As newer versions of Windows become mainstream, it's always a good idea to think about what you might have to do to adapt old habits to new circumstances.

A popular option during an engagement to establish persistence on a host is to simply create a privileged account to work from. However, Windows 10 puts accounts on the lock screen by default, which for obvious reasons should be avoided.

I found an article today that actually talks about how to disable this behavior per-account, which is sweet!

The relevant registry key is

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

To which you'll be adding the new Keys


And then your persistence user as a DWORD with a value of '0'

Voila, hidden account!