Windows 10 News and info | Forum
August 20, 2019, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
 
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Windows 10 Could Break If Capability SIDs Are Removed From Permissions  (Read 131 times)
javajolt
Administrator
Hero Member
*****
Offline Offline

Gender: Male
United States United States

Posts: 30354


I Do Windows


WWW Email
« on: May 21, 2019, 11:12:56 AM »
ReplyReply

Microsoft issued a warning yesterday stating that removing Windows account security identifiers (SIDS) that do not have a "friendly" name from security permissions could cause problems in Windows and installed applications.

Starting with Windows 2012 and Windows 8, Microsoft introduced a new type of security identifier called capability SIDs that grants a Windows component or UWP app access to particular resources on a computer. These resources could be files, folders, Registry entries, or even devices.

When these types of SIDs are shown in a security access list, they will not be resolved to a friendly name such as TrustedInstaller or System. Instead, they are shown as a long unfriendly and hard to remember a series of numbers and characters as shown below.


Example capability SID in Folder Permissions

According to Microsoft, Windows 10 version 1809 uses more than 300 capability SIDs, with the most commonly used being:

Quote
S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681


Some example of other capability SIDs can be found here.

Removing capability SIDs cause undesirable effects

In a support bulletin posted today, Microsoft has stated that when diagnosing a strange SID in Windows access control lists, you should make sure they are not a capability SID before removing it. This is because removing the SID could cause the application or Windows feature to no longer have access to a resource it requires to properly run.

Quote
DO NOT DELETE capability SIDS from either the Registry or file system permissions. Removing a capability SID from file system permissions or registry permissions may cause a feature or application to function incorrectly. After you remove a capability SID, you cannot use the UI to add it back.


This issue affects Windows 10, Windows 8.1, Windows 8, Windows Server 2016, Windows Server 2012 R2, and Windows Server 2012.

Instead, Microsoft suggests you open the Registry Editor to extract the list of used capability SIDs and search that list for the SID you are investigating. If it is found in the list of capability SIDs, you should not remove it.

To do this, open Registry Editor and go to the following key:

Quote
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\CapabilityClasses


Under that key is a value called AllCachedCapabilities. Double-click on this value to see a list of all currently used capability SIDs.


List of used capability SIDs

Now copy the contents of the value data into a Notepad and search the list of SIDs for the one you are investigating. If this SID is found, do not remove it or it can cause Windows or an app to no longer work properly.

source
Logged



Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page May 21, 2019, 02:14:52 PM