For my next trick I will make a user account disappear, yet remain a full functioning account. Today's Security Tip is another way to lock down your system, and it does this by hiding specified user accounts. This feature is only available in XP and 2000, so unfortunately the rest of you are out of luck. This process does involve an easy registry edit, but if you're uncomfortable with that you might want to think twice about attempting this.
Normally when you log into XP, you see the startup screen where you see all the icons for the users who can access. What this tip does is allow you to hide a desired account from this screen. If you want to log on as this user you have to press Cntrl+Alt+Del twice at the Welcome screen to make a Windows Security dialog box appear. Here you can type in the user name and password of the hidden account and log in. Limited Users shouldn't be able to see any sign of you except for the listing in the Documents and Settings folder. Other administrative users will be able to see your hidden account in Control Panel/User Accounts, so keep this in mind when you're planning this out.
All right, now down to the good stuff. If having a hidden account sounds like your cup of tea, and you have no problem with small Registry augmentation, then let's go:
* First we need to open up the Registry Editor. Go to Start/Run and type "regedit" and click OK
* You should be looking at the Registry editor, and what we need to do now is navigate to H-KEY\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\Userlist . You will not see this folder if you do not have "show hidden system files" turned on.
* Once here we need to create another DWORD value. This is easier than it sounds, right click on the User list label file on the left side of the screen and select New>DWORD . You'll see the new entry in the right pane of the window, rename this value the name of the user account you want hidden (exactly how it is listed in the Startup screen, case sensitive) and leave the value at 0.
* Close your Registry Editor and restart the PC. When the Welcome screen comes up you'll notice that there's no icon for the user you just concealed. So how do you log in? This is where you press Cntrl+Alt+Del 2x's and the Windows Security Dialog box will come asking you to authenticate (name/password) after this the system should log you in.
Here's one more thing you might want to keep in mind, Windows logon screen. This is the screen where you see the available users you can choose to log in as. You can turn this option on/off in the User Accounts ( Start/Control Panel/User Accounts then "Change the way Users log in or off" and "Use Windows Welcome Screen" and you need to turn it off if you plan on using a hidden account and there are no other accounts on the system. The reason why is that the Windows doesn't have any user accounts to display in the Welcome screen, so it will continuously reboot. Now if you do run into this or any problems simply enter Safe mode at the next boot, this will allow you to go to the User Accounts Window and fix any problems. If you find that you can't log in at all with your hidden account go back and look at the registry value you created. Make sure you're spelling the user name is correct and that it's in the right location in the registry.
Normally when you log into XP, you see the startup screen where you see all the icons for the users who can access. What this tip does is allow you to hide a desired account from this screen. If you want to log on as this user you have to press Cntrl+Alt+Del twice at the Welcome screen to make a Windows Security dialog box appear. Here you can type in the user name and password of the hidden account and log in. Limited Users shouldn't be able to see any sign of you except for the listing in the Documents and Settings folder. Other administrative users will be able to see your hidden account in Control Panel/User Accounts, so keep this in mind when you're planning this out.
All right, now down to the good stuff. If having a hidden account sounds like your cup of tea, and you have no problem with small Registry augmentation, then let's go:
* First we need to open up the Registry Editor. Go to Start/Run and type "regedit" and click OK
* You should be looking at the Registry editor, and what we need to do now is navigate to H-KEY\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\Userlist . You will not see this folder if you do not have "show hidden system files" turned on.
* Once here we need to create another DWORD value. This is easier than it sounds, right click on the User list label file on the left side of the screen and select New>DWORD . You'll see the new entry in the right pane of the window, rename this value the name of the user account you want hidden (exactly how it is listed in the Startup screen, case sensitive) and leave the value at 0.
* Close your Registry Editor and restart the PC. When the Welcome screen comes up you'll notice that there's no icon for the user you just concealed. So how do you log in? This is where you press Cntrl+Alt+Del 2x's and the Windows Security Dialog box will come asking you to authenticate (name/password) after this the system should log you in.
Here's one more thing you might want to keep in mind, Windows logon screen. This is the screen where you see the available users you can choose to log in as. You can turn this option on/off in the User Accounts ( Start/Control Panel/User Accounts then "Change the way Users log in or off" and "Use Windows Welcome Screen" and you need to turn it off if you plan on using a hidden account and there are no other accounts on the system. The reason why is that the Windows doesn't have any user accounts to display in the Welcome screen, so it will continuously reboot. Now if you do run into this or any problems simply enter Safe mode at the next boot, this will allow you to go to the User Accounts Window and fix any problems. If you find that you can't log in at all with your hidden account go back and look at the registry value you created. Make sure you're spelling the user name is correct and that it's in the right location in the registry.
No comments:
Post a Comment
Comment here