hafa
asked on
Deleting Guest account in XP pro
As title.
Even administrator can't do that, so what good is admin right ?
back to the topic, disable it will not satisfy me, Because I know how to
reset it to working account, I need it to be deleted.
Any comments or question will be appreciated.
Even administrator can't do that, so what good is admin right ?
back to the topic, disable it will not satisfy me, Because I know how to
reset it to working account, I need it to be deleted.
Any comments or question will be appreciated.
Hey,
you should also remember, that deleting Guest account may cause problems in windows xp,
because some of proggies and network tools use it.
you should also remember, that deleting Guest account may cause problems in windows xp,
because some of proggies and network tools use it.
ASKER
Thanks, sheharyaarsaahil, but it does not work on sp2 (like everything else)
i was hoping to find a less painful way to do this, little tweak on registry is fine..
Beem4n, caution noted. it shouldnt be any problem on my machine, mine is just a env. for my vm
i was hoping to find a less painful way to do this, little tweak on registry is fine..
Beem4n, caution noted. it shouldnt be any problem on my machine, mine is just a env. for my vm
Hi again,
you should do the next:
1. backup your registry
2. remove the following in registry:
HKEY_LOCAL_MACHINE\SAM\SAM \Domains\A ccount\Use rs\000001F 5
HKEY_LOCAL_MACHINE\SAM\SAM \Domains\A ccount\Use rs\Names\G uest
3. reboot
just tested on my winxp pro sp2 english
you should do the next:
1. backup your registry
2. remove the following in registry:
HKEY_LOCAL_MACHINE\SAM\SAM
HKEY_LOCAL_MACHINE\SAM\SAM
3. reboot
just tested on my winxp pro sp2 english
You need to Boot to Safe mode and Log as Administrator.
1. Click "Change an account" in the "Pick a task" list box.
2. Click the account that you want to change.
3. Select the item that you would like to change:
Click "Delete the account" to delete the user account from the computer. When you delete the account, you are given the
option to save the user's files on the computer.
If this does not worK, disable the GuesT account and then try Deleting it.
Note: You can not delete the account for a user that is currently logged on to the computer.
1. Click "Change an account" in the "Pick a task" list box.
2. Click the account that you want to change.
3. Select the item that you would like to change:
Click "Delete the account" to delete the user account from the computer. When you delete the account, you are given the
option to save the user's files on the computer.
If this does not worK, disable the GuesT account and then try Deleting it.
Note: You can not delete the account for a user that is currently logged on to the computer.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks for your promptly response, beem4n.
did not succeed, but getting there. on user account home screen, Guest is dissappear, admin has big rectangular box all the way across. i was happy for a moment, then after reboot i saw it Guest on welcome screen with admin. quickswitch enabled. guest was on the list, AND with a password (how the hell did it gain a password??) i guess that part of registry on SAM is messed up. then went into computer management, local users, guest properties, it gives me this message- "internal error with the account ERROR E0019", try set password, hit the wall too. ah. that was something, so now it exists but does not exist...hmm, seen that before.. Right, linux partitioin
did not succeed, but getting there. on user account home screen, Guest is dissappear, admin has big rectangular box all the way across. i was happy for a moment, then after reboot i saw it Guest on welcome screen with admin. quickswitch enabled. guest was on the list, AND with a password (how the hell did it gain a password??) i guess that part of registry on SAM is messed up. then went into computer management, local users, guest properties, it gives me this message- "internal error with the account ERROR E0019", try set password, hit the wall too. ah. that was something, so now it exists but does not exist...hmm, seen that before.. Right, linux partitioin
If you wouldnt find any new solutions,
i suggest you to rename guest account in local security and then disable it.
Also you can set it a very long password, more than 15 chars. So it wouldnt be available in LanMan format, so if
you guest account will be enabled it will be impossible for an attacker to bruteforce it in small time.
i suggest you to rename guest account in local security and then disable it.
Also you can set it a very long password, more than 15 chars. So it wouldnt be available in LanMan format, so if
you guest account will be enabled it will be impossible for an attacker to bruteforce it in small time.
ASKER
beem4n. just exchange this info with ya.
Password(s), user name(s), whatsoever.
because whatever you set, whatever long it is, will be cracked eventually
countless method out in the open, even i know a few, could pass that gate
slave drive, password overwrite, ms password recovery, and tons of other bootdisks
my reason why want to rid of guest, is to set some limitation, so at least one less hole in my system
anyway, theres a known way to see Guest account gone, bug i have to reinstall from scratch, set account in wme, kill guest account, upgrade to w2k, then xp pro. that will take a solid 2 hours.
and i would rather tweak with registry now.. :)
your help is greatly appreciated
Password(s), user name(s), whatsoever.
because whatever you set, whatever long it is, will be cracked eventually
countless method out in the open, even i know a few, could pass that gate
slave drive, password overwrite, ms password recovery, and tons of other bootdisks
my reason why want to rid of guest, is to set some limitation, so at least one less hole in my system
anyway, theres a known way to see Guest account gone, bug i have to reinstall from scratch, set account in wme, kill guest account, upgrade to w2k, then xp pro. that will take a solid 2 hours.
and i would rather tweak with registry now.. :)
your help is greatly appreciated
Re,
try the following:
1. backup your registry
2. remove the following in registry:
HKEY_LOCAL_MACHINE\SAM\SAM \Domains\A ccount\Use rs\000001F 5
HKEY_LOCAL_MACHINE\SAM\SAM \Domains\A ccount\Use rs\Names\G uest
HKEY_LOCAL_MACHINE\SAM\SAM \Domains\B uiltin\Ali ases\Names \Guests
HKEY_LOCAL_MACHINE\SAM\SAM \Domains\B uiltin\Ali ases\00000 222
HKEY_LOCAL_MACHINE\SAM\SAM \Domains\B uiltin\Ali ases\Membe rs\S-1-5-2 1-19579944 88-1364589 140-839522 115\000001 F5
S-1-5-21-1957994488-136458 9140-83952 2115 - this string may differ, important is last: \000001F5
3. reboot
Think, this should work ;)
try the following:
1. backup your registry
2. remove the following in registry:
HKEY_LOCAL_MACHINE\SAM\SAM
HKEY_LOCAL_MACHINE\SAM\SAM
HKEY_LOCAL_MACHINE\SAM\SAM
HKEY_LOCAL_MACHINE\SAM\SAM
HKEY_LOCAL_MACHINE\SAM\SAM
S-1-5-21-1957994488-136458
3. reboot
Think, this should work ;)
ASKER
looked into khey folder, under sam there were nothing.
http://www.geocities.com/sony22lcd/untitled.JPG
did add stuff to it earlier, and now end up nothing.
http://www.geocities.com/sony22lcd/untitled.JPG
did add stuff to it earlier, and now end up nothing.
I don't suppose that using gpedit.msc and just renaming the guest account (under Computer Configuration\Security Settings\Local Policies\Security Options\Accounts: Rename guest account) would help at all. It could then be justa disabled account with any name you want? You still can't delete it easily but at least nobody knows what it's called.
Cheers
Julian
Cheers
Julian
Hafa,
dont know why your SAM table is empty,
i give up ;)
dont know why your SAM table is empty,
i give up ;)
ASKER
try me best too. luck will knock my door soon.
Try this utility from NTSecurity:
http://ntsecurity.nu/toolbox/delguest/
But i would not recommend deleting guest account because it might bring side-effects to the system. Read the FAQ for more information.
http://www.jsiinc.com/SUBJ/tip4800/rh4894.htm
http://ntsecurity.nu/toolbox/delguest/
But i would not recommend deleting guest account because it might bring side-effects to the system. Read the FAQ for more information.
http://www.jsiinc.com/SUBJ/tip4800/rh4894.htm
ASKER
delgust.exe works on NT5.0 only. xp are 5.1
Try this....
HKEY_LOCAL_MACHINE\SAM\SAM \Domains\A ccount\Use rs\000001F 5
Double-click "V" then make your way to "Offset 0178" and replace the number "47" with "42".
Then go and have a look at Control Panel\User Accounts
All this does is hide the Guest Account from view. It is not possible to Delete the Guest account. Thanks
Cheers
Sinu
HKEY_LOCAL_MACHINE\SAM\SAM
Double-click "V" then make your way to "Offset 0178" and replace the number "47" with "42".
Then go and have a look at Control Panel\User Accounts
All this does is hide the Guest Account from view. It is not possible to Delete the Guest account. Thanks
Cheers
Sinu
ASKER
Everything under SAM is gone, thats why I end up with 1 account viewable in users accounts menu. but somehow it shows up on quickswitch welcome screen with a godknowswhat password. worst comes to worst, i'll install from scratch
point value raised to 400
point value raised to 400
to get around this Delete the default registry and copy snapshot files.
Boot to Recovery Console.
At the Recovery Console command prompt, type the following lines, and then press the <Enter> key after you type each line:
del c:\windows\system32\config \sam
del c:\windows\system32\config \security
del c:\windows\system32\config \software
del c:\windows\system32\config \default
del c:\windows\system32\config \system
copy c:\windows\tmp\_registry_m achine_sof tware c:\windows\system32\config \software
copy c:\windows\tmp\_registry_m achine_sys tem c:\windows\system32\config \system
copy c:\windows\tmp\_registry_m achine_sam c:\windows\system32\config \sam
copy c:\windows\tmp\_registry_m achine_sec urity c:\windows\system32\config \security
copy c:\windows\tmp\_registry_u ser_.defau lt c:\windows\system32\config \default
Type exit and press the <Enter> key to quit the Recovery Console.
The computer will restart.
Boot to Recovery Console.
At the Recovery Console command prompt, type the following lines, and then press the <Enter> key after you type each line:
del c:\windows\system32\config
del c:\windows\system32\config
del c:\windows\system32\config
del c:\windows\system32\config
del c:\windows\system32\config
copy c:\windows\tmp\_registry_m
copy c:\windows\tmp\_registry_m
copy c:\windows\tmp\_registry_m
copy c:\windows\tmp\_registry_m
copy c:\windows\tmp\_registry_u
Type exit and press the <Enter> key to quit the Recovery Console.
The computer will restart.
Just dsiable it if it bother you that much. Why go through all this headache
ASKER
because i can enable your guest account from 500 different ports.
Hi Hafa,
OK. The best way to delete the guest account is:
1. In Control Panel (Start>Control Panel), goto Administrative Tools.
2. Double Click on Computer Management.
3. In the System Tools list, open the sub list Local Users & Groups, click on Users.
4. You'll see the Guest account in the other list. Right click on it and select Delete. Click on Yes if appears.
-a7a1986-
OK. The best way to delete the guest account is:
1. In Control Panel (Start>Control Panel), goto Administrative Tools.
2. Double Click on Computer Management.
3. In the System Tools list, open the sub list Local Users & Groups, click on Users.
4. You'll see the Guest account in the other list. Right click on it and select Delete. Click on Yes if appears.
-a7a1986-
ASKER
Not solved. but i hate to leave a hanging case, so there goes your points.
run regedit and go to HKEY_LOCAL_MACHINE\SAM\SAM \Domains\A ccount\Use rs\000001F 5
change the 47 to 42 to hide account.
To delete account all together you will need to delete the Data Value from the Binary Name "V" then copy and paste this reg file info into Notepad, save it onto your Desktop as NoGuest.reg and double-click it:-
--------------------Copy and Paste within the lines--------------------- ------
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SAM\SA M\Domains\ Account\Us ers\000001 F5]
"V"=hex:00,00,00,00,b0,00, 00,00,02,0 0,01,00,b0 ,00,00,00, 0a,00,00,0 0,00,00,00 ,\
00,bc,00,00,00,00,00,00,00 ,00,00,00, 00,bc,00,0 0,00,70,00 ,00,00,00, 00,00,00,\
2c,01,00,00,00,00,00,00,00 ,00,00,00, 2c,01,00,0 0,00,00,00 ,00,00,00, 00,00,2c,\
01,00,00,00,00,00,00,00,00 ,00,00,2c, 01,00,00,0 0,00,00,00 ,00,00,00, 00,2c,01,\
00,00,00,00,00,00,00,00,00 ,00,2c,01, 00,00,00,0 0,00,00,00 ,00,00,00, 2c,01,00,\
00,00,00,00,00,00,00,00,00 ,2c,01,00, 00,00,00,0 0,00,00,00 ,00,00,2c, 01,00,00,\
08,00,00,00,01,00,00,00,34 ,01,00,00, 04,00,00,0 0,00,00,00 ,00,38,01, 00,00,04,\
00,00,00,00,00,00,00,3c,01 ,00,00,04, 00,00,00,0 0,00,00,00 ,40,01,00, 00,04,00,\
00,00,00,00,00,00,01,00,14 ,80,90,00, 00,00,a0,0 0,00,00,14 ,00,00,00, 44,00,00,\
00,02,00,30,00,02,00,00,00 ,02,c0,14, 00,44,00,0 5,01,01,01 ,00,00,00, 00,00,01,\
00,00,00,00,02,c0,14,00,ff ,ff,1f,00, 01,01,00,0 0,00,00,00 ,05,07,00, 00,00,02,\
00,4c,00,03,00,00,00,00,00 ,14,00,1b, 03,02,00,0 1,01,00,00 ,00,00,00, 01,00,00,\
00,00,00,00,18,00,ff,07,0f ,00,01,02, 00,00,00,0 0,00,05,20 ,00,00,00, 20,02,00,\
00,00,00,18,00,ff,07,0f,00 ,01,02,00, 00,00,00,0 0,05,20,00 ,00,00,24, 02,00,00,\
01,02,00,00,00,00,00,05,20 ,00,00,00, 20,02,00,0 0,01
-------------------End Copy and Paste--------------------- ---------- --
Once this is copied go back to the registry :
HKEY_LOCAL_MACHINE\SAM\SAM \Domains\A ccount\Use rs\Names\G uest
and delete the "Guest" Key.
**BE SURE TO BACK-UP REGISTRY PRIOR TO THE ABOVE** TRY AT YOUR OWN RISK
change the 47 to 42 to hide account.
To delete account all together you will need to delete the Data Value from the Binary Name "V" then copy and paste this reg file info into Notepad, save it onto your Desktop as NoGuest.reg and double-click it:-
--------------------Copy and Paste within the lines---------------------
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SAM\SA
"V"=hex:00,00,00,00,b0,00,
00,bc,00,00,00,00,00,00,00
2c,01,00,00,00,00,00,00,00
01,00,00,00,00,00,00,00,00
00,00,00,00,00,00,00,00,00
00,00,00,00,00,00,00,00,00
08,00,00,00,01,00,00,00,34
00,00,00,00,00,00,00,3c,01
00,00,00,00,00,00,01,00,14
00,02,00,30,00,02,00,00,00
00,00,00,00,02,c0,14,00,ff
00,4c,00,03,00,00,00,00,00
00,00,00,00,18,00,ff,07,0f
00,00,00,18,00,ff,07,0f,00
01,02,00,00,00,00,00,05,20
-------------------End Copy and Paste---------------------
Once this is copied go back to the registry :
HKEY_LOCAL_MACHINE\SAM\SAM
and delete the "Guest" Key.
**BE SURE TO BACK-UP REGISTRY PRIOR TO THE ABOVE** TRY AT YOUR OWN RISK
hmmmmmmmm not a Common and easy thing to do,,,, lots of registry modifications are required.... so if u want to try it, try it on ur own risk and ALWAYS BACKUP UR REGISTRY BEFORE CHANGING IT !!
Hide/delete the Guest Account (WXP)
http://www.winguides.com/forums/showflat.php?Cat=&Board=brdNewTweaks&Number=70039&page=7&view=collapsed&sb=5&part=
!! GOOD LUCK !!