设为首页收藏本站
开启辅助访问

win7、win10、win11,安装系统跳过创建用户,直接启用 Administrator

 您所在的位置:网站首页 win7安装跳过创建账户的方法 win7、win10、win11,安装系统跳过创建用户,直接启用 Administrator

win7、win10、win11,安装系统跳过创建用户,直接启用 Administrator

2024-07-11 17:58| 来源: 网络整理| 查看: 265

Win7:

1、按 Shift+F10 打开 cmd执行这2句命令启用Administrator

代码语言:bash复制net user Administrator /active:yes net user Administrator ""

2、Win+R运行taskmgr.exe 打开任务管理器结束进程 msoobe

3、重启机器

Win10、Win11:

大致原理类似这篇文档https://blog.csdn.net/qq_41086359/article/details/122516325

1、系统进入区域设置起,就可以按下Ctrl+Shift+F3进入审计模式。进入系统之后会弹出一个系统准备工具3.14弹窗,不要点击确定,直接×掉。

2、打开 cmd执行这2句命令启用Administrator

代码语言:bash复制net user Administrator /active:yes net user Administrator ""

3、参考这篇文档,利用advancedrun提权,在提权后的cmd下执行下面命令

利用advancedrun提权,我搞了powershell代码(安装advancedrun,并提权到powershell)

代码语言:powershell复制Set-executionpolicy -ExecutionPolicy Unrestricted -Scope CurrentUser -Force; wget http://www.nirsoft.net/utils/advancedrun-x64.zip -Outfile c:\Users\Administrator\Downloads\advancedrun-x64.zip $7zPath = "$env:ProgramFiles\7-Zip\7z.exe" if (-not (Test-Path -Path $7zPath)) { $client7 = new-object System.Net.WebClient #$client7.DownloadFile('http://windows-1251783334.cos.ap-shanghai.myqcloud.com/7z2301-x64.msi','c:\7z2301-x64.msi') $client7.DownloadFile('http://www.7-zip.org/a/7z2301-x64.msi','c:\7z2301-x64.msi') msiexec.exe /i c:\7z2301-x64.msi /qn Start-Sleep 30 del c:\7z2301-x64.msi 2>$null } & "C:\Program Files\7-Zip\7z.exe" x -aoa "c:\Users\Administrator\Downloads\advancedrun-x64.zip" -o"c:\Windows" "AdvancedRun.exe"

在提权后的窗口里执行下面命令

代码语言:bash复制reg add "HKCU\Keyboard Layout\Preload" /v "1" /d 00000409 /t REG_SZ /f 2>nul 1>nul reg add "HKCU\Keyboard Layout\Preload" /v "2" /d 00000804 /t REG_SZ /f 2>nul 1>nul reg add "HKLM\SYSTEM\Keyboard Layout\Preload" /v "1" /d 00000409 /t REG_SZ /f 2>nul 1>nul reg add "HKLM\SYSTEM\Keyboard Layout\Preload" /v "2" /d 00000804 /t REG_SZ /f 2>nul 1>nul reg add "HKEY_USERS\.DEFAULT\Keyboard Layout\Preload" /v "1" /d 00000409 /t REG_SZ /f 2>nul 1>nul reg add "HKEY_USERS\.DEFAULT\Keyboard Layout\Preload" /v "2" /d 00000804 /t REG_SZ /f 2>nul 1>nul reg add "HKLM\SYSTEM\CurrentControlSet\Control\Keyboard Layout" /v IgnoreRemoteKeyboardLayout /t REG_DWORD /d 1 /f 2>nul 1>nul reg add "HKLM\SYSTEM\CurrentControlSet\Control\Keyboard Layouts" /v IgnoreRemoteKeyboardLayout /t REG_DWORD /d 1 /f 2>nul 1>nul reg add "HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSecondsInSystemClock /t REG_DWORD /d 1 /f 2>nul 1>nul reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSecondsInSystemClock /t REG_DWORD /d 1 /f 2>nul 1>nul reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSecondsInSystemClock /t REG_DWORD /d 1 /f 2>nul 1>nul reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments" /v SaveZoneInformation /t REG_DWORD /d 1 /f 2>nul 1>nul reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments" /v SaveZoneInformation /t REG_DWORD /d 1 /f 2>nul 1>nul rem 以上主要是设置英文键盘为默认输入,这样粘贴代码会方便,其次是显示右下角秒数和去除下载锁定 ren %windir%\system32\oobe\audit.exe audit.exe.bak xcopy %windir%\system32\svchost.exe %windir%\system32\oobe\audit.exe /X /f /i /y echo A | xcopy %windir%\system32\svchost.exe %windir%\system32\oobe\audit.exe /X /f /i shutdown -r -t 0

或者输入以下文本,另存为enableAdministrator.bat双击执行也能达到上述提权替换的目的

代码语言:bash复制reg add "HKCU\Keyboard Layout\Preload" /v "1" /d 00000409 /t REG_SZ /f 2>nul 1>nul reg add "HKCU\Keyboard Layout\Preload" /v "2" /d 00000804 /t REG_SZ /f 2>nul 1>nul reg add "HKLM\SYSTEM\Keyboard Layout\Preload" /v "1" /d 00000409 /t REG_SZ /f 2>nul 1>nul reg add "HKLM\SYSTEM\Keyboard Layout\Preload" /v "2" /d 00000804 /t REG_SZ /f 2>nul 1>nul reg add "HKEY_USERS\.DEFAULT\Keyboard Layout\Preload" /v "1" /d 00000409 /t REG_SZ /f 2>nul 1>nul reg add "HKEY_USERS\.DEFAULT\Keyboard Layout\Preload" /v "2" /d 00000804 /t REG_SZ /f 2>nul 1>nul reg add "HKLM\SYSTEM\CurrentControlSet\Control\Keyboard Layout" /v IgnoreRemoteKeyboardLayout /t REG_DWORD /d 1 /f 2>nul 1>nul reg add "HKLM\SYSTEM\CurrentControlSet\Control\Keyboard Layouts" /v IgnoreRemoteKeyboardLayout /t REG_DWORD /d 1 /f 2>nul 1>nul reg add "HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSecondsInSystemClock /t REG_DWORD /d 1 /f 2>nul 1>nul reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSecondsInSystemClock /t REG_DWORD /d 1 /f 2>nul 1>nul reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v ShowSecondsInSystemClock /t REG_DWORD /d 1 /f 2>nul 1>nul reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments" /v SaveZoneInformation /t REG_DWORD /d 1 /f 2>nul 1>nul reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments" /v SaveZoneInformation /t REG_DWORD /d 1 /f 2>nul 1>nul rem 以上主要是设置英文键盘为默认输入,这样粘贴代码会方便,其次是显示右下角秒数和去除下载锁定 powershell -command "Set-ExecutionPolicy Unrestricted -force" cmd.exe /c "start /w pkgmgr /iu:TelnetClient" netsh advfirewall set allprofiles state off powercfg -s 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c powercfg -x -monitor-timeout-dc 0 powercfg -x -monitor-timeout-ac 0 reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Personalization" /v "NoLockScreen" /d 1 /t REG_DWORD /f reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "DisableLockWorkstation" /d 1 /t REG_DWORD /f reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Authentication\LogonUI\SessionData" /v "AllowLockScreen" /d 0 /t REG_DWORD /f schtasks.exe /create /tn "Microsoft\Windows\nolockscreen" /ru SYSTEM /rl highest /sc ONSTART /tr "reg add 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Authentication\LogonUI\SessionData' /v AllowLockScreen /d 0 /t REG_DWORD /f" /f reg add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "AllowInsecureGuestAuth" /t REG_DWORD /d 1 /f reg add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" /v "RequireSecuritySignature" /t REG_DWORD /d 0 /f reg add "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Lanmanworkstation\Parameters" /v "FileInfoCacheLifetime" /d 0 /t REG_DWORD /f reg add "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Lanmanworkstation\Parameters" /v "FileNotFoundCacheLifetime" /d 0 /t REG_DWORD /f reg add "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Lanmanworkstation\Parameters" /v "DirectoryCacheLifetime" /d 0 /t REG_DWORD /f reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Client for NFS\CurrentVersion\Users\Default\Cache" /v "AttributeTimeDelta" /d 0 /t REG_DWORD /f reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Client for NFS\CurrentVersion\Users\Default\Cache" /v "FileAttributeCache" /d 0 /t REG_DWORD /f reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Client for NFS\CurrentVersion\Users\Default\Cache" /v "RemoteWriteCache" /d 0 /t REG_DWORD /f cmd.exe /c "cscript /nologo %windir%/system32/slmgr.vbs -skms kms.03k.org:1688" cmd.exe /c "cscript /nologo %windir%/system32/slmgr.vbs -ato" net accounts /lockoutthreshold:0 rem 以上主要是设置powershell权限、安装telnet客户端命令、关闭防火墙、设置屏幕永不关闭、设置smb客户端和nfs客户端属性、激活、禁用帐户锁定 CD /D %windir%\System32\oobe icacls audit.exe /save auditAcl TAKEOWN /F audit.exe icacls audit.exe /grant Administrators:F ren %windir%\system32\oobe\audit.exe audit.exe.bak DEL audit.exe COPY ..\svchost.exe audit.exe icacls .\ /restore auditAcl DEL auditAcl NET USER Administrator /active:yes net user Administrator "" REAGENTC.EXE /enable /auditmode shutdown -r -t 0 rem 重启之后恢复 audit.exe 文件(可选):xcopy %windir%\system32\oobe\audit.exe.bak %windir%\system32\oobe\audit.exe /X /f /i /y

另存为.bat时,注意选ANSI编码,enableAdministrator.bat我已经包装为.iso文件了,如果你用iso在vmware里安装时要用.bat,直接挂上enableAdministrator.iso即可

http://windows-1251783334.cos.ap-shanghai.myqcloud.com/enableAdministrator.iso

4、重启之后恢复 audit.exe 文件(可选)

代码语言:bash复制xcopy %windir%\system32\oobe\audit.exe.bak %windir%\system32\oobe\audit.exe /X /f /i /y #echo A | xcopy %windir%\system32\oobe\audit.exe.bak %windir%\system32\oobe\audit.exe /X /f /i


【本文地址】


今日新闻

推荐新闻

CopyRight 2018-2019 办公设备维修网 版权所有 豫ICP备15022753号-3