首页 > 电脑应用 > 删除administrator组中的guest用户

删除administrator组中的guest用户

2010年4月18日
跳到评论

昨天登录服务器,发现机器被入侵过,已经被当成肉鸡了,而且留了后门,把guest加入了administrators组中去了。想删掉,但是总是提示“无法在内置帐户上运行此操作”的错误,郁闷之极。

搜索了半天,总算找到了解决方案,备忘如下:

1、打开注册表,找到HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users

如果没有,需要先找到HKEY_LOCAL_MACHINE\SAM\SAM,单击鼠标右键,在弹出的子菜单中选择权限 (WIN 2000的操作系统运行regedt32,找到HKEY_LOCAL_MACHINE\SAM\SAM,选择 安全→权限),然后把你现在所使用的用户添加进入,并选择 完全控制,再刷新一下就可以看到SAM下面的项了。

Names就是你系统内的所有用户,Users是相对应的值。Guest相对应的项一般000001F5,删除下面的两项F,V。

2、在正常机器上导出这两项的值, 我从win2003导出的如下,可以将它复制另存。

导出方法:在 000001F5 上面右键,选导出。

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\000001F5]
“F”=hex:02,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,7f,14,5d,a8,d6,98,de,c8,01,\
f5,01,00,00,01,02,00,00,15,02,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00
“V”=hex:00,00,00,00,b0,00,00,00,02,00,01,00,b0,00,00,00,0a,00,00,00,00,00,00,\
00,bc,00,00,00,00,00,00,00,00,00,00,00,bc,00,00,00,22,00,00,00,00,00,00,00,\
e0,00,00,00,00,00,00,00,00,00,00,00,e0,00,00,00,00,00,00,00,00,00,00,00,e0,\
00,00,00,00,00,00,00,00,00,00,00,e0,00,00,00,00,00,00,00,00,00,00,00,e0,00,\
00,00,00,00,00,00,00,00,00,00,e0,00,00,00,00,00,00,00,00,00,00,00,e0,00,00,\
00,00,00,00,00,00,00,00,00,e0,00,00,00,00,00,00,00,00,00,00,00,e0,00,00,00,\
08,00,00,00,01,00,00,00,e8,00,00,00,04,00,00,00,00,00,00,00,ec,00,00,00,04,\
00,00,00,00,00,00,00,f0,00,00,00,04,00,00,00,00,00,00,00,f4,00,00,00,04,00,\
00,00,00,00,00,00,01,00,14,80,90,00,00,00,a0,00,00,00,14,00,00,00,44,00,00,\
00,02,00,30,00,02,00,00,00,02,c0,14,00,44,00,05,01,01,01,00,00,00,00,00,01,\
00,00,00,00,02,c0,14,00,ff,ff,1f,00,01,01,00,00,00,00,00,05,07,00,00,00,02,\
00,4c,00,03,00,00,00,00,00,14,00,1b,03,02,00,01,01,00,00,00,00,00,01,00,00,\
00,00,00,00,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,\
00,00,00,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,24,02,00,00,\
01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,20,\
00,00,00,20,02,00,00,47,00,75,00,65,00,73,00,74,00,00,00,9b,4f,65,67,be,5b,\
bf,8b,ee,95,a1,8b,97,7b,3a,67,16,62,bf,8b,ee,95,df,57,84,76,85,51,6e,7f,10,\
5e,37,62,97,7b,01,02,00,00,07,00,00,00,01,00,01,00,01,00,01,00,01,00,01,00,\
01,00,01,00

3、将它存为 guest.reg, 双击导入,这样再打开帐户管理,就可以将guest从administrators组中删除了。

原创文章,转载请注明: 转载自感叹忽然的部落格

本文链接地址: 删除administrator组中的guest用户

随机日志

电脑应用
«
»
评论 ( 0 )
订阅这里的评论 Trackback 留言
  1. 还没有评论
评论提交中, 请稍候...

留言

您需要登录之后才能发表评论,如果您还没有账号,请先注册
可以使用的标签: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
Trackbacks & Pingbacks ( 0 )
显示/隐藏 列表
  1. 还没有 trackbacks
企业即时通讯