Hiding Windows User Accounts

Interested in creating a hidden local maintenance account for a Windows box? Is easy to do, just go to the registry under HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\SpecialAccounts\UserList, create a new dword and name it the exact same as the account you want to hide. A value of “0” hides the account and a value of “1” displays it at the welcome screen. That’s all it takes. This works the same on a Vista or Win7 box.

Steering Windows User Profiles via the Registry

If you have ever had to join a pre-existing user/profile to a Windows domain, then you certainly know the pain that comes with migrating the old profile. Very few users find new (read clean) profiles very entertaining. So most people copy the contents of the previous profile’s folder to the new one. That approach does work although read/write/in use errors are sure to follow during at least one stage of the transfer.

Many years ago I found a way to accomplish the same thing in a fraction of the time as the old way. If you are responsible for joining systems to domains at any level, this tip will save you valuable time. A typical usage scenario is when you are deploying a domain controller into a network with a pre-existing domain or a small workgroup with no domain.

Open up the registry editor and navigate to the following area: HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ProfileList. You will see several sub keys that are shorter than the rest, ignore these. You need to look at the randomly named keys in the format of S-1- ETC…. Each one of these keys corresponds to a user profile/account. Look for the string value named ProfileImagePath. This is the path to the user profile for that key. Identify the ProfileImagePath of the user that you want and double click it. Copy the entire path, this is important because you have to have the path identically as it appears here. Now, locate the key for the new profile that you want to map or steer to the old profile. Edit the ProfileImagePath for the new profile and paste in the path that you copied earlier. Log off and back on and you are good to go.

A couple of extra tips:
The new user account must have full access to the old profile or the profile will fail to load completely. One of the easiest ways to do this is grant the new account local administrator rights, but let your security conscience decide the best course of action for you.

I typically make the registry changes from the new user account/profile after verifying that I have access to the c:\documents and settings\oldprofile path. After editing the reg as the logged on user, just log off and on.

This has saved me countless time since I found and memorized this registry key. Hopefully it will help you out too.