机器被入侵过,把guest加入了administrators组中去了
想删掉,但是总是报“无法在内置帐户上运行此操作”的错误.
搜索了GOOGLE与百度,还没有发现有人提供完整的解决方案.
打开注册表,找到HKEY_LOCAL_MACHINESAMSAM,单击鼠标右键,在弹出的子菜单中选择 权限 (WIN 2000的操作系统运行regedt32,找到HKEY_LOCAL_MACHINESAMSAM,选择 安全→权限),然后把你现在所使用的用户添加进入,并选择 完全控制,再刷新一下就可以看到SAM下面的项了
再找到HKEY_LOCAL_MACHINESAMSAMDomainsAccountUsers
Names就是你系统内的所有用户,Users是相对应的值
Guest相对应的项一般000001F5
删除下面的两项F,V .
在正常机器上导出这两项的值, 我从win2003导出的如下.可以将它复制另存.
导出方法:在 000001F5 上面右键 导出.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESAMSAMDomainsAccountUsers 00001F5]
"F"=hex:02,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,7f,14,5d,a8,d6,98,de,c8,01,
f5,01,00,00,01,02,00,00,15,02,00,00,00,00,00,00,01,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00
"V"=hex:00,00,00,00,b0,00,00,00,02,00,01,00,b0,00,00,00,0a,00,00,00,00,00,00,
00,bc,00,00,00,00,00,00,00,00,00,00,00,bc,00,00,00,22,00,00,00,00,00,00,00,
e0,00,00,00,00,00,00,00,00,00,00,00,e0,00,00,00,00,00,00,00,00,00,00,00,e0,
00,00,00,00,00,00,00,00,00,00,00,e0,00,00,00,00,00,00,00,00,00,00,00,e0,00,
00,00,00,00,00,00,00,00,00,00,e0,00,00,00,00,00,00,00,00,00,00,00,e0,00,00,
00,00,00,00,00,00,00,00,00,e0,00,00,00,00,00,00,00,00,00,00,00,e0,00,00,00,
08,00,00,00,01,00,00,00,e8,00,00,00,04,00,00,00,00,00,00,00,ec,00,00,00,04,
00,00,00,00,00,00,00,f0,00,00,00,04,00,00,00,00,00,00,00,f4,00,00,00,04,00,
00,00,00,00,00,00,01,00,14,80,90,00,00,00,a0,00,00,00,14,00,00,00,44,00,00,
00,02,00,30,00,02,00,00,00,02,c0,14,00,44,00,05,01,01,01,00,00,00,00,00,01,
00,00,00,00,02,c0,14,00,ff,ff,1f,00,01,01,00,00,00,00,00,05,07,00,00,00,02,
00,4c,00,03,00,00,00,00,00,14,00,1b,03,02,00,01,01,00,00,00,00,00,01,00,00,
00,00,00,00,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,
00,00,00,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,24,02,00,00,
01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,20,
00,00,00,20,02,00,00,47,00,75,00,65,00,73,00,74,00,00,00,9b,4f,65,67,be,5b,
bf,8b,ee,95,a1,8b,97,7b,3a,67,16,62,bf,8b,ee,95,df,57,84,76,85,51,6e,7f,10,
5e,37,62,97,7b,01,02,00,00,07,00,00,00,01,00,01,00,01,00,01,00,01,00,01,00,
01,00,01,00
将它存为 guet.reg , 双击导入.这样再回我的电脑,帐户管理,就可以将guest从administrators组中删除了.
附个小软件:(它也没法直接删除上面碰上的情况)