Create an administrator as a Guest account

Author: Jesse Source: http://thysea.com/lb
As you know, in Windows 2000/XP, if you are an administrator, you can use the Net User account password to change the password even if you do not know the password of other users (administrators. It is said that MS is for the convenience of the user (such as the user forgot the password), in addition, the user can also use the Net Localgroup Administrators account/add command to add accounts to the Administrator group. Qv6

However, if you are not an administrator, such as a Guest account, you may not use the above command on the surface, but you can use it through some channel.

Example: Create an administrator as a Guest account

1. Create a batch file with the following content:

Net user admin/add net localgroup administrators admin/add
The color is 7758.
Save the above batch file as admin. bat.
Note: The above batch file is used to create an admin account (the password is blank ).

2. Use the batch processing file as the startup script for Windows.

1. In the run dialog box, enter gpedit. msc

2. Go to Computer Configuration 1> Windows Settings 1> script (start/stop), double-click Start in the right window, and add the previously created admin. bat to it.

3. restart the computer and the system has an administrator named admin.

The above operations are feasible in Windows 2000/XP, but ensure that the account can access the registry and group policy (the Account creation operation is actually adding the corresponding items and values to the registry ), the default Guest/restricted account in Windows does not have this restriction.

Maybe we don't need to use the Guest account to create an administrator, but imagine if a program can only be executed by the Administrator, can we use the above method to implement it?

Summary: in Windows, the default restrictions on Guest/restricted accounts are only superficial. As an experienced System Administrator, there are still many things to do. At least restricted users should be prohibited from accessing/modifying the registry, group Policy.

Ps: the GUEST account is used to log on to the computer. It is difficult to say that you can only access the computer physically, but only the GUEST ??? Remote GUEST does not have any permissions. Basically, all WEB servers disable GUEST. I want to change my account to a GUEST account. so what the landlord said may be to give us a thought: Improve Permissions