows is this one:
S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681
The ‘Account Unknown’ SID on our system was actually the above mentioned capability SID. So this concludes the Account Unknown SID is safe as it is system generated capability SID.
Usually, most of the capability SIDs on Windows can be located here under registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\CapabilityClasses\AllCachedCapabilities
Above mentioned registry location may not contain third-party application based capability SIDs. Microsoft recommends that you don’t erase any of capability SID from registry or your system, otherwise they can’t be restored. For further information, you can check out this official documentation.
That’s it!
![[Latest Windows 11 Update] What’s new in KB5036980?](https://www.kapilarya.com/assets/Windows11-Update.png "[Latest Windows 11 Update] What’s new in KB5036980?")
![[Latest Windows 10 Update] What’s new in KB5036979?](https://www.kapilarya.com/assets/Windows10-Update.png "[Latest Windows 10 Update] What’s new in KB5036979?")
Leave a Reply