Kaseya Community

How to create a hidden admin account in Vista/Win7

  • When I use 'Create hidden admin account' script (found in samples), on Vista or Win7, the account still shows on the welcome screen. The regkey is not there like it is on XP. Is there a way to modify this script so that it works on Vista and Win7?

    Legacy Forum Name: How to create a hidden admin account in Vista/Win7,
    Legacy Posted By Username: lkelly
  • Check this thread: http://community.kaseya.com/xsp/f/132/t/7920.aspx



    I created user.exe to solve the account creation issue. Let me know if you have any problems.



    Matt

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: connectex
  • Try this:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList\#vAgentConfiguration.credentialName#

    and use a reg_dword value of 0. Now if this is a 64 bit machine you will need to use k2 to set a the value with the new registry setting for 64 bit machines.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: mwolter
  • mwolter
    Try this:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList\#vAgentConfiguration.credentialName#

    and use a reg_dword value of 0. Now if this is a 64 bit machine you will need to use k2 to set a the value with the new registry setting for 64 bit machines.


    This key is apparently ignored in Vista and Win 7. The admin account still appears. Are there any other suggestions?
    -Larry

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: lkelly
  • Larry, this does work on windows vista. Not sure about Win 7 though.

    Make sure you "use credential" before trying to set the registry value.

    I also noticed that there is a space in "userlist" where there shouldn't be.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: mwolter
  • mwolter
    Larry, this does work on windows vista. Not sure about Win 7 though.

    Make sure you "use credential" before trying to set the registry value.

    I also noticed that there is a space in "userlist" where there should be.


    Could be a different issue, Larry can you specify if it's a 64bit or 32 bit machine.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: thirteentwenty
  • Maybe try to add it to the following:

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\

    You will need to create the SpecialAccounts and UserList Keys but I am pretty sure that worked on a couple of our managed machines.

    Edit: So an example script would be:


    Script Name: Hide managed admin account
    Script Description: Hides an account from the userlist on Windows 7 / Vista 64-Bit machines

    IF Test Registry Key
    Parameter 1 : HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node
    Exists :
    THEN
    Get Variable
    Parameter 1 : 2
    Parameter 2 : YOUR_ADMIN_NAME_HERE
    Parameter 3 : #admin#
    OS Type : 0
    Set Registry Value
    Parameter 1 : HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList\#admin#
    Parameter 2 : 0
    Parameter 3 : REG_DWORD
    OS Type : 0
    Write Script Log Entry
    Parameter 1 : #admin# successfully hidden from the logon user list
    OS Type : 0
    ELSE


    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: CeruleanBlue
  • I just ran into a problem creating this key on a Win 7 x64 system. Here's what happens - when a 32 bit application (such as the Kaseya agent) requests access to the registry of a 64 bit machine, the registry call is transparently redirected to the Wow6432Node section. Since native 64 bit apps read directly from the 64 bit registry (no Wow6432Node required), the system doesn't find the key that was created by the 32 bit Kaseya agent. Here's how to sneak past that and write directly to the 64 bit registry with a 32 bit application:

    Since Vista, there is a virtual directory on 64 bit systems that's only available to 32 bit callers - %windir%\sysnative. If you try to change to this directory directly from a 64 bit command shell, it will tell you it can't be found. This is by design. It will, however, work when you reference it from a script executed by the 32 bit agent. This obviously means that you can't use the Set Registry Value script primitive, but you can do an Execute File with %windir%\sysnative\reg.exe as the path, and from there use either ADD or IMPORT.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: sequoya