Virtual machines make Super hidden accounts under the windows

This non-original blog, I will just write something a lot of big brothers to understand a little written out.

The next best experiment in a virtual machine, because you can snapshot ~

Production hide the user can be said that both methods but the same basic operation, so we were one is interspersed with hidden accounts, one is the shadow account

First, in the search input field cmd or win + R, bring up the command line

Establish common account (for test results, and will hide a user to distinguish) under cmd

User name: longshisan001 password: HOWever001

Enter the command: net user longshisan001 HOWever001 / add

Just built is a regular user, we look at (my host named LONGSHISAN, do not be misled)

Enter the command: net user

You can see it has been shown that longshisan001 and two administrator accounts we have just built

Next we come to build a hidden user

User name: longshisan002 password: HOWever002

Enter the command: net user longshisan002 $ HOWever002 / add

Let us look at our current users with the net user in , we can not see our longshisan002 users

Because behind the user name plus the $ symbol represents a hidden user

We can longshisan002 added to the Administrators group (without the shadow of conduct which does not directly jump to the next step)

Enter the command: net localgroup administrators longshisan002 $ / add

By this time we see the administrators group, you can see him

Enter the command: net localgroup administrators

This time you will say, that we do not add the Administrators group do not have no problem?

We find the user points to open the Computer Management Local Users and Groups, you can also see our longshisan002 $ hide the user (Computer Management Right Management is a computer inside) (amount, name too long hidden, and I give him up)

Here we hide the superuser end? NO!

Next we open the registry

Hold down the win + R, bring up the Run box, type regedit to open the registry we can

Found under-MACHINE HKEY_LOCAL SAM under the SAM key, you will find the following content is empty, why is it empty? Because we lack of privilege.

Click the SAM under the SAM Right permission settings

Select Account administrators, full control is provided in the following permissions, determined after application point

After completing the F5 refresh ah, you can see what's inside

We find HKEY_LOCAL-MACHINE / SAM / SAM / Domains / Account / User

We expand User and User under the name registry entries to find longshisan002 $

Came to the Registry Editor "HKEY_LOCAL_MACHINE \ SAM \ SAM \ Domains \ Account \ Users \ Names", the current system, all existing accounts will be shown here, of course, including hidden accounts. Click the hidden accounts "longshisan $", key in on the right shows the "type" of a show as 0x3e9

J next to "HKEY_LOCAL_MACHINE \ SAM \ SAM \ Domains \ Account \ Users \" at the, can be found "000003E9" this one, both of which correspond to each other, hidden accounts "aaa $" all the information in the "000003e9 this one.

Also, you can find the "administrator" account corresponding to the entry for "000001F4".

Then we will "000001F4" F value is copied into the "000003E9" F-value (that is, replace). Save when finished. (Hidden accounts do not go through this step, skip, do not replace)

copy