How to get system permissions for win7 system?

In daily use systems, there are often problems like malicious stubborn programs and the inability to delete files, high-privilege operations, lost passwords, and the highest level of privacy. In this article, you will be taught how to use Windows 7 highest privilege account system to solve all such problems of TX!

What can system do?

Under non-SYSTEM privileges, users cannot access certain registry keys, such as

“HKEY_LOCAL_MACHINE\\SAM”,“HKEY_LOCAL_MACHINE\\SECURITY”etc. These items record the core data of the system, but some viruses or Trojans often visit here. For example, to create a hidden account with administrator privileges under the SAM project, by default, the administrator can't type "<quo;net user" in the command line or in the "local user and group" (lusrmgr.msc) Seen, it caused a lot of hidden dangers to the system. Under the "SYSTEM" permission, there is no obstacle to the access of the registry, all the black hands are exposed!

Operation: Open the registry manager, try to access HKEY_LOCAL_MACHINE\\SAM and HKEY_LOCAL_MACHINE\\SECURITY So now, we You can access unlimitedly without restriction. Speaking of the windows system, everyone must be familiar. But is the computer legally a property of everyone, does it really have all the rights?

The net user command under cmd can clearly see that in the general system, there are several permissions exist

to me Personal computer as an example, I am win7 64-bit flagship system, the directory has administrator, GUEST, Zheng Chi, the three system users, then what are these users?

From this

diagram, it can be clearly seen (that is, the red circle is drawn on the first floor), the administrator user is opened by me and is in use, then this user is doing What about it? That's right, it's a super administrator user! However, it is generally turned off by default. This is a protection measure set by Microsoft for user security. (Open the way: enter net user administrator /active:yes in the cmd box, note the space, and turn yes to no to close, but Need some permission), here to avoid trouble, I still use this user directly, the average student please do not open it at will~

The green circle on the first floor is the guest user (that is, guest), it The main task is to prevent the computer from being modified by the guest or other personnel and unable to start the setting. Generally, it is enabled by default, and of course it can be turned off. Also use the net user command (enter net user guest /active:no in the cmd text box, same as above)

The blue circle on the first floor is my own virtual machine, Users created by special files such as viruses (of course, more narcissistic), there is not much to introduce here

When you see many of the officials here, you will ask, is the title not to get system permissions? How can I not see the system user in the net user command? good question! However, careful users may have discovered this mysterious user who has no trace of it and its mysterious permissions.

Almost all system core processes are affiliated with the special mystery of system. User, then what is it doing?

system user is a machine-managed user set up by Microsoft to prevent the system from being maliciously damaged and users use the system permission. The boot from the boot to the desktop is operated by it. It can be said that system It is the supreme ruler of the Windows personal system, with the RW 0 privilege controller the entire machine, the only master (even if you have administrator privileges, but the user's privilege level is only RW 3, the privilege is far less than the system). Since it is the dominator, why is there no in the login interface? The system is wrong?

There is no mistake in the system. How can it appear as the only master in the system welcome login interface? Have you seen a king standing at the gate of the castle smiling and welcoming his subjects?

Since it is the master, how can we let these "subjects"

This is the core content of this post

Scenario 1: This is a script based on the sc command. The principle is very simple. You will find that all services are discovered by yourself. System created and run (please use Baidu sc instruction and other related knowledge, this article does not do science)

sc Create SuperCMD binPath= "cmd /K start" type= own type=

Interact

sc start SuperCMD

The wonderful thing about it is that it creates an interactive service. After launching, it will pop up the intersection service detection. Click on the display message to enter the system permission. Desktop (but you will find that there is only one command symbol belonging to system instead of the administrator command), you can open the desktop by executing the explorer system.

Scenario One verification: You can use the whoami command to the current The user can verify, of course, you can also check HKCU by adding a new Test sub-item under HKCU, then refreshing, and then see if the Test sub-item appears synchronously under HKU\\S-1-5-18. If yes, Note that the system is currently loading the SYSTEM account. User Configuration Unit

Scenario 2: Directly use the cmd instruction to load the explorer with system privileges (equivalent to disguised privilege)

The instructions are as follows:

taskkill /f /im Explorer.exe

at time /interactive

%systemroot%\\explorer.exe

This has a disadvantage if you log out of the account you are logged in to (eg administrator) ), then the system will prompt you to make a serious error and force a restart in one minute

Verify the same as above

Scenario 3: Use Support Tools to raise the power (not recommended)

Because This method has more uncertain factors, so it will not be described in detail, and the corresponding download address of Support Tools is not provided. Please operate carefully.

Scenario 4: Lifting rights through psexec

This is an individual. A highly recommended solution is safer. Here we use psexec to achieve full escalation with the console application (essentially the same as scenario 1)

You also need to first destroy the explorer, and then rebuild it to get system permissions

taskkill /f /im explorer.exe

psexec -i -s -d explorer

At this point, the tutorial on system introduction and permission acquisition is over!

Access to the system restore file:

Description: System restore is a self-protection measure of the windows system, it creates a "System Colume Information" folder in each root directory, save some System information is used for system recovery. If you don't want to use "System Restore", or if you want to delete some files under it, this folder has hidden, system properties, and non-SYSTEM permissions cannot be deleted. If you log in with SYSTEM privileges, you can delete it arbitrarily. You can even create a file under it to protect privacy.

Operation: Click on the <quo;Tools & Rarr; Folder Options> in the Explorer, and switch to

“View” in the pop-up "Folder Options" window. Label, undo the "Hide protected operating system (recommended)" checkbox in the "Advanced settings" list, then "Hide files and folders" & "Select all files and folders" & rdquo ;item. Then you can access the system restore C:\\System Volume Information without restrictions~

But please don't modify it, it may cause the system to return the error

Manual Antivirus:

Description: Users generally use the Administrator or other administrators to log in with the

user during the process of using the computer. After poisoning or Chinese, the virus and Trojan are mostly run with administrator privileges. . After the system is poisoned, we usually use anti-virus software to kill the virus. If your killing is soft, or the anti-virus software can only be detected, but it can't be removed, then you can only go bare-chested and manually kill the virus. Under the Adinistrator permission, if the manual killing is incapable of some viruses, it is generally necessary to boot into the safe mode, and sometimes it can not be cleaned even in the safe mode. If you log in with SYSTEM privileges, it is much easier to kill the virus.

Operation: Under the authority of system, taskkill and ntsd instructions become very invincible, comparable to ark-level tools, but the latter has certain risks, use with caution!

Using taskkill and ntsd commands to violently end the virus process, and with some kernel-level tools, it is easy to violently destroy the driver, service, and callback of the target process, but pay attention to the identification, report blue It's not my business~

Summary: System privilege is the highest privilege of the system than the Administrator privilege. It can be used to accomplish many tasks that cannot be completed under normal circumstances. There are still many applications. The example is not the tip of the iceberg. Remember, the greater the right, the greater the responsibility, and everything has a double-sidedness. If you can't afford it, please let go. If you have to pick up, use it to do useful things. When a subject has a greater right than the king, can there be a few people who can do nothing to seek power? Just hope that we should not use this right to kill innocents, computers and systems are our closest friends!