top of page

Democratic Women's Caucus

Publicยท5 members

How to Delete Orphaned SIDs in ACLs



How to Delete Orphaned SIDs in ACLs




A SID (security identifier) is a unique number that identifies a user, group, or computer account in Windows. Sometimes, when an account is deleted or renamed, the SID remains in the access control list (ACL) of a file or folder, causing an orphaned SID. Orphaned SIDs can cause security issues and clutter the ACLs, so it is recommended to remove them periodically.




Delete orphaned SIDs in ACLs



There are different ways to delete orphaned SIDs in ACLs, depending on the type of resource and the level of access you have. Here are some common methods:


  • Using File Explorer: If you have administrator privileges, you can use File Explorer to browse to the file or folder, right-click and select Properties, then go to the Security tab and remove the undesired user[^1^].



  • Using PowerShell: If you have PowerShell access, you can use the Get-Acl and Set-Acl cmdlets to get and modify the ACLs of a file or folder. You can also use the Remove-OrphanedSidPermission function from the ALITAJRAN module to remove orphaned SIDs from a mailbox[^2^].



  • Using icacls: If you have command-line access, you can use the icacls tool to display and modify the ACLs of a file or folder. You can use the /remove switch to remove a specific SID from an ACL.



For more information on how to delete orphaned SIDs in ACLs, you can refer to the following resources:


  • Can't remove ACL entry that refers to orphaned SID



  • Remove orphaned SIDs with PowerShell - ALI TAJRAN



  • icacls Microsoft Docs