In windows XP/2003 to view accounts you would go to Computer Management. This would show all LOCAL accounts. But until now ( December 20, 2004 ) it is possible to hide the accounts listed in Computer Management.
IT IS POSSIBE TO HIDE THE ACCOUNTS!
In order to hide these accounts, you must have administrator privileges.
One way as a side note is to logon the computer as SYSTEM.
Once you have the rights you need go ahead and create 2 accounts this is necessary for the exploit/bug to work. ( at least at the time of writing this ) Create 1 account as a junk account that will be corrupted and the other as the account you want to login later as. ( You can create as many accounts as you need or want ) Once you have created the 2 accounts you will need to edit the registry so back it up. If you are reading this then you know how to backup the reg. Anyway you will need to browse to the:
HKEY_LOCAL_MACHINE\SAM\SAM
You will not have access to the SAM, it will say something like no contents found or will just show the default key and that's it. You will now have to set the permission on the SAM keys. Right click the second SAM in the path and choose permissions. Once there you will need to give the administrators account the "Full Control". If this does not work add full control to the next account in the list and so until it allows you to grant the access needed.
Close the registry and reopen it. Wow now you have access to the SAM subkeys!
HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users
Now browse to the path above and find your junk account. (You know the account that is going to be corrupted) Once you have found it right click it and choose permissions. On all the accounts that may be listed you will have to check "Deny" on all options and accounts. I know you are saying wtf? But trust in me as you need "NO" permissions to
Exploit/bug this. Come to think of it why don't you give your self permission to view the security key and any other keys you do not have access too.. ;-) Might wanna check out the security key. Looks interesting to me. (That's just me though)
Once you have "Deny" all the permissions on all accounts right click on the Junk account and choose "DELETE". It will then ask if you are sure, click YES! It will then give an error similar to access denied which is what we are looking for. You will now notice that the junk account is still present but the "default" key is gone. Hmm why did windows let us delete the default key but not the hole account, Hence a bug/exploit. ( you choose which one )
Now reboot the computer...
After reboot, go to Computer Management and look at the user accounts. Should say
"There are no items to show in this view"
No accounts! we are now 98% hidden from the network admin.
Now right click in the blank area and choose new and create a user account. Notice anything? No? well that would be the bug/exploit in effect. When that "default" key was deleted it "temporary" corrupted the view of the Local User Accounts installed window forever until you restore them back which is listed below how to do this. If you go to the groups tab it will show who is part of what. None of the net commands would show the account either. Would give error "Access Denied" as administrator!
To show the accounts again you will need to browse back the HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users and give "Full" permission to the administrator account. If that does not work go down the list giving permission till you can finish. Once you have done this delete the junk account completely. You should have no problems doing this. Now reboot... Ok now look at Computer Management. Wow Accounts are back. Sweet!
Now at the time of writing this I have not tested the ability to hide the groups option.
Now above I said you are now 98% hidden from the network admin. 98% is not good enough. So you can hide the account profile also. This would be for the admin that does not look at the computer management console. In order to hide the profile you will have to edit the registry. ( You where warned above about the registry ) Open registry editor and browse to the: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1390067357-1343024091-682003330-11982*note the numbers will be different on your machine. Just browse up to the numbers and find your own on your computer. Now there is a key in there called "ProfileImagePath" this should point to the %system%\documents and settings\userprofile. Edit the path where you want the profile to be hidden. Ie: c:\windows\system32\Microsoft\protected\user\your profile name here. Once you have done this you will need to move your profile to that location. You will have to logoff if you are logged on as the account you want to move and logon as administrator or an account with enough permissions to move accounts. Once you have moved the account to your location go to the doc and settings folder and make SURE you do not have the old profile there. If you do it will load to that one by default. Make sure also you have the correct path in the "ProfileImagePath" key. If it is wrong there then you will load a new profile back to the docs and settings folder. Reboot and login as the moved account. Everything should look the same but all profile information is now being saved to your hidden profile path instead of the documents and settings folder. The only problem I have encountered doing this was may outlook.pst had to be remapped to the hidden path. I have written other tutorials on how to login as the system. Look for them.
If you want to hide the users from the XP Login screen too, you should add the following registry key to your user:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList\USER=0
IT IS POSSIBE TO HIDE THE ACCOUNTS!
In order to hide these accounts, you must have administrator privileges.
One way as a side note is to logon the computer as SYSTEM.
Once you have the rights you need go ahead and create 2 accounts this is necessary for the exploit/bug to work. ( at least at the time of writing this ) Create 1 account as a junk account that will be corrupted and the other as the account you want to login later as. ( You can create as many accounts as you need or want ) Once you have created the 2 accounts you will need to edit the registry so back it up. If you are reading this then you know how to backup the reg. Anyway you will need to browse to the:
HKEY_LOCAL_MACHINE\SAM\SAM
You will not have access to the SAM, it will say something like no contents found or will just show the default key and that's it. You will now have to set the permission on the SAM keys. Right click the second SAM in the path and choose permissions. Once there you will need to give the administrators account the "Full Control". If this does not work add full control to the next account in the list and so until it allows you to grant the access needed.
Close the registry and reopen it. Wow now you have access to the SAM subkeys!
HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users
Now browse to the path above and find your junk account. (You know the account that is going to be corrupted) Once you have found it right click it and choose permissions. On all the accounts that may be listed you will have to check "Deny" on all options and accounts. I know you are saying wtf? But trust in me as you need "NO" permissions to
Exploit/bug this. Come to think of it why don't you give your self permission to view the security key and any other keys you do not have access too.. ;-) Might wanna check out the security key. Looks interesting to me. (That's just me though)
Once you have "Deny" all the permissions on all accounts right click on the Junk account and choose "DELETE". It will then ask if you are sure, click YES! It will then give an error similar to access denied which is what we are looking for. You will now notice that the junk account is still present but the "default" key is gone. Hmm why did windows let us delete the default key but not the hole account, Hence a bug/exploit. ( you choose which one )
Now reboot the computer...
After reboot, go to Computer Management and look at the user accounts. Should say
"There are no items to show in this view"
No accounts! we are now 98% hidden from the network admin.
Now right click in the blank area and choose new and create a user account. Notice anything? No? well that would be the bug/exploit in effect. When that "default" key was deleted it "temporary" corrupted the view of the Local User Accounts installed window forever until you restore them back which is listed below how to do this. If you go to the groups tab it will show who is part of what. None of the net commands would show the account either. Would give error "Access Denied" as administrator!
To show the accounts again you will need to browse back the HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users and give "Full" permission to the administrator account. If that does not work go down the list giving permission till you can finish. Once you have done this delete the junk account completely. You should have no problems doing this. Now reboot... Ok now look at Computer Management. Wow Accounts are back. Sweet!
Now at the time of writing this I have not tested the ability to hide the groups option.
Now above I said you are now 98% hidden from the network admin. 98% is not good enough. So you can hide the account profile also. This would be for the admin that does not look at the computer management console. In order to hide the profile you will have to edit the registry. ( You where warned above about the registry ) Open registry editor and browse to the: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1390067357-1343024091-682003330-11982*note the numbers will be different on your machine. Just browse up to the numbers and find your own on your computer. Now there is a key in there called "ProfileImagePath" this should point to the %system%\documents and settings\userprofile. Edit the path where you want the profile to be hidden. Ie: c:\windows\system32\Microsoft\protected\user\your profile name here. Once you have done this you will need to move your profile to that location. You will have to logoff if you are logged on as the account you want to move and logon as administrator or an account with enough permissions to move accounts. Once you have moved the account to your location go to the doc and settings folder and make SURE you do not have the old profile there. If you do it will load to that one by default. Make sure also you have the correct path in the "ProfileImagePath" key. If it is wrong there then you will load a new profile back to the docs and settings folder. Reboot and login as the moved account. Everything should look the same but all profile information is now being saved to your hidden profile path instead of the documents and settings folder. The only problem I have encountered doing this was may outlook.pst had to be remapped to the hidden path. I have written other tutorials on how to login as the system. Look for them.
If you want to hide the users from the XP Login screen too, you should add the following registry key to your user:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList\USER=0
