When a server is infiltrated, we often cannot predict the vulnerabilities that may occur. However, many hackers habitually upgrade the permissions of the Guest account,
Then, access your machine through the password-free Guest account. If you can delete Guest ,,,
It seems easy to say, but when you plan to delete it, you will find that the Guest account is the same as the Administrator account and cannot be deleted.
Of course, this is not impossible. Here is the method:
1. Delete the Guest account in the NT4.0 Environment
It's easy, because there are already ready-made tools written by people.
DelGuest download, http://www.ntsecurity.nu/toolbox/delguest/
I used this tool a long time ago in NT4.0. Although Microsoft does not agree with this method
However, from the information I know, it does not affect the normal operation of the system.
2. Delete the Guest account in the Windows 2 k Environment
There are no ready-made tools, or I haven't found them yet. Haha
Some clues: Windows accounts are stored in HKEY_LOCAL_MACHINESAM,
Directly open the registry, but you cannot open it, even if you are an administrator.
For security, the "SYSTEM" permission is required for access.
The general idea is as follows:
Start the Registry with the "SYSTEM" permission, check the registry key, and delete the account Guest.
First, let's add a scheduled task with AT. Let's take a look AT, OK, set it to one minute and then run it.
Use AT to run with the "SYSTEM" permission.
/Interactive, the purpose is to run the program in interactive interface mode.
While the program is still waiting for scheduling, Let's first look at the Guest account information
Oh, think about it later. It's pretty cool.
OK,. regedt32 is running.
Open the Registry Program
Delete the two phase keys under HKEY_LOCAL_MACHINESAMDomainsAccountUsers.
One is 000001F5 and the other is the Guest under Names.
I don't need to talk about how to delete it.
Then, let's check the account.
Net user guest
No
Okay, that's it.
In win2k domain mode, we recommend that you do not delete the Guest account. I have not tested it and do not know if it will cause any problems.