Problem:
Recently, I saw the username SX $ on the server. Later I learned that the username was hacked, but I could not delete it. The prompt is: the user cannot be deleted and the user does not belong to this group, what should I do?
Answer:
1. Run the regedt.exe Registry Editor in reged.exe, select HKEY_LOCAL_MACHINE → SAM, right-click it, select "permission" in the pop-up menu, and change the permissions of Administrators to full control. Exit Registry Editor.
2. Run regedit again to view
HKEY_LOCAL_MACHINE → SAM → Domains → Account → Users → Names, locate the type value of Server $, delete the corresponding Domains \ Account \ Users and Domains \ Account \ Users \ Names \ Server $ items. Exit Registry Editor.
3. Run regedit again. Similar to step 3, right-click HKEY_LOCAL_MACHINE → SAM and choose "permission" from the pop-up menu to cancel full control permissions of Administrators, changed to only: Write DAC and read control. Exit Registry Editor and restart your computer.