HI I noticed that, when I delete a user account in Windows 7 Ultimate 64-bit, some of his security descriptors, as his SID in proprerties of files/folders in the Windows 7 registry, remain in the system. So, how do I delete a user account with all its security descriptors from the system? THANKS BYEBalubeto

This behavior is a design of NTFS file system. We are not able to clear it unless manual deleting them one by one.Arthur Xie - MSFT

erase account completely in windows 7Step 1 Click the "Start" orb and type "accounts" in the instant search box. "User Accounts" appears in the list for you to choose.Step 2 Select "Manage another account".Step 3 Select the name of the account you want to delete.Step 4 Select "Delete the account".Step 5 Select "Delete Files" to completely remove the account and all files associated with it.Step 6 Click "Delete Account". You have successfully deleted an account in Windows 7.For More Information and help related to windows 7 issuesclick hereUnfortunately, with this method, some security descriptors of local user deleted, as the SID for this user, are not deleted completely. Why?THANKSBYEBalubeto

As I mentioned, this is caused by the mechanism of the hard drive file system. You need to manually remove these SID from the permission list.Arthur Xie - MSFT

As I mentioned, this is caused by the mechanism of the hard drive file system. You need to manually remove these SID from the permission list.Arthur Xie - MSFTSo, what command should I use to do this so that I can run it from the directory \?THANKSBYEBalubeto

You can try the command Icacls.exe /remove to remove all granted and denied rights for the SID. Please refer: IcaclsArthur Xie - MSFT

You can try the command Icacls.exe /remove to remove all granted and denied rights for the SID. Please refer: Icacls Arthur Xie - MSFT If, from the administrator command prompt, I run, from the root \, the command icalcs * /remove:g *<Local-user-SID> /T I delete the local user deleted on all files/folders in the operating system? THANKS BYEBalubeto

You can try the wildcard character “*” instead of folders names under a specified directory. I suggest you make a test first. If this method does not work, you may need to change the permission lists for the folders one by one.Arthur Xie - MSFT

You can try the wildcard character “*” instead of folders names under a specified directory. Arthur Xie - MSFT What did you mean by this phrase? Can you give me an example? THANKS BYEBalubeto

For example, after opening “cmd”, open a specified folder in which you would like to change the permission lists for all subfolders. Then enter the following commands. icacls * /remove:g <Sid> /t /c /l /q icacls * /remove:d <Sid> /t /c /l /qArthur Xie - MSFT

For example, after opening “cmd”, open a specified folder in which you would like to change the permission lists for all subfolders. Then enter the following commands. icacls * /remove:g <Sid> /t /c /l /q icacls * /remove:d <Sid> /t /c /l /q Arthur Xie - MSFT Perfect. Now, knowing the user's SID eliminated, there is a command that automatically delete this SID from the registry of Windows 7? THANKS BYEBalubeto

You can try the command reg.Arthur Xie - MSFT

You can try the command reg. Arthur Xie - MSFT Using the reg /query and reg /delete commands, I can find the SID and I can delete all keys or the entries for this SID? If so, as I can do this? THANKS BYE Balubeto

Yes, but I do not recommend you to do that. Just keep the entries in the Registry. That will not effect any usage.Arthur Xie - MSFT