Post by drcard on Dec 2, 2019 19:09:46 GMT -5
Default Hidden Accounts on Your PC
Overview:
Many users are unaware of the hidden accounts that are setup when the user establishes their account on a new PC. These hidden accounts are not active, have no password, have different levels of permissions, and have different purposes. One of these default accounts, named Administrator, has full administrator privileges like the user; plus, has one privilege that the user doesn’t. Because this account has more privileges than the user’s account with administrative rights, it has earned the nickname “Super” Administrator. What follows is how to view all the accounts on your PC, an explanation of those accounts, how to activate the super account, and suggested usage for this super account.
How to View All User Accounts
Since these accounts are not active and are hidden you can’t view them thru the normal Windows settings windows. To view all accounts including inactive and hidden ones, one must use a command in Powershell or Command Prompt. I chose Command Prompt for these instructions, but the commands for Powershell are same as for Command Prompt.
Open Command Prompt as Administrator:
WinKey + R to open Run box.
Type cmd
Ctrl + Shift + Enter to open Command Prompt
Yes to User Account Control query
To see a short list of all accounts, enter the following command:
net_user
Replace underscore(_) with space.
It will respond with User accounts for \\ZZZZ where ZZZZ is the name of your PC. The accounts will be listed in 3 columns. How many accounts display does depend on the version of Windows.
In Windows 10 a sole user should find their account as their username and 4 default, hidden accounts as follows:
Administrator:
This is the “Super” Administrator account mentioned above. This account has full administrative privileges and access. This Administrator account also has privileges above User Account Control which means when this account accesses an application that usually would cause the User Account Control window to open for confirmation, no window will open. Example: The User Account Control window that popped up when you opened the Command Prompt required you had to click Yes before the Command Prompt window opened. If you were logged in as this “Super” Administrator that User Account Control window will not open and the Command Prompt would open without additional confirmation. Troubleshooting and automated processes need to access these types of applications that normally would require manual User Account Control confirmation. This would stop troubleshooting and other automated procedures by waiting on a response. Bypassing these manual confirmations so automated processes can be performed is why this account type was created.
Guest
This is the account you use to have a guest use your PC in a very limited way. This guest account on prior versions was activated in the Windows Accounts settings in Windows. In Windows 10 this account is created by default, set as inactive, and hidden. One must use a command in Command Prompt to activate and use this Guest account.
DefaultAccount
This is a new type of account which is used to allow multi-player games thru the PC or Xbox. These accounts are activated by the software that installs the game interface.
WDAGUtilityAccount
This is a Windows 10 addition for Defender Application Guard, which is involved with Windows Defender protection when using Edge to browse. This account will activate if you decide to use the Windows Defender Application Guard security software provided by Microsoft.
Knowing that these accounts are there is one thing, but if you desire to know more about these accounts (such as verifying that they are inactive); you need to see the full list of the account.
To see a full list of settings for each account enter the following command:
wmic_useraccount_list_full
Replace the underscore(_) with a space.
The screen will return each account with a list of information and settings for each account. Each account’s full list will be separated by several blank lines from the next account’s full list. You will have to scroll in Command Prompt to view each full list.
In the middle of each accounts full list is the Name for that account. Use this to know which account’s list you are viewing.
Look at the setting labeled Disabled=. The setting will be TRUE or FALSE. If this setting is Disabled=TRUE then the account is disabled and inactive. This disabled account can’t sign onto Windows or access any of its components. If this setting is Disabled=FALSE then the account is NOT disabled and is active. This account can sign onto Windows and have access according to the privileges that account was set up with.
Notice the PasswordRequired= setting for the Administrator account…..FALSE. This means this “Super” Administrator account, once activated, can log into your Windows without needing a password and have full administrative privileges. This sounds scary, but only a command in an Administrator Command Prompt can activate this Super Administrator account; AND only a user with administrative privileges can open an Administrator Command Prompt.
Suggestive uses for these default, hidden accounts
I would leave the Guest, DefaultAccount, and WDAGUtilityAccount alone as they will come into play only when you have a need for them and then you will need them to be there. These accounts have limited functions and pose little threat to you and your PC. The Administrator account because of its privileges poses a potential threat. If your PC is hacked under your current account with administrative privileges, the hacker can use those administrative privileges to activate this “Super” Administrator account and create a backdoor into your PC. He could lock you out of your own PC. With administrative privileges the Administrator account can change the password to your user account.
I suggest that you activate this “Super” Administrator account and make it password protected. You own the account which prevents a hacker from owning it. A hacker can’t access the Administrator’s account unless they have the password you created for it. This also creates a backdoor for you. If you ever have a problem with logging in with your user account password, you could log in with this Administrator’s account and change the password for your user account. I don’t suggest using the “Super” Administrator account on a regular basis as User Account Control is a very effective security method to stop online (automated) infections by asking “can I open this app so I can infect you”.
To Activate the Administrator account and Set a Password for it
To activate the Administrator account enter the following command:
net_user_administrator_/active:yes
Replace the underscores(_) with a space.
Command Prompt will indicate if the action was completed
To set a password for the Administrator account
Select a password for this Administrator account that you won’t forget. You may not use it very often.
Enter the following command
net_user_administrator_*
Replace the underscores(_) with a space.
You will be asked to enter the password. Be careful as the password you type in will not show on screen. It looks like nothing is being typed in, but it is. Press the Enter key when you have typed in the password. You will be asked to type the password in a second time. Both password entries must match or you have to repeat the process.
Reboot your PC and you will see the Administrator’s account on the login page. Select it and enter your password you have for this Administrator’s account. It will start up as a new account with all the Windows welcome screens.
If you decide you don’t want the Administrator’s account on the login page, then in an Administrator’s Command Prompt enter this command to deactivate the Administrator’s account:
net_user_administrator_/active:no
Replace the underscores(_) with a space.
Overview:
Many users are unaware of the hidden accounts that are setup when the user establishes their account on a new PC. These hidden accounts are not active, have no password, have different levels of permissions, and have different purposes. One of these default accounts, named Administrator, has full administrator privileges like the user; plus, has one privilege that the user doesn’t. Because this account has more privileges than the user’s account with administrative rights, it has earned the nickname “Super” Administrator. What follows is how to view all the accounts on your PC, an explanation of those accounts, how to activate the super account, and suggested usage for this super account.
How to View All User Accounts
Since these accounts are not active and are hidden you can’t view them thru the normal Windows settings windows. To view all accounts including inactive and hidden ones, one must use a command in Powershell or Command Prompt. I chose Command Prompt for these instructions, but the commands for Powershell are same as for Command Prompt.
Open Command Prompt as Administrator:
WinKey + R to open Run box.
Type cmd
Ctrl + Shift + Enter to open Command Prompt
Yes to User Account Control query
To see a short list of all accounts, enter the following command:
net_user
Replace underscore(_) with space.
It will respond with User accounts for \\ZZZZ where ZZZZ is the name of your PC. The accounts will be listed in 3 columns. How many accounts display does depend on the version of Windows.
In Windows 10 a sole user should find their account as their username and 4 default, hidden accounts as follows:
Administrator:
This is the “Super” Administrator account mentioned above. This account has full administrative privileges and access. This Administrator account also has privileges above User Account Control which means when this account accesses an application that usually would cause the User Account Control window to open for confirmation, no window will open. Example: The User Account Control window that popped up when you opened the Command Prompt required you had to click Yes before the Command Prompt window opened. If you were logged in as this “Super” Administrator that User Account Control window will not open and the Command Prompt would open without additional confirmation. Troubleshooting and automated processes need to access these types of applications that normally would require manual User Account Control confirmation. This would stop troubleshooting and other automated procedures by waiting on a response. Bypassing these manual confirmations so automated processes can be performed is why this account type was created.
Guest
This is the account you use to have a guest use your PC in a very limited way. This guest account on prior versions was activated in the Windows Accounts settings in Windows. In Windows 10 this account is created by default, set as inactive, and hidden. One must use a command in Command Prompt to activate and use this Guest account.
DefaultAccount
This is a new type of account which is used to allow multi-player games thru the PC or Xbox. These accounts are activated by the software that installs the game interface.
WDAGUtilityAccount
This is a Windows 10 addition for Defender Application Guard, which is involved with Windows Defender protection when using Edge to browse. This account will activate if you decide to use the Windows Defender Application Guard security software provided by Microsoft.
Knowing that these accounts are there is one thing, but if you desire to know more about these accounts (such as verifying that they are inactive); you need to see the full list of the account.
To see a full list of settings for each account enter the following command:
wmic_useraccount_list_full
Replace the underscore(_) with a space.
The screen will return each account with a list of information and settings for each account. Each account’s full list will be separated by several blank lines from the next account’s full list. You will have to scroll in Command Prompt to view each full list.
In the middle of each accounts full list is the Name for that account. Use this to know which account’s list you are viewing.
Look at the setting labeled Disabled=. The setting will be TRUE or FALSE. If this setting is Disabled=TRUE then the account is disabled and inactive. This disabled account can’t sign onto Windows or access any of its components. If this setting is Disabled=FALSE then the account is NOT disabled and is active. This account can sign onto Windows and have access according to the privileges that account was set up with.
Notice the PasswordRequired= setting for the Administrator account…..FALSE. This means this “Super” Administrator account, once activated, can log into your Windows without needing a password and have full administrative privileges. This sounds scary, but only a command in an Administrator Command Prompt can activate this Super Administrator account; AND only a user with administrative privileges can open an Administrator Command Prompt.
Suggestive uses for these default, hidden accounts
I would leave the Guest, DefaultAccount, and WDAGUtilityAccount alone as they will come into play only when you have a need for them and then you will need them to be there. These accounts have limited functions and pose little threat to you and your PC. The Administrator account because of its privileges poses a potential threat. If your PC is hacked under your current account with administrative privileges, the hacker can use those administrative privileges to activate this “Super” Administrator account and create a backdoor into your PC. He could lock you out of your own PC. With administrative privileges the Administrator account can change the password to your user account.
I suggest that you activate this “Super” Administrator account and make it password protected. You own the account which prevents a hacker from owning it. A hacker can’t access the Administrator’s account unless they have the password you created for it. This also creates a backdoor for you. If you ever have a problem with logging in with your user account password, you could log in with this Administrator’s account and change the password for your user account. I don’t suggest using the “Super” Administrator account on a regular basis as User Account Control is a very effective security method to stop online (automated) infections by asking “can I open this app so I can infect you”.
To Activate the Administrator account and Set a Password for it
To activate the Administrator account enter the following command:
net_user_administrator_/active:yes
Replace the underscores(_) with a space.
Command Prompt will indicate if the action was completed
To set a password for the Administrator account
Select a password for this Administrator account that you won’t forget. You may not use it very often.
Enter the following command
net_user_administrator_*
Replace the underscores(_) with a space.
You will be asked to enter the password. Be careful as the password you type in will not show on screen. It looks like nothing is being typed in, but it is. Press the Enter key when you have typed in the password. You will be asked to type the password in a second time. Both password entries must match or you have to repeat the process.
Reboot your PC and you will see the Administrator’s account on the login page. Select it and enter your password you have for this Administrator’s account. It will start up as a new account with all the Windows welcome screens.
If you decide you don’t want the Administrator’s account on the login page, then in an Administrator’s Command Prompt enter this command to deactivate the Administrator’s account:
net_user_administrator_/active:no
Replace the underscores(_) with a space.