Create a hidden superuser for Windows

        I think everyone is familiar with regedit.exe, but can't set permissions on the registry key. The biggest advantage of regedt32.exe is the ability to set permissions on the registry key. The account information of nt/2000/xp is under the HKEY_LOCAL_MacHINESAMSAM key of the registry, but other users except the system user SYSTEM have no right to view the information inside, so I first set the SAM key to me with regedt32.exe. Full control" permission. This will read and write the information in the SAM key. The specific steps are as follows:

1. Suppose we log in to the broiler with terminal service as the super user administrator. First create an account under the command line or in the account manager: hacker$, here I am at the command line. Create this account net user hacker$ 1234 /add

2. At the start/run, type: regedt32.exe and press Enter to run regedt32.exe.

3, click "Permissions" will pop up the window point to add the account when I log in to the security bar, here I am logged in as the administrator, so I will add administrator, and set permissions For "full control." Here you need to explain: It is best to add the account you are logged into or the group where the account is located, and do not modify the original account or group, otherwise it will bring a series of unnecessary problems. If you hide the super user, you can delete the account you added here.

4, then click "Start" → "Run" and enter "regedit.exe" Enter, start the registry editor regedit.exe. Open the key: HKEY_LOCAL_MAICHINESAMSAMDomainsaccountusernameshacker$"

5. Export the items hacker$, 00000409, and 000001F4 to hacker.reg, 409.reg, 1f4.reg, and edit these exported files with Notepad. Copy the value of the key "F" under the item 000001F4 corresponding to the superuser, and override the value of the key "F" under the item 00000409 corresponding to the hacker$, and then merge the 00000409.reg with the hacker.reg.

6, execute net user hacker$ /del in the command line to delete the user hacker$: net user hacker$ /del

7. In the regedit.exe window, press F5 to refresh, then hit the file - Import the registry file and import the modified hacker.reg into the registry.

8. At this point, the hidden superuser hacker$ has been built, then close regedit.exe. In the regedt32.exe window Change the HKEY_LOCAL_MacHINESAMSAM key permission back to the original state (just delete the added account administrator).

9. Note: After the hidden super user is built, the user in the account manager cannot see the hacker$. Use "net user" on the command line I can't see it, but after the super user is established, I can't change the password any more. If you use the net user command to change the password of the hacker$, then the hidden superuser will be seen again in the account manager, and Can't delete.