Creating Hidden Users in Windows for Remote Manageability.

Sometimes we need to remotly checkup on our network users using tools such as the Kaspersky Administration Kit, GoverLan, GFI Lan Guard, or the like. Or maybe we need to see what services they are running to check for spyware, or what printers are installed, etc. Well Microsoft has made this a breeze with Active Directory Servers, Domains, and Windows XP Pro and Vista Buisness.

Secret Users?

Hidden Users added secretly... lol

What what if your a growing business and as you grow you realize down the line that the XP Home Dell you got such a good deal on isn’t doing you any favors in tring to set up Access control, Sharing, and connecting to other computers. In other words XP home was called that for a reason. HOME.
So what do you do? Buy new computers? Upgrade the OSes on them all? How about an alternative:
Make an Invisable Backdoor user on all the computers. Ok, obiously there are pros and cons to this approach, but for many, this could be the answer to your IT dreams.
The premise is simple, we will:
  • Create a script to do the dirty work for us.
  • Put on a thumb drive.
  • Install on each machine.
Yes, going to each machine isn’t an attractive idea for any administrator, but neither is going to every machine everytime somthing changes on the network. But the script will cut down Ten Minuets per machine, and best of all you can do it all from notepad!
To Start off, our script will be comprised of a single cmd file with the code

@echo off
set UserID=MySeceretUser
set FullName=Doe, John set Comment=Administrative user
set Password=MySeceretPassword
REM Create the user:
net user "%UserID%" "%Password%" /fullname:"%FullName%" /usercomment:"%Comment%" /add
REM Add him to the Administrators group:
net localgroup "Administrators" "%UserID%" /add
REM Remove account from logon screen:
reg add "HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonSpecialAccountsUserList" /d "%UserID%" /t REG_DWORD /v "0"
Ok after you copy/paste that into a file called CreateBackDoor.cmd you can copy that file to a flash drive. You can/should change the username and password to something that only you know, and don’t e-mail the script to your users or let anyone see it, as they will see the seceret username and password that you’ve made! Now all that is left is to put your flash drive in to each computer and double click it.

  1. Joseph Lee June 7, 2011 at 6:53 pm

    Hey, Thanks for that.

    only thing to note is I had to swap the /d and /v attributes in the reg add line.

    /v is the name given to the registry key and /d is the value of key.

    • +Jason June 9, 2011 at 10:36 pm

      Thanks for the correction! I get a little dyslexic sometimes!

Leave a reply

Skip to toolbar