[转载]Hidden Users on Windows(在Windows上隐藏用户)
文章作者:nabiy and stand__sureThis article documents the failure of the User Account Manager in the Windows Control Panel to report interactive logons made with the netapi. This security issue has been verified on Windows 2000 Professional, Windows XP Home, and Windows XP Professional. Microsoft was notified of this issue on July 28, 2005. The problem is not with the netapi or the ability to create users but with the User Account Manager in Windows. It simply fails to list all of the users that are on the system.
This issue was noticed while exploring the netapi on windows - users created with the netuseradd function failed to show up in the User Account Manager (an example follows). The failure to list users made with the netapi presents a problem for obvious reasons; home users and even administrators expect to see all of the users on their system when they manage them from the Control Panel.
The solution in all versions of windows is simple. Do not depend on the User Account Manager when managing user accounts on your system. Instead, users should use the Local Users and Groups management snapin. This is accessible via Control Panel >> Administrative Tools >> Computer Management >> Local Users and Groups. You can also access this snapin by running lusrmgr.msc from the run box.
If you are one of the unfortunate ones stuck with XP Home Edition you don’t have access to the Local Users and Groups management snapin. As an alternative it is possible to list all of the users on your system from the command-line:
C:\net user User accounts for \\XPHOMEBITES ------------------------------------------------------------------ Administrator ASPNET Guest HelpAssistant nabiy SUPPORT_388945a0 The command completed successfully.
When using this method you may see several accounts that you may not have been aware of. Microsoft makes four accounts when you install windows, the Administrator account; the Guest account; the HelpAssistant account; and the Support_388945a0 account. Other accounts may also be present (such as ASPNET) that were installed later and are used for special purposes or development. These are special user accounts and are defined in the following registry:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
If you find an account that should be removed from an XP Home machine you can remove it with the following command: net user ACCOUNTNAME /delete, where ACCOUNTNAME is the name of the account you want to delete.
Hopefully, in future versions of Windows Microsoft will allow users to list all interactive accounts from the control panel. Thanks to the new0rder team for telling me I’m not crazy, testing this, and finding other ‘related’ issues.
nabiy
---
The following examples were used to verify this issue.
Example in cpp:
[code]#include <windows.h>
#include <lm.h>
int main()
{
USER_INFO_1 ui;
DWORD dwLevel = 1;
DWORD dwError = 0;
LPWSTR name = L"hidden";
LPWSTR pass = L"hidden";
ui.usri1_name = name;
ui.usri1_password = pass;
ui.usri1_priv = USER_PRIV_USER;
ui.usri1_home_dir = NULL;
ui.usri1_comment = NULL;
ui.usri1_flags = UF_SCRIPT;
ui.usri1_script_path = NULL;
NetUserAdd(NULL,
dwLevel,
(LPBYTE)&ui,
&dwError);
return 0;
}[/code]
example in VB.NET (calling the API functions) by stand__sure:
[code]Imports System.Runtime.InteropServices
Imports LPWSTR = System.String
Imports DWORD = System.UInt32
Imports LMSTR = System.String
Imports NET_API_STATUS = System.UInt32
Module Module1
Sub Main()
Dim ui As NativeWin32.NetApi32.USER_INFO_1
Dim dwLevel As DWORD = 1
Dim dwError As DWORD = 0
Dim name As LPWSTR = "hidden"
Dim pass As LPWSTR = "H1i2D3D4e5n6"
ui.usri1_name = name
ui.usri1_password = pass
ui.usri1_priv = NativeWin32.NetApi32.USER_PRIV_USER
ui.usri1_home_dir = Nothing
ui.usri1_comment = Nothing
ui.usri1_flags = NativeWin32.NetApi32.UF_SCRIPT
ui.usri1_script_path = Nothing
Dim retval As NET_API_STATUS = NativeWin32.NetApi32.NetUserAdd(Nothing, dwLevel, ui, dwError)
Select Case retval
Case NativeWin32.Errors.NERR_Success
Console.WriteLine("Success")
Case NativeWin32.Errors.ERROR_ACCESS_DENIED
Console.WriteLine("ERROR_ACCESS_DENIED")
Case NativeWin32.Errors.NERR_GroupExists
Console.WriteLine("NERR_GroupExists")
Case NativeWin32.Errors.NERR_InvalidComputer
Console.WriteLine("NERR_InvalidComputer")
Case NativeWin32.Errors.NERR_PasswordTooShort
Console.WriteLine("NERR_PasswordTooShort")
Case NativeWin32.Errors.NERR_UserExists
Console.WriteLine("NERR_UserExists")
Case Else
Console.WriteLine("Error: {0:n}", retval)
End Select
End Sub
Public Class NativeWin32
Public Class NetApi32
Public Const USER_PRIV_MASK As UInt32 = &H3
Public Const USER_PRIV_GUEST As UInt32 = 0
Public Const USER_PRIV_USER As UInt32 = 1
Public Const USER_PRIV_ADMIN As UInt32 = 2
Public Const UF_SCRIPT As UInt32 = &H1
Public Const UF_ACCOUNTDISABLE As UInt32 = &H2
Public Const UF_HOMEDIR_REQUIRED As UInt32 = &H8
Public Const UF_LOCKOUT As UInt32 = &H10
Public Const UF_PASSWD_NOTREQD As UInt32 = &H20
Public Const UF_PASSWD_CANT_CHANGE As UInt32 = &H40
Public Const UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED As UInt32 = &H80
<StructLayout(LayoutKind.Sequential, _
CharSet:=CharSet.Auto)> _
Public Structure USER_INFO_1
<MarshalAs(UnmanagedType.LPWStr)> _
Dim usri1_name As LPWSTR
<MarshalAs(UnmanagedType.LPWStr)> _
Dim usri1_password As LPWSTR
Dim usri1_password_age As DWORD
Dim usri1_priv As DWORD
<MarshalAs(UnmanagedType.LPWStr)> _
Dim usri1_home_dir As LPWSTR
<MarshalAs(UnmanagedType.LPWStr)> _
Dim usri1_comment As LPWSTR
Dim usri1_flags As DWORD
<MarshalAs(UnmanagedType.LPWStr)> _
Dim usri1_script_path As LPWSTR
End Structure
<DllImport("Netapi32.dll", _
CallingConvention:=CallingConvention.Winapi, _
CharSet:=CharSet.Auto, _
SetLastError:=True)> _
Public Shared Function NetUserAdd( _
<[In]()> ByVal servername As LMSTR, _
<[In]()> ByVal level As DWORD, _
<[In]()> ByRef buf As USER_INFO_1, _
<Out()> ByRef parm_err As DWORD _
) As NET_API_STATUS
End Function
End Class
Public Class Errors
'selected error constants
Public Const NERR_Success As UInt32 = 0
Public Const ERROR_ACCESS_DENIED As UInt32 = 5
Public Const NERR_BASE As UInt32 = 2100
Public Const NERR_InvalidComputer As UInt32 = (NERR_BASE + 251)
Public Const NERR_PasswordTooShort As UInt32 = (NERR_BASE + 145)
Public Const NERR_UserExists As UInt32 = (NERR_BASE + 124)
Public Const NERR_GroupExists As UInt32 = (NERR_BASE + 123)
End Class
End Class
End Module[/code]
页:
[1]