How do Win7 systems get system permissions?

In daily use systems, there are often problems like malicious stubborn programs and inability to delete files, requiring highly privileged operations, losing passwords, and requiring the highest privacy. In this article, you will be taught how to use the Windows 7 Maximum privilege account system to solve all of these problems with TX!

What can system do?

Under non-system permissions, users cannot access certain registry keys, such as

"Hkey_local_machinesam", "hkey_local_machinesecurity" and so on. These items record the core data of the system, but

Some viruses or Trojans often patronize here. For example, under the SAM project to create a hidden account with administrator rights, by default, the administrator by typing "NET user" at the command line or in the "Local Users and Groups" (lusrmgr.msc) is not visible, causing the system a great risk. Under SYSTEM permissions, there is no barrier to access to the registry, all hands are exposed!

Action: Open Registry Manager, try to access Hkey_local_machinesam and hkey_local_machinesecurity

So now, we can have unlimited access without limitation.

Speaking of Windows system, we must all be familiar. But does the computer really have all the rights as a matter of law?

Through the net user command under CMD we can clearly see that in the general system, the existence of permissions have a few

Take my personal computer as an example, I am the Win7 64-bit flagship system, the directory has

Administrator,guest, Zheng, three users of these systems, what are these users doing?

From this one

The figure can be seen clearly (that is, the first floor to draw red circle), the administrator user was opened by me and is in use, then this user is what?

Yes, it's the Super Admin user! However, it is generally closed by default, which is a protection set by Microsoft for user security (open: Enter net user administrator/active:yes in the cmd box to pay attention to spaces, change yes to No to close, But need certain permissions), here in order to avoid trouble I still directly use this user, the general students please do not randomly open oh ~

The first floor picture of the Green circle is the guest user (that is, guest), its main task is to avoid the computer by guests or other people malicious modification can not be set to start, under normal circumstances is opened by default, of course, you can also close it OH

It is also achieved by using the Net User directive (input net user guest/active:no, Ibid.) in the cmd text box

The blue circle in the first floor picture is my own use to execute virtual machines, viruses and other special files created by the user (of course, also more narcissistic), here is not much to do introduction

See here a lot of reader will ask, the title does not get system permissions? How can you not find system users in the net user directive?

That's a good question! But careful users may have discovered the mysterious user and the mysterious authority it has.

Almost all of the core processes of the system are subordinate to this particular mysterious user, so what does it do?

The system user is a machine-managed user set up by Microsoft to prevent the system from being maliciously corrupted and users using System privileges. From power-on to desktop loading is done by it in operation, it can be said that system is the highest ruler of Windows personal system, to RW 0 of the rights controller of the whole machine, The only master (even if you have administrator privileges, the user has a permission level of RW 3, which is far less privileged than system). Since it's the master, why doesn't it have it in the login interface? system error?

The system is not wrong, as the only master how to appear in the system Welcome to the login interface? Have you ever seen a king standing at the castle door smiling and welcoming his subjects?

Since it is the master, how can we these "subjects" to control it?

This is the core of this post.

Solution One: This is a SC command based on the script, the principle is very simple, their own observation you will find that all services are created and run by the system (please own Baidu SC instructions and other related knowledge, this article does not do science)

SC Create supercmd binpath= "cmd/k start" type= own type=

Interact

SC start Supercmd

The beauty of it is that it creates an interactive service that pops up after the startup, and clicks on the display message to go to the desktop from system privileges (but you will find that there is only one command character that belongs to the system instead of the administrator), You can open the desktop by using the System execution Explorer

Scheme One validation: You can use the WHOAMI instruction to authenticate the current user, of course, you can check the HKCU, the method is to HKCU under a new test subkey, and then refresh, and then see if the hkus-1-5-18 under the synchronization of the Test subkey, if it is, Indicates that the system is currently loading the user hive of the systems account

Scenario two: Directly using the cmd command to load the Explorer with System privileges (equivalent to a disguised claim)

Instructions are as follows:

taskkill/f/im Explorer.exe

At time/interactive

%systemroot%explorer.exe

There is a drawback, if you log off the account you are logged in (such as Administrator), then the system will prompt you to have a serious error and in a minute forced reboot

Verify ditto

Option three: Use support tools to extract power (not recommended)

Because this method has more uncertainties, so do not do detailed introduction, also does not provide support tools for the corresponding download address, please carefully operate

Programme IV: Adoption of the right to PsExec

This is a highly recommended scheme for individuals, and is relatively safe. Here we use PsExec and console applications quite fully interactive to achieve the right to claim (and the scheme is basically the same)

The same needs to be done before the explorer, and then rebuilt, so that they get system permissions

taskkill/f/im Explorer.exe

Psexec-i-s-d Explorer

To this end, the tutorial on system introduction and permission acquisition is over!

To access System Restore files:

Description: System Restore is a kind of self-protection measure of Windows System, it establishes "system Colume Information" folder under each root directory, save some system information for System Restore to use. If you do not want to use System Restore, or if you want to delete some of the files under it, this folder has hidden, System properties, and non-system permissions cannot be deleted. If you are logged on with system privileges you can delete it, even if you can create a file underneath it to protect your privacy.

Action: In Explorer, click tools → folder options, and in the Pop-up Folder Options window, switch to

View tab, in the Advanced Settings list, undo the Hide protected operating system (recommended) check box, and then select the Show all files and folders item with hidden files and folders. Then you have unrestricted access to the working directory of System Restore C:system Volume information.

But please do not arbitrarily modify, may cause the system to return the error

Manual antivirus:

Description: Users in the process of using the computer is generally used by the administrator or other administrators

User login, poisoning or after the horse, viruses, Trojans are mostly run by administrator rights. We are in the system after poisoning is generally used anti-virus software to antivirus, if you kill soft paralysis, or anti-virus software can only detect, but can not clear, this time can only shirtless, manual antivirus. Under the Adinistrator authority, if the manual killing for some viruses powerless, generally to boot into safe mode, sometimes even in safe mode can not clean. If you are logged on with system privileges, it is much easier to get a virus.

Operation: Under the system's authority, Taskkill and NTSD command become invincible, can and ark level of tools comparable, but the latter has a certain risk, careful use!

The use of Taskkill and NTSD directives to end the virus process violence, and the use of some kernel-level tools to the target process of the drive, service, callback to the violent destruction also become easy, but to pay attention to identify, newspaper Blue is not my business!

Summary: System permissions are higher than the administrator permissions to the highest privileges, use it to complete a lot of normal circumstances can not complete the task, it has a lot of applications, I do not cite the tip of the iceberg. Remember, the greater the responsibility, the greater the responsibilities, everything has a double-sided, if you can not afford, please put down. If you have to pick it up, use it to do something useful. When the subjects have greater rights than the king, how many people can not do to seek the power of the string of things? Just hope not to use this right to kill innocent people, computers and systems, are our closest friends!