New
#1
Couple questions
First of all does anyone know a simple way to deny permissions to an unknown user in the registry? S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681 this unknown user has read permissions all through out the registry - I believe this is actually NVIDIA after having read the NVIDIA program files, and watching this behavior for quite awhile. Unfortunately I cannot confirm this theory since we don't have a system with an AMD graphics card. So that would be my second question, possibly could someone confirm whether or not this user appears with an AMD graphics card.
Strange behavior related to this user: Numerous remote connections, programs blocked in group policy still run, background apps that have been turned off still run, outbound traffic even without an internet connection, spooler sending out data even though no printer installed.
I managed to stop the remote connections by denying access to this user on some registry keys (namely under local machine controlset services) but I am in the process of denying access to the rest of the keys... Not an easy task this user has permissions on practically all keys in the registry. This "user" is on all 5 of our Nvidia windows pcs - Nvidia and windows being the only commonalities.
Just to add a little more information, since denying access to the folder localmachine\system\controlset\services to this "unknown account" there has not been a session 2, session 3 nor %s from %S or even @#$% in my eventviewer under terminalservices.
My windows is fully updated yet these additional sessions were continuing to pop up despite Microsoft's claims to have fixed issues that allow remote connections. For the last 3 days there has not been anything beyond session 1 to appear.
I would love to know if this is Microsoft (even though their support claims to have no idea what it is) or if it is in fact Nvidia - since Nvidia program files have things like "allow anonymous remote connections" "get_every_known_document_type" and "get_every_known_file_format" in them.
Last edited by Sonya; 22 Nov 2016 at 14:53.