Re: Users, Groups & Built-in Security Principles
From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 05/15/04
- Next message: Roger Abell: "Re: error message ( vbscript) browser doesn't trust site"
- Previous message: Rohai: "Using a non-administrator acct wont launch icq on my computer"
- In reply to: Jodip: "Users, Groups & Built-in Security Principles"
- Next in thread: jodip: "RE: Users, Groups & Built-in Security Principles"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 15 May 2004 05:26:52 -0700
I will add a little to what Shenan has provided . . .
-- Roger Abell Microsoft MVP (Windows Server System: Security) MCSE (W2k3,W2k,Nt4) MCDBA "Jodip" <anonymous@discussions.microsoft.com> wrote in message news:8AB7FAAA-4B13-491F-BC38-B259B4D18B8A@microsoft.com... > G'day all, > > My F-I-L (father-in-law) recently dropped his PC over for some well needed maintenance. Unfortunately, the machine was pretty badly infected with a myriad of trojans, worms, virus', malware..... everything you could imagine that has done the rounds in the last 2 years, he had! > > The machine is now free of all the nasties but the evidence of them having been there remains (eg user names). > > When bringing up a list of what name (RDN's) exist in the User, Group and Objects pane this is what remains: > > ANONYMOUS LOGON > BATCH > DIALUP > Help Assistant > Help Services Group > INTERACTIVE > NETWORK > NETWORK SERVICE > REMOTE INTERACTIVE LOGON > SERVICE > SUPPORT_388945a0 > TERMINAL SERVER USER > CREATOR GROUP > CREATOR OWNER > The above are all, except for > Help Assistant > Help Services Group > SUPPORT_388945a0 built-in principals of one type or another They are not actual accounts, but rather (most of them) placeholders used to grant specific things to the actual account in use if it meets specific criteria. The three I exempted are accounts (or a group) that are part of the initial install. The accounts can be disabled without ill effect provided that the remote assistance is not to be used. > I'm not sure if they are all meant to be in that list, but he would like them gone (of course there are more in the list and he is happy with those that have his name in them!). How can I delete them? He is running XP Home and as far as I can see there is nothing like an ACL where you can delete these profiles or user names. Can anyone help me with this? SFS doesn't allow the names to be deleted from the list and I cant see how to, using WMI (if you can at all with WMI). Am I missing something? (bah all you smarties out there, don't say a brain!) > Any non-built-in account or group can be deleted with Wmi > Another question: > > $LDR$ > $WIN_NT$.~BT > > are these required for XP? If not how in the heck do I manually delete them? I have reset attribs and deleted, but on re-start they magically appear again? Would there/could there be a registry entry that reinstates these that I can disable, change the value of, etc? > > > Last one!: > > In the list of users at the welcome screen is there any registry settings that would allow a user to be hidden ie Administrator? I would still like it to be available but not openly obvious to my F-I-L as I know he will be in there exploring! This logon mostly contains all the AV and AT programs I've just paid a motza for! > visibility on the Welcome screen is controlled by reg entries (this is what TweakUI manipulates) at HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList > Any help at all would be wonderful! > >
- Next message: Roger Abell: "Re: error message ( vbscript) browser doesn't trust site"
- Previous message: Rohai: "Using a non-administrator acct wont launch icq on my computer"
- In reply to: Jodip: "Users, Groups & Built-in Security Principles"
- Next in thread: jodip: "RE: Users, Groups & Built-in Security Principles"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
