: Recently, I found this user account server$ in the company's server. It is estimated that it is regarded as a broiler …… This account does not belong to any group, does not belong to GUESTS, also does not belong to ADMINISTRATORS, but the permissions are administrator privileges. Then I delete this account, but the problem is that it can't be deleted (but can be renamed and disabled), the prompt says "User does not belong to this group", the same prompt is deleted under CMD. I tried to add Server$ to other groups, then open the "Properties" dialog box, click to switch to "Subordinate to", which is still empty. I thought it might be changed in the registry, you can find in the registry that there is no key value under sam. How can I delete this account? ? ? Answer: 1. Run the regedt.exe registry editor, select HKEY_LOCAL_MACHINE→ SAM→ SAM, click the right mouse button, select “License” on the pop-up menu, and change the permissions of Administrators to full control. Exit Registry Editor. 2. Run regedit again to view HKEY_LOCAL_MACHINE→SAM→SAM→Domains→Account→Users→Names, find the type value of Server$, delete the corresponding items in Domains\\Account\\Users and Domains\\Account\\Users\\Names \\Server$ item itself. Exit Registry Editor. 3, run regedit again, similar to step 1, select HKEY_LOCAL_MACHINE→ SAM→ SAM, click the right mouse button, select "ldrights" on the pop-up menu, cancel the full control permissions of Administrators, only: write to DAC And read control. Exit the Registry Editor and restart your computer. The server was invaded and I don’t want to say more about it recently. . . Recently, I found that there are several user accounts in a server, such as server$, admin$, etc., which are estimated to have been attacked. They are treated as broilers …… These accounts do not belong to any group, and are not GUEST. It does not belong to ADMINISTRATOR, but the authority is the administrator's authority. When I delete these accounts, I can't delete them (but can be renamed and disabled), and the prompt says "Users don't belong to this group", and the same prompt is used to delete them under the CMD with the Net user command. I tried to add Server$ to other groups, then open the "Properties" dialog box, click to switch to "Subordinate to", which is still empty. How can I delete this account? ? ? Note: Be sure to find the corresponding 0000xxx which is the same. Remember that they will be in trouble. Run regedt32.exe, find the HKEY_LOCAL_MACHINE table on the local machine, select SAM-SAM, right click, select permissions, change the permissions of Administrators to full control (in “Advanced). Run regedit to view the type value of Domains\\Account\\Users\\Names\\Server$ in the SAM and delete the corresponding entries in Domains\\Account\\Users and the Domains\\Account\\Users\\Names\\Server$ entry itself; back to regedt32 , restore sam-sam permissions: write DAC and read control. Restart the system to get it. -------------------------------------------------- -------------------------------------------------- ------ If you are a network administrator, please keep a good habit of checking the server account frequently. If you see an unfamiliar account and find that the account does not belong to any user group, then congratulations You, your administrator account may have been cloned, the user is likely to have the server's super-administrator rights, because that is the account created by cloning the sam information of your super-acute account, the user does not belong to any user group, the user When deleting the user under the manager or command line, it will prompt “User does not belong to this group”, the correct deletion method is as follows: Run the registry editor, expand HKEY_LOCAL_MACHINE\\SAM\\SAM, right click, select permissions, change Administrators Permission is full control. After refreshing, expand Domains\\Account\\Users\\Names\\ under the item, delete the unfamiliar account under the subkey and the corresponding items in Domains\\Account\\Users; return, delete the administrator in Under HKEY_LOCAL_MACHINE\\SAM\\SAM Permissions. Restart the system to get it. Add it, so that everyone can answer, it is possible to delete some accounts in the registry, I think everyone wants to know, I will give you a second look, 1. In cmd, enter regedt32 to improve the sam/sam folder. Permissions (in the menu "Security"), raised to the current user full control, turn off (or do regedit HKEY_local_machine\\sam\\sam is not authorized to view!). 2. Enter regedit HKEY_local_machine\\sam \\sam\\domains\\account\\users\ ames\\ that black account, delete it, look at the corresponding folder before deleting, delete it under HKEY_local_machine\\sam\\sam\\domains\\account\\users.