Author: Lonely Swordsman
We know that in the Windows system of the NT technology architecture, there is a low permission of the system, and we often encounter a shared directory in the Win2000 and XP systems, but others can't access. The main reason is that the system is disabled with the guest account, just enable the account. However, because the existence of the account is often harmful to the security of the system, for example, others secretly activate your guest as a back door account, more concealed, directly cloning into an administrator account, based on most cases, this account is Unnecessary, so we can delete them directly to improve system security, and unfortunately delete direct guest accounts in the Windows system of the NT technology architecture. So is there a way to delete? Yes, there is a gadget called Delguest in Windows NT to delete it directly, the usage is as follows:
C: /> DELGUEST
Delguest v1.2 - Copyright 1999, Arne Vidstrom
-
http://www.ntsecurity.nu/toolbox/delguest/
WRONG OS VERSION - DELGUEST ONLY RUNS ON WINDOWS NT 4.0!
Unfortunately, the tool is only valid for Windows NT4.0 and cannot run in the Win2000 / XP / 2003 system. So can we manually delete a guest account? The answer is yes, we know that the guest account information is stored in the SAM file and the registry. For the SAM file, the system allows us to modify, but I have to delete the Guest's account registration information in the registry, we can achieve the purpose. . The method is as follows (as described as Windows NT and Windows 2000):
C: /> regedit
Open HKEY_LOCAL_MACHINE / SAM / SAM, we will see that there is no information in it, in fact, the main information is that our permissions are not enough. Generally, we are administrator privileges, and in fact, the built-in system of the system is Can be accessed, then how do you open the account information under SAM? Let's turn off the regedit, then execute:
C: /> regedt32
Find the HKEY_LOCAL_MACHINE window, select SAM / SAM, then click the permissions in the menu, then we can see that the Administrators group only has special permissions, but the System account has all control permissions, think about why? It is actually very easy to understand, the SYSTEM account is the account required for the system. Many system kernel procedures and service programs are mostly running with the permissions of the account. If the permissions are too low, I am afraid that our system can't run! Now what we need to do is to change Administrators permissions (must be remembered in advanced options for use) for all control, so we can access the information under SAM. Run REGEDIT again:
C: /> regedit
what! At this time, there is something under HKEY_LOCAL_MACHINE / SAM / SAM, and the step by step has been found:
HKEY_LOCAL_MACHINE / SAM / SAM / DOMAINS / ACCOUNT / USERS / 000001F5 and HKEY_LOCAL_MACHINE / SAM / SAM / DOMAINS / Account / Users / Names / Guest
Delete 000001F5 and Guest, and then exit regedit, regedt32 run again, restore rights to the Administrators sam (remember special permission Administrators do? Must remember ah, really do not remember, then look for other machine systems look the same line, is The same), this is for safety reasons to prevent users from accidentally deleting system accounts. Enter the DOS window:
C: /> NET USER Look, you will see that the big guest is gut, and the user and group viewing of the system manager will not have. This will make fun! In Windows XP and 2003 systems, running regedit and regedt32 seems to be a program. In fact, it is not that you will find more "permission" options in the editing menu, which can be found in Microsoft recognize the previous two programs. Table management is really getting off KZFP.
Need to remind:
1. Don't be familiar with the registry editor, otherwise it may cause the system to crash.
2. You can consider the deleted portion of the deleted portion before deleting the deleted portion to restore.
The way to play in-depth is:
1. Easily delete or change other accounts by editing the SAM information of the registry.
2. Writable programs run with SYSTEM privileges to access SAM information in the registry implementation delete guest.
