Hiding User Accounts Under Windows XP/2003

Watched swordfish yesterday !!! SUPER movie !!! i like it more and more everytime i see it !!! its just fabulous !!! Came to work on my bro’s bike today, i must say all my fantisies about comin 2 work on my own transport are fast fading into oblivion looking at the traffic in bangalore !!! Its so much more easier in the bus where all u do is sit on the seat and read a novel for 1.5 hrs  (yeah, i stay in rural bangalore). Am fast begining to think that i’d be better off without a bike and all the hassels that go with it.


Bryan Adams is coming to town… i really donno how ppl like this guy. I went to his 1st concert in bangalore and it was so obvious to tell that the guy was lip syncin all his songs while a tape played in the speakers !!! I mean am not prepared to pay a bomb to watch someone stand on stage and take my monkey !!! On that note, some bands sound horrendous when they are ‘live’ on stage.. eg: black eyed peas in LIVE 8.



Also uploading snaps of the AIR SHOW held at Marine Lines,Mumbai on 17th October by the INDIAN AIR FORCE (IAF) and INDIAN AIRLINES.


On a side note, check out what i found on the net !!


Hiding User Accounts Under Windows XP/2003
A Paper written by KingVandal that explains how to hide user accounts in winxp/2003 (http://skitzu.blogspot.com/2006/01/hiding-user-accounts-under-windows.html)


TO YOUR ATTENTION!!!! By reading this you understand and agree that everything that is written in this article is for educational use only, and none of it should be used at any circumsetences, and if you choose to use this information for any kind of action you take full responsibility for it and release Asfaq Tapia and/ or the author of any responsibility. If you do not agree to whats written here, DONT READ ANY FURTHER !!!


In windows XP/2003 to view accounts you would go to Computer Management. This would show all LOCAL accounts. But until now ( December 20, 2004 ) it is possible to hide the accounts listed in Computer Management.


In order to hide these accounts, you must have administrator privileges.One way as a side note is to logon the computer as SYSTEM.Once you have the rights you need go ahead and create 2 accounts this is necessary for the exploit/bug to work. ( at least at the time of writing this ) Create 1 account as a junk account that will be corrupted and the other as the account you want to login later as. ( You can create as many accounts as you need or want ) Once you have created the 2 accounts you will need to edit the registry so back it up. If you are reading this then you know how to backup the reg. Anyway you will need to browse to the:HKEY_LOCAL_MACHINE\SAM\SAMYou will not have access to the SAM, it will say something like no contents found or will just show the default key and that’s it. You will now have to set the permission on the SAM keys. Right click the second SAM in the path and choose permissions. Once there you will need to give the administrators account the “Full Control”. If this does not work add full control to the next account in the list and so until it allows you to grant the access needed.


Close the registry and reopen it. Wow now you have access to the SAM subkeys!HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\UsersNow browse to the path above and find your junk account. ( You know the account that is going to be corrupted ) Once you have found it right click it and choose permissions. On all the accounts that may be listed you will have to check “Deny” on all options and accounts. I know you are saying wtf? But trust in me as you need “NO” permissions toExploit/bug this. Come to think of it why don’t you give your self permission to view the security key and any other keys you do not have access too.. 😉 Might wanna check out the security key. Looks interesting to me. ( That’s just me though )

Once you have “Deny” all the permissions on all accounts right click on the Junk account and choose “DELETE”. It will then ask if you are sure, click YES! It will then give an error similar to access denied which is what we are looking for. You will now notice that the junk account is still present but the “default” key is gone. Hmm why did windows let us delete the default key but not the hole account, Hence a bug/exploit. ( you choose which one )
Now reboot the computer….


After reboot, go to Computer Management and look at the user accounts. Should say“There are no items to show in this view”No accounts! we are now 98% hidden from the network admin.Now right click in the blank area and choose new and create a user account. Notice anything? No? well that would be the bug/exploit in effect. When that “default” key was deleted it “temporary” corrupted the view of the Local User Accounts installed window forever until you restore them back which is listed below how to do this. If you go to the groups tab it will show who is part of what. None of the net commands would show the account either. Would give error “Access Denied” as administrator!

To show the accounts again you will need to browse back the HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users and give “Full” permission to the administrator account. If that does not work go down the list giving permission till you can finish. Once you have done this delete the junk account completely. You should have no problems doing this. Now reboot…. Ok now look at Computer Management. Wow Accounts are back. Sweet!


Now at the time of writing this I have not tested the ability to hide the groups option.
Now above I said you are now 98% hidden from the network admin. 98% is not good enough. So you can hide the account profile also. This would be for the admin that does not look at the computer management console. In order to hide the profile you will have to edit the registry. ( You where warned above about the registry ) Open registry editor and browse to the: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1390067357-1343024091-682003330-11982*note the numbers will be different on your machine. Just browse up to the numbers and find your own on your computer. Now there is a key in there called “ProfileImagePath” this should point to the %system%\documents and settings\userprofile. Edit the path where you want the profile to be hidden. Ie: c:\windows\system32\Microsoft\protected\user\your profile name here. Once you have done this you will need to move your profile to that location. You will have to logoff if you are logged on as the account you want to move and logon as administrator or an account with enough permissions to move accounts. Once you have moved the account to your location go to the doc and settings folder and make SURE you do not have the old profile there. If you do it will load to that one by default. Make sure also you have the correct path in the “ProfileImagePath” key. If it is wrong there then you will load a new profile back to the docs and settings folder. Reboot and login as the moved account. Everything should look the same but all profile information is now being saved to your hidden profile path instead of the documents and settings folder. The only problem I have encountered doing this was may outlook.pst had to be remapped to the hidden path. I have written other tutorials on how to login as th
e system. Look for them.



If you want to hide the users from the XP Login screen too, you should add the following registry key to your user:HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList\USER=0


Leave a Comment