Comments (5)
Hi @MPeti1 , thanks for starting the discussion and your attention to the script that I was really not sure of.
It's a controversial user discussed often in context of a backdoor in Windows 10. It's is created by an update and there has never been any official information of its purpose/reason of creation from Microsoft. It gives access to your computer without your control / access so I decided to add it to privacy.sexy. It's however safe to delete 1, 2. As it's safe to delete and only, and it's so controversial I decided to add it to the list.
It was added after a suggestion from a fellow computer forensics contributor:
If somebody is on LTSC 2019 then DefaultUser0 Account is by default created on Installation as telemetry account.
Hence it must be removed . if by default this account is not found on other builds of win10 then it will not affect any functionality of OS & will ignore it
source: github issue
More information:
- Is Windows 10’s ‘Hidden Administrator Account’ a security risk?
- Conspiracy theories regarding NSA collecting data using the user on Microsoft community
Nobody knows exactly why this account is being created or how users can prevent its creation
source: windowsreport.com
Best practice to disable the Administrator account when possible to make it more difficult for malicious users to gain access to the server or client computer.
source: docs.microsoft.com
from privacy.sexy.
Thank you! It now makes sense I think.
I've read a bit, and it seems to be an error that hasn't been fixed for a long time.
The defaultuser0 account has this very long SID: S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681
It (that's invalid to be for a user, if I understand correctly) is actually the SID for an AppContainer capability, readRegistry
.
It usually appears in dcom errors in the event log, because this SID is added to a lot of registry objects as a user having permissions (all permissions) (again, if I understand correctly).
It seems that it's not a user, just a capability for uwp apps (mostly), but for some reason it's treated as one.
Microsoft seems to know about the problem, they promised a fix at least 2 times, but on both occasions the communication has been dropped, it seems.
Here are 2 links that contain some information about this:
https://answers.microsoft.com/en-us/windows/forum/all/defaultuser0-created-on-clean-install-of/e2333e94-ef5f-4932-8754-fd4ce27ae33b?page=13
https://social.technet.microsoft.com/Forums/en-US/3e7d85e3-d0e1-4e79-8141-0bbf8faf3644/windows-10-anniversary-update-the-case-of-the-mysterious-account-sid-causing-the-flood-of-dcom
Both of these are archived to archive.is
Note: the second link may require log in to your MS account (???), but if you use a temporary container in Firefox (there's a plugin to simplify it), then it will work normally. It could also work with just creating a temporary profile in about:profiles too
Well, I think it's best to leave this script available. It's so big of a mistery, that I would say your concern is grounded
from privacy.sexy.
I actually have no idea. But asked the question to the forensic ghost friend. Forwarding is response:
defaultuser1
account is not created by default in any scenario- its user heavily tweaked OS with many tools that's why its created
- if user wants to take a close look then he must be sure which tool has done that
- possible that its an account which will forward logs of user to an attacker according to my consent in this scenario.
His suggestion is to do a clean install from same ISO to same machine & then cross check if that defaultuser1 account still created. He's pretty sure it won't be found. He also recommends to not use many tools but just use a trusted one like privacy.sexy, this way one can work privacy friendly without any doubt that his or her logs of activities are been sent anywhere without his consent.
from privacy.sexy.
Also, why do you think that it's for telemetry? Wasn't able to find anything with a quick search
from privacy.sexy.
At the same time, what do you think about defaultuser1? I only have this. Do you have information about that one?
Edit: if it helps, it's SID is this: S-1-5-21-80563116-3206155393-223495591-1028
from privacy.sexy.
Related Issues (20)
- Recent Windows 11 Security Update marks "privacy-script" as Virus or unwanted Software [BUG]:
- Recent Windows 11 Security Update marks "privacy-script" as Virus or unwanted Software [BUG]: HOT 4
- Am I free to use codes in my projects? HOT 2
- [BUG]: MpTamperPShell.HD marked as trojans with multiple antiviruses. Its in your code... HOT 1
- [BUG]: Wallpaper is no longer cached, and disappears when the original file is deleted HOT 1
- Add Dark Mode to privacy.sexy website HOT 1
- Add an web version install guide HOT 1
- Script suggestion: Block Razer installs HOT 4
- Looking for community feedback: Addressing antivirus false positives for script files on Windows HOT 7
- "Quick access" pins
- AirDrop macOS Sonoma 14.2.1 HOT 3
- To be able to know the enabled state of a feature on the OS HOT 5
- [BUG]: NVidia telemetry - Unable to disable NvTelemetry64.dll HOT 22
- [BUG]: Microsoft Edge still alive after removal HOT 3
- [BUG]: Obsessive notification after disable Windows Defender Firewall HOT 2
- Additional scrtoll bar in window with DPI <> 100% HOT 1
- [BUG]: Just a small bug when you want to change automatic updates to manual updates HOT 4
- Win11: SAC = Smart App Control HOT 6
- [BUG]: Script that breaks calendar in taskbar HOT 1
- [BUG]: XBOX/MICROSOFT LOGIN HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from privacy.sexy.