Tha*_*Guy 6 windows permissions active-directory
It's not uncommon to see entries in Windows ACLs (NTFS files/folders, registry, AD objects, etc.) with the name "Account Unknown (SID)". Obviously these are because of old AD users or groups which at some point had permissions manually configured on the relevant object and have since been deleted.
Does anyone know if it is safe to remove these "Account Unknown" ACEs?
My gut feeling is that it should be just fine, but I'm wondering if anyone has any past experiences where doing this has caused trouble?
Normally I just ignore these, but the company I'm working at now seems to have an abnormal number of these, most likely due to past admins' inexperience with AD/Windows and assigning permissions to user accounts rather than groups in all sorts of weird places.
FWIW,我们的环境并不复杂,一个域林,3 个站点中的 4 个 DC,所有网络连接和复制都正常,所以我确定这些“帐户未知”条目确实是旧帐户,而不仅仅是因为某些无法将 SID 解析为人类可读的名称。
Chr*_*s S 10
只要您没有连接问题,是的,删除它们是安全的。请务必小心,因为如果 Windows 无法连接到 AD,或者如果您有多个域,则可能需要一些时间来跨越域边界等,因此 Windows 将显示“帐户未知”。
| 归档时间: |
|
| 查看次数: |
14032 次 |
| 最近记录: |