How to add a local account and grant administrator privileges in the Win10 system

How to add an additional local account and grant it administrator privileges under the Win10 system?

This article will introduce the complete operation process.

① Type “Run” in the search box on the taskbar and select the best match, or simply use the Win+R shortcut to call up “Run”.

② In the run box, enter “netplwiz” and click “OK”

③ In the pop-up “User Account” window, select “Add”.

④ In the pop-up blue background and white text page, click on “Do not log in with Microsoft account” in the bottom left corner

⑤ Click on “Local Account”

⑥ According to your own needs, add a username and password (password can be left blank), and click “Next” after adding

⑦ Account addition completed, click “Finish” to exit the page.

⑧ You can see that the new local account has been added in the “User Account” section.

⑨ Grant the account “administrator privileges”, select the account, and click “properties”.

⑩ First select “Group Members”, select “Administrator”, and then click “OK”. At this point, the added account already has administrator privileges.

Win+L shortcut key lock screen, you can select a new account to log in at the bottom left corner of the lock screen page.
Author: Anonymous User
Source: Zhihu
The copyright belongs to the author. For commercial reprints, please contact the author for authorization. For non commercial reprints, please indicate the source.

I reproduced (Win10 15063 x64): If the explorerexe process is terminated and run with administrator privileges, explorerexe will recreate and start this scheduled task to launch a downgraded version of itself, and the process that originally had administrator privileges will exit. I’m not sure if this planned task has any other uses. 1. If UAC is enabled (usually with registry enableLUA=1), when logging in as an administrator account, explorerexe is launched with downgraded privileges. This thing (Explorer) is the desktop icon, taskbar, start menu, folder window, and it is the graphical shell of Windows. Then, when you double-click something, usually Explorer starts a child process (services and scheduled tasks are not), and the inherited token is naturally a filtered token. 2. If UAC is disabled (when entering audit mode or security mode, or when manually setting registry or group policy), the administrator account will not be downgraded to start explorerexe when logging in. Then, double clicking on something inherits the full token and full administrator privileges. 3. If you don’t log in with an administrator account at all, you don’t even need to downgrade privileges. What you inherit is a token without administrator privileges. In the control panel of PS: Win7, pulling “User Account Control” to the bottom and “Never Notify” means completely shutting down UAC and running programs without reducing privileges; After Win8, it has been changed to downgraded operation and silent lifting of rights when the program requires lifting of rights. PPS: Microsoft originally abandoned treatment for UAC – UAC is not a security boundary, and the current situation is already unbearable (it is also being fixed, but not treated as a security vulnerability): hfiref0x/UACME. If you want to defend, please use a standard account, not an administrator account. A. For administrator accounts and UAC enabled situations, specifically: A1. If you double-click on an executable file, such as exe, the system will determine whether to grant privileges based on various factors (such as the two “run as administrator” checkboxes in lnk, file name, whether the vendor matches the system’s built-in compatibility database, right click and directly select run as administrator… etc.). If you believe that privilege is required, consent.exe will appear and a UAC window will pop up. There are more detailed configurations in the group strategy: no pop ups, silent weight lifting; Pop up prompts for password input; Pop up a prompt to confirm (do not enter password, only click “yes”); Use a secure desktop when popping up windows. Well, stingy Microsoft has castrated the group strategy of the home version. However, you can still use the registry (escape). (roast, it seems that there is no simple way to prevent it from popping up and mentioning rights?) Maybe you can read this post: Windows 7, trigger uac dependencies on application name? A2. If the double clicked file is not an executable file, Explorer will check the file association in the registry and start the corresponding program according to the association settings. To determine whether or not to grant authorization, first double-click on the executable file above, and then the program will make its own decision. For example, the program can apply for authorization when it finds that the permissions are insufficient. PS: After the rights are raised, the process restarts, which is different from the interception/release of HIPS. A3. In the right-click menu, there is a “Run as administrator” option. In various third-party software interfaces, a button can also be created to grant permissions upon clicking, or depending on the situation, such as granting permissions when access is denied. A4. Hold down the SHIFT key, and there is also “Run as Other User” in the right-click menu. Then, you need to enter the password for that account. If the username and password of a restricted account are entered, then it is naturally a “downgrade operation”. PS: Both “running as administrator” and “running as other users” have APIs, and calling them correctly can achieve these two goals. A5. Microsoft has also implemented the UIPI mechanism, which roughly means that a downgraded process cannot interfere with the window of a high permission process. Due to this mechanism, the remote assistance of QQ (downgraded) may get stuck when the task manager (elevated) is clicked, and dragging and dropping files may not be responsive. A6. Administrators can forcibly reset the password of any account (which may result in the loss of encrypted data such as the certificate private key and credential manager of that account), but they cannot run as other users directly like Linux. A7. Various ACLs can still be set to deny access to administrator accounts, but administrator accounts can enforce ownership and remove access denial rules. A8. The files of each account (regardless of whether it is an administrator) are not allowed to be accessed by other accounts by default, but administrators can forcibly change the ACL to run their own access. Administrators may also use other lewd means to bypass ACLs. B. If it is an administrator account login but UAC: B1 is not enabled, the program already inherits to the full token, and there is no need to pop up prompts for authorization. B2. Various administrator privileges are available, and access to administrators can still be denied in various ACLs… I won’t repeat that. B3. IE and Office will abandon sandbox (i.e. protected mode/protected view), and UWP/Metro style applications cannot be launched. Chrome, Firefox, and other applications seem to have no such problem. After Win10 15063, this issue seems to have been corrected (perhaps intentionally?). B4. The program can still choose to run with reduced privileges, as seen in Press Explorer and PsExec. C. If it is a restricted account login: C1. The things that can be done are restricted, and access to processes, files, etc. of other accounts is not possible. However, there is no isolation between applications running under the same account, and keyboard recording and remote control trojans can still work. C2. Under standard users, the program can still modify various settings, add self startup items, register explorer plugins, etc., but it does not affect other accounts, only oneself. The administrators who were demoted by UAC are actually the same. C3. When it is necessary to withdraw rights, of course, you cannot simply click “yes” and it is necessary to enter the administrator account password. The group policy can also be configured to directly refuse authorization. For administrator privileges, whether it’s Administrator, SYSTEM, TrustedInstaller, or your own administrator account, you can actually view them like root in Linux, and root can do anything! As can be imagined, with administrator privileges, users can register services/schedule tasks, etc., and then the program can obtain administrator privileges at any time without the need for user consent. Regular software will be used to automatically update and avoid UAC pop ups, improving user experience; Rogue software/Trojans can naturally use these to secretly do bad things. 2. Administrators can also load kernel drivers (DSE is currently a weak point, not a petty one). With a driver, they can directly intercept system calls at the bottom and interfere with various processes – developers can use kernel drivers to do various things, such as monitoring browsers (such as Thunder, IDM), they can create transparent encryption software such as VeraCrypt, network/USB packet capture software such as Wireshark, and can also create freezing point restoration, HIPS systems… I understand HIPS as: kernel drivers can redefine permissions. When opening a file, the NTFS file system driver checks the ACL, and if access needs to be denied, it can return an ERROR-ACCESS-DENIED. What about HIPS? HIPS developers can write a minifilter driver that, once correctly registered, can intercept various file operations. It can also do similar things: return ERROR-ACCESS-DENIED and deny access. You may be able to install an Easy File Locker to experience XOSLAB COM, of course, can also be used by bad people to do evil, such as using it to make kernel level Rootkits, hiding Trojans that administrators cannot detect. Domestic hooligans also use kernel drivers to do dirty things such as locking the homepage and default browser. Sony and Kapoor used kernel drivers to make DRM anti-theft version, but it was too excessive (Rootkit nature, security holes), and was blown out… Tencent used kernel drivers to make a game protection system to counter external/anti-theft numbers, but this thing was also roast by users because it could not move. For those who cheat, of course, they also need to use kernel drivers to combat it. Kernel drivers can also be used to bypass various ACLs and escape the surveillance of ProcMon. Drivers are also the focus of the strong deletion/anti strong deletion struggle (comical): attack and defense confrontation hidden under windbg | Tianrongxin Alpha Laboratory. You can go to the next PCHunter to experience the power of kernel drivers: malware detection and virtual machine shell removal Rootkit detects trojans, but of course, the system turns blue as soon as you notice it, so be prepared (funny). 3. The administrator account can do more sleazy things, such as directly opening lsass. exe – using the famous tool mimikatz, more credentials can be dug up for horizontal infiltration. There are several properties related to administrator permission settings (using Vim as an example): 1. In the Properties section of the shortcut on the desktop (1) Shortcut tab – Advanced, you can check the option to run the shortcut as an administrator, which is a regular file with an extension of. lnk. Clicking on this option will modify one byte of the lnk file – the system will decide whether to grant permission or not based on this. (2) In the Compatibility tab – Settings box, you can check to run this program as an administrator. This is saved in the registry: HKLM or HKCU \ Software \ Microsoft \ Windows NT \ CurrentVersion \ AppCompatFlags \ LayersHKLM is effective for all local accounts, and HKCU is only effective for the current user. The effect of raising rights should be the same as above. (3) The security tab allows you to change groups or usernames (what are these groups and usernames, isn’t it just my account on my computer?), permissions, file properties, security? That is the NTFS ACL, which can control whether to allow/deny certain operations on this file (folder). I won’t mention it, as you can see, the rules can be set very finely, targeting individual users (such as Guest, Administrator, SYSTEM, your own account), a group of users (such as Everyone, Authenticated Users), or a group of users (such as Administrators, Guests, Users, etc.), and can also target specific operations such as read/execute/delete. PS: Actually, there are other things that can be set with ACLs, such as processes, which can be set with ProcExp (for example, game processes refuse to modify their memory with cheats); Even device objects can be set to the ACL of NT objects using WinObj. As a user, you can certainly create a new account, and the control panel simplifies the account into two types: administrator and standard user (restricted user). In addition to the user’s newly created account, there are also built-in accounts in the system, such as Administrator, Local Service, WORK Service, SYSTEM, etc., all of which have specific purposes. For example, TrustedInstaller has very few restrictions when operating files and registry, and is used for installation programs; There is also a built-in administrator, which seems like many people treat it as a super administrator, but in reality, the permissions of the user’s newly created administrator account are the same as it. The built-in administrator should be reserved for use in sysprep/audit mode, security mode, and other situations, not for daily use. 2. The above (2) and (3) settings are included in the gvim.exe attribute. 3. The above (3) settings are included in the * * *. vim file attribute. (2) If running as an administrator is checked in the properties of gvim.exe, whether you double-click on gvim.exe or double-click on a file associated with gvim (opened using gvim), it will be granted permissions (if you don’t want a pop-up, you can adjust it, see the beginning of this answer). (3) The properties of gvim.exe – security, NTFS ACL, have all been mentioned earlier. For example, you can set the file gvim.exe to only run on a certain account, or reject it from running on a certain account – all of these have been mentioned earlier, and it’s clear at a glance. I don’t need to go into too much detail, but I also need to search for the rest to learn and sell it now. Because I am not clear about the entire logic, I manually forced the settings myself. Actually, I don’t know what these settings really mean. It feels messy. I also don’t understand Windows security policies, and I don’t know how to understand many phenomena: for example, mmc.exe, when the administrator runs it, UAC pop ups will always grant permissions. Double clicking on the MSC file, such as Certmgr.msc, seems to be the same; But for standard users, double clicking on Certmgr.msc will not result in a pop-up window for authorization. If a standard user clicks the authorization button, a pop-up window will prompt them to enter the administrator account password. What is the relationship between Windows settings and control panel for Windows 10? I don’t remember where I saw it, it seems like the answer from other close friends is that Microsoft wants to develop Metro style applications (Win8)/UWP applications (Win10), especially Win10. Microsoft hopes that the UWP version of “Computer Settings” can replace the control panel, but this goal has only been partially achieved now. So, you see the current condition of egg pain, and there may be many functions on both sides that are repetitive. Microsoft also semi forced you to abandon the control panel and switch to computer settings by replacing WIN+X menu items and other methods. UWP applications are all running in the Container (as if exceptions were set on the computer), which allows for more detailed permission restrictions on the application – similar to Android/iOS, where each app must apply to the system for anything they want to do, and they are isolated from each other and cannot be peeked at casually. In theory, rogue behavior such as automatic adb when inserting a phone will be curbed, and user privacy will be better protected. Why is there no group or username entry in my computer management system tools? Perhaps it’s because you’re using the home version system (the laptop brand should be pre installed with CoreCountrySpecific, which means Windows 10 Home Chinese version), or Microsoft is cutting corners and cutting off this feature.

Leave a Reply

Your email address will not be published. Required fields are marked *