Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

I was able to create an invisible user in windows 7 and 8.1. The user is not vis

ID: 658326 • Letter: I

Question

I was able to create an invisible user in windows 7 and 8.1.

The user is not visible at the login Screen, I added it to the SYSTEM account group and Remote desktop Users Group, The Administrator can know about this user via Computer management > Users and Groups option and using Net User Command in the shell, This user could not gain SYSTEM privliges though I am trying.

But the question is when I RDP into some host, The Local User does not know it is being RDP'ed.

How will the Administrator know when this invisible user does some malicious activity like deleting a file etc. as it is invisible in event log?

You can also use PsExec using -u and -p option for username "sys" and password "007" to log into invisible user through command shell via your other account, and you can RDP using invisible user that's it. Why do they exist?

Please delete this question if I am wrong and I don't know enough, I want to know from experts like you.

Explanation / Answer

You are wrong. It still shows up in the event logs and the computer knows if it is an RDP session. You can see that there is an active RDP connection if you have the right tools up as well. What you are talking about isn't an "invisible user", it's a service user, and it is an intentionally designed feature of Windows, not a security hole. You just aren't familiar enough about working with them and where they are logged. Service users actually make Windows more secure because they allow automated processes to be configured with the least permissions they need without compromising the account credentials and access of the user account. They also allow for services to be configured to run on a users behalf without having to give the user deeper levels of access to the system.

Additionally, if a user could access your computer well enough to establish a user like that, there is no reason they would need to create a user. Loading a rootkit or a remote access trojan would allow for control of the user's computer without leaving a user account behind. Some activity would possibly still end up in event logs for a simple remote access trojan, but a decent root kit could even subvert the system logging.

The attack scenario you describe is not a particularly viable attack scenario and isn't a security flaw, but rather a designed feature of Windows, implemented to improve security.

Related Questions

I want toprogram that if I choose\"1\" then ask the user to load the value at in
Question #3610306
I want toprogram that if I choose\"1\" then ask the user to load the value at in
Question #3610307
I want very very short answer by typing please because sometimes I can’t underst
Question #2266247
I want very very short answer by typing please because sometimes I can’t underst
Question #2266248
I want writing letter to Galfar Eng &Contg(project manager( to support our Altad
Question #2312965
I want you to Read intensively at least 10 papers and give me a summary for ever
Question #666829
I want you to Read intensively at least 10 papers and give me a summary for ever
Question #666830
I want you to Read intensively at least 10 papers and give me a summary for ever
Question #666831
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
I was able to correctly find that the slope of the line is 0.167 and that the in
Next
I was able to do a and b. I\'m not sure how to go about part c. I saw some one a

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.