Author: LOOO Source: http: //www.looooo.info/ few nonsense: black base made a finale to my account after cloning, many of my friends to my article valuable advice. Since the original text is written, many places are not rigorous. So I reinited this article, add some information, modified the places where it is not rigorous, and I have a problem welcome to discuss it. Order: I believe everyone has used clone accounts. Whether it is a tool or manual, the clone account is undoubtedly the best choice for hidden accounts. But I see the online article talk about special trouble. This is like this. In fact, the cloning account is simple. That is to copy the registry key of Administrator. This article is for users who have used cloning, not known for the cloning account. I only tell the principles and methods of the following clones. I hope that everyone will be inspired. Principle: Our account has his corresponding key value in the registry, specifically in "[hkey_local_machine / sam / sam / domains / account / users" administrator item is "000001F4" below "F "One is" V ". I am generally cloning all the guest users, so I will take this cloning user to do an example, clone other user methods. The entry of the guest is "000001F5". The items corresponding to other users can be viewed from "[HKEY_LOCAL_MACHINE / SAM / SAM / DOMAINS / ACCOUNT / USERS / NAMES". What we have to do is to copy "f" and "V" value under "1F4" to the corresponding value under "1F5". This is what the cloning account is said. 1 Simple cloning: a, principle: only copy "F" value. Such cloned account concealment is lower than complete clones (it will be said to be said), but it is convenient for yourself. If the manager of the broiler is not too powerful, it is recommended that you use this method. If this cloned user, if the desktop used is, the desktop used is Administrator, that is, you are the same as the file "C: / Documents and Settings / Administrator" in the system. "C: / Documents and Settings / Administrator" and Admin. Not before "C: / Documents and Settings / Guest". But in "Query User" and "Terminal Services Manager", you are still "guest", or use the command "net localgroup administrators" or you can see that guest is administrator, this is what I said. The concealedness is lower than the complete cloning. But under NET, you can't see what the guest users have any questions in user management. B. Specific method: No matter what method you use, see your personal habit, open the "registry" with "system" permissions, I like to use the PSU command format to explain here, the back PID is the system The process of Winlogon's value. Then open [HKEY_LOCAL_MACHINE / SAM / SAM / DOMAINS / Account / Users / 000001F4] Opens the "F" value, then copy it to "f" value of "1F5". Then in the CMD (must), give the guest and then activate the guest account (Net user guest / active: y), then we disable him (net user guest / activ: n) simple! END2 completely cloned A, principle: all replicate "F" and "V" values.
This method cloned two accounts were actually an account in the system, which is the highest, unless you view the professional tool, otherwise there is "Net localgroup administrators". . There is also the most important point. If you go up, on the "Query User" and "Terminal Services Manager", you will display "Administrator", which is fun. :) So we have reached the purpose of super hidden. What I want to explain here is that if you log in with this cloning method, you log in to the interface of Administrator. That is, it is assumed that you can use the cloning account to log in with 3389, when you disconnect the connection, if the administrator is logged in, then he logs in is your conversation! ! The other person who is kept on your session is also seen, because you are now in the same session! And what I am not convenient means this point. But if 3389 is you open, and the administrator will not log in to the server through the distance, then you are cool. Your session is not one. There is also if you cloned the account with a simple cloning method, then you are not a session, your account is still two accounts, you can rest assured. B, specific methods: method and simple cloning. Different are all replicate "F" and "V" values. You can also export [HKEY_LOCAL_MACHINE / SAM / SAM / DOMAINS / Account / Users / 000001F4]. Then edit the exported registry file, change the "000001F4" inside to "000001F5", and then import it in it. Then in the CMD (must), give the guest and then activate the guest account (Net user guest / active: y), then we disable him (net user guest / activ: n) simple! End3 finally reminded. In addition to the establishment, the clon is completed, I need to change the password again. Don't change your password again. Because as long as you change your password, you cloned the account will expose! 4 said these, I hope to have a help to everyone. When it comes to say, I still want to say more, I often see the users who create an administrators group in the back of a server in the back of a server, and seem to be the administrator does not exist, or get a deceived admin $. Class account. What I want to say is that the administrator is not a fool, although the account with "$" is invisible in "Net User", it can be in the user management of computer management, but it is clear. If you think your broiler can stay, then you are smart. I still want to say a few sentences to those administrators. Now everyone's safety awareness has improved, knowing what is playing in time, and knowing the special variations for password settings. But you ignore the security of third-party software. For example, it is harmful to SQL IIS Server-U et al. Security for your computer I think it can be divided into three aspects. The first is the security of the system, which can be solved by simple playing a few patches. The second is to set up the security. You have a strong golden soup system, but you gave the empty password, not laughing, the little black. For this regard, you will make a transformation password, but I want to remind you that you can set a metamorphosis password, but don't write a text, write a text, put your password. I have gone through a machine and entered the vulnerability of third-party software.
