從administrators組中刪除guest來賓賬戶時提示無法在內建賬號上執行此操作的解決辦法

科技小能手發表於2017-11-12
從administrators組中刪除guest來賓賬戶時提示無法在內建賬號上執行此操作
我的win2003伺服器曾經殺出過木馬,後來發現guest賬號還會自動開啟
經檢查,guest賬號居然跑到administrators組裡去了。
我用administrator登入後刪除administrators組中的guest賬戶,儲存時提示
無法在內建賬戶上執行此操作
 


 
 
解決辦法:
1.從一臺正常的的win2003上找到HKEY_LOCAL_MACHINESAMSAM,單擊滑鼠右鍵

,在彈出的子選單中選擇許可權 (WIN 2000的作業系統執行regedt32,找到HKEY_L

OCAL_MACHINESAMSAM,選擇 安全→許可權),然後把你現在所使用的使用者新增進

入,並選擇 完全控制,再重新整理一下就可以看到SAM下面的項了。
 
2.到guest賬號對應的000001F5的項,滑鼠右鍵匯出並儲存改檔案,

如guest.reg
 
3.備份有問題的伺服器的登錄檔。
(以防萬一系統崩潰還原)
 
4.把guest.reg複製到出問題的機器上,然後雙擊匯入到登錄檔。

(另方法,把下面的值直接複製過去儲存也可以)
 
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESAMSAMDomainsAccountUsers 00001F5]

“F”=hex:02,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,

  00,00,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,7f,00,00,00,00,00,00,00,00,

  f5,01,00,00,01,02,00,00,15,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,

  00,00,00,b1,d4,61,f5

“V”=hex:00,00,00,00,b0,00,00,00,02,00,01,00,b0,00,00,00,0a,00,00,00,00,00,00,

  00,bc,00,00,00,00,00,00,00,00,00,00,00,bc,00,00,00,22,00,00,00,00,00,00,00,

  e0,00,00,00,00,00,00,00,00,00,00,00,e0,00,00,00,00,00,00,00,00,00,00,00,e0,

  00,00,00,00,00,00,00,00,00,00,00,e0,00,00,00,00,00,00,00,00,00,00,00,e0,00,

  00,00,00,00,00,00,00,00,00,00,e0,00,00,00,00,00,00,00,00,00,00,00,e0,00,00,

  00,00,00,00,00,00,00,00,00,e0,00,00,00,00,00,00,00,00,00,00,00,e0,00,00,00,

  08,00,00,00,01,00,00,00,e8,00,00,00,04,00,00,00,00,00,00,00,ec,00,00,00,04,

  00,00,00,00,00,00,00,f0,00,00,00,04,00,00,00,00,00,00,00,f4,00,00,00,04,00,

  00,00,00,00,00,00,01,00,14,80,90,00,00,00,a0,00,00,00,14,00,00,00,44,00,00,

  00,02,00,30,00,02,00,00,00,02,c0,14,00,44,00,05,01,01,01,00,00,00,00,00,01,

  00,00,00,00,02,c0,14,00,ff,ff,1f,00,01,01,00,00,00,00,00,05,07,00,00,00,02,

  00,4c,00,03,00,00,00,00,00,14,00,1b,03,02,00,01,01,00,00,00,00,00,01,00,00,

  00,00,00,00,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,

  00,00,00,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,24,02,00,00,

  01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,20,

  00,00,00,20,02,00,00,47,00,75,00,65,00,73,00,74,00,00,00,9b,4f,65,67,be,5b,

  bf,8b,ee,95,a1,8b,97,7b,3a,67,16,62,bf,8b,ee,95,df,57,84,76,85,51,6e,7f,10,

  5e,37,62,97,7b,01,02,00,00,07,00,00,00,01,00,01,00,01,00,01,00,01,00,01,00,

  01,00,01,00
 
4.再開啟賬戶管理,從administrators組中即可刪除了。
 
(反正我剛是用以上方法解決的可行的,在網上找了好久。就只有人說禁用guest,可是禁用還可能會被黑客重新開啟,還有就是guest賬號老賴在administrators組裡很礙眼。還有一種就是把guest賬號從登錄檔裡刪除,不過guest賬號再特殊的時候還是有它的用途的,不建議刪除。而且這種種了木馬的你直接從登錄檔裡刪除的話,你再重新開啟我的電腦管理裡的賬戶管理,會每次彈出安全對映之類的報錯。所以再對登錄檔操作之前一定要備份好相應的項,以防萬一時恢復登錄檔。)
 
安全措施:

1.guest賬號禁用。

2.guest賬號和administrator賬號重新命名為自定義名字。

3.給administrator賬號重設一個複雜的密碼

4.檢查系統漏洞並更新補丁。
 
本文轉自 idyllic_cyty 51CTO部落格,原文連結:http://blog.51cto.com/aizzw/305995


相關文章