1. Joined : May 2016
    Posts : 4
    Windows 10Pro
       2 Weeks Ago #1

    Couple questions


    First of all does anyone know a simple way to deny permissions to an unknown user in the registry? S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681 this unknown user has read permissions all through out the registry - I believe this is actually NVIDIA after having read the NVIDIA program files, and watching this behavior for quite awhile. Unfortunately I cannot confirm this theory since we don't have a system with an AMD graphics card. So that would be my second question, possibly could someone confirm whether or not this user appears with an AMD graphics card.


    Strange behavior related to this user: Numerous remote connections, programs blocked in group policy still run, background apps that have been turned off still run, outbound traffic even without an internet connection, spooler sending out data even though no printer installed.

    I managed to stop the remote connections by denying access to this user on some registry keys (namely under local machine controlset services) but I am in the process of denying access to the rest of the keys... Not an easy task this user has permissions on practically all keys in the registry. This "user" is on all 5 of our Nvidia windows pcs - Nvidia and windows being the only commonalities.

    Just to add a little more information, since denying access to the folder localmachine\system\controlset\services to this "unknown account" there has not been a session 2, session 3 nor %s from %S or even @#$% in my eventviewer under terminalservices.

    My windows is fully updated yet these additional sessions were continuing to pop up despite Microsoft's claims to have fixed issues that allow remote connections. For the last 3 days there has not been anything beyond session 1 to appear.

    I would love to know if this is Microsoft (even though their support claims to have no idea what it is) or if it is in fact Nvidia - since Nvidia program files have things like "allow anonymous remote connections" "get_every_known_document_type" and "get_every_known_file_format" in them.
    Last edited by Sonya; 2 Weeks Ago at 14:53.
      My System SpecsSystem Spec


  2. Joined : May 2016
    Posts : 4
    Windows 10Pro
       2 Weeks Ago #2

    Well I have confirmed that this unknown account is indeed Nvidia - now why on earth do we need to allow them access to services and features we have disabled? Let alone why do they need to continue to create remote connections to our pcs without our consent?

    Attached are 2 screen shots one of a brandnew clean install of windows 10 without Nvidia and one if of this laptops registry with Nvidia.
    Click image for larger version. 

Name:	yep yep confirmed.png 
Views:	5 
Size:	102.1 KB 
ID:	111089Click image for larger version. 

Name:	confirmed its Nvidia.png 
Views:	2 
Size:	50.2 KB 
ID:	111090
      My System SpecsSystem Spec


  3. Joined : Jan 2015
    UK, Midlands
    Posts : 6,215
    Win 10 Pro (1607)
       1 Week Ago #3

    Hi, I have an Nvidia card, and confirm I see the same.
    Discussions: (with no really useful outcome) :
    Windows 10 Anniversary Update: The case of the mysterious account SID causing the flood of DCOM errors

    Unknown accounts ? - Windows 10 Forums


    If you run the registry editor as admin, you could do pretty much what you like to that user- example:
    Click image for larger version. 

Name:	Untitled.png 
Views:	1 
Size:	193.7 KB 
ID:	111245

    Speculation:
    Rt clicking an exe offers 'Run with Graphics processor'
    I'm just wondering if there's a connection.
      My System SpecsSystem Spec


  4. Joined : May 2015
    Central IL
    Posts : 2,950
    EL Capitan
       1 Week Ago #4

    Because some Bean Counter thinks that NVidia needed a user to tell them how many "users" are checking for dowloads and updates to the software. Disable can break it. Check NVidia's forums to see if it may be related to their Shield Platform also.
      My System SpecsSystem Spec


 


Similar Threads
Thread Forum
Couple of Build Questions?
So I'm looking to build a PC for a gamer friend. I've built plenty of PC's before, but mostly smaller budget PC's for home use, not much in terms of pure gaming PC. 1. Would it be more beneficial to use an i7-6700K and 16 GB RAM or an...
PC Custom Builds and Overclocking
A Couple Questions About Partitions
Hello forum, I'm a bit of a newbie as far as computers go. I've had this rig currently for about a year and am always messing with it to learn more about computers as I consider it a hobby and learning experience. Today I decided to take a look at...
Drivers and Hardware
couple questions from a win 10 noob
couple questions from a win 10 noob, 1:Back in the day you could right click and pin to your desktop,Now how do I pin a webpage/site to your desktop?I tried right clicking and it pins to the tabs but not the desktop.I want to be able to access my...
General Support
Couple Enterprise questions
2 PCs...1 W10 Pro, the other W10 Enterprise. W10 Pro is on an inferior old laptop and is functioning as intended. W10 Enterprise is on a bigger better desktop and there are two issues at the moment: 1) it is slower than Pro on the older laptop....
General Support
A couple of questions - If I do new download/installtion of Win 10...
Hi Guys, I've been (fairly) happily running Windows 10 since early August, but was thinking of doing a clean install... So I have a couple of questions: 1: If I go to the Microsoft website and download the media creation tool and make a new...
Installation and Setup
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 23:02.
Find Us
Twitter Facebook Google+



Windows 10 Forums