Jump to content

Enable/Disable Hidden Admin Account


Chimaera
 Share

Recommended Posts

A little something from me that will maybe help someone

#RequireAdmin
#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_Outfile=Admin Unlocker.exe
#AutoIt3Wrapper_Res_Fileversion=1.0.0.0
#AutoIt3Wrapper_Res_requestedExecutionLevel=requireAdministrator
#AutoIt3Wrapper_AU3Check_Parameters=-d -w 1 -w 2 -w 3 -w- 4 -w 5 -w 6 -w- 7
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****
#cs ----------------------------------------------------------------------------
    AutoIt Version: 3.3.8.0
    Author:      Chimaera
    Requirements:    Windows 7
    Script Function: Enable / Disable Hidden Admin Acc
    Credits:        guinness, Rover, spudw2k
#ce ----------------------------------------------------------------------------
#include <GUIConstantsEx.au3>
#include <WindowsConstants.au3>
; ------------------------------------------------------------------------------
Global $GetName    = _GetLocalAdmin()
; ------------------------------------------------------------------------------
Local $GUI_Start = GUICreate("Admin Account", 200, 120, -1, -1, BitXOR($GUI_SS_DEFAULT_GUI, $WS_MINIMIZEBOX))  ; non resize gui
Local $ButtonEnable = GUICtrlCreateButton("Enable Hidden Admin Acc", 10, 20, 180, 35)
GUICtrlSetFont(-1, 10, "", "", "Tahoma")
Local $ButtonDisable = GUICtrlCreateButton("Disable Hidden Admin Acc", 10, 64, 180, 35)
GUICtrlSetFont(-1, 10, "", "", "Tahoma")
Local $sAdminTest = _IsAdminEnabled()
    If $sAdminTest = True Then GUICtrlSetState($ButtonEnable, $GUI_DISABLE)
    If $sAdminTest = False Then GUICtrlSetState($ButtonDisable, $GUI_DISABLE)
GUISetState()

While 1
    Local $nMsg = GUIGetMsg()
    Switch $nMsg
        Case $GUI_EVENT_CLOSE
            Exit
        Case $ButtonEnable
                _EnableAdminAcc()
        Case $ButtonDisable
                _DisableAdminAcc()
    EndSwitch
WEnd

Func _EnableAdminAcc()
    If _IsAdminEnabled() = False Then
        Run(@ComSpec & ' /c ' & 'net user ' & $GetName & ' /active:yes', "", @SW_HIDE) ; enables the hidden account
        SplashTextOn("Working", "Hidden Admin Account Enabled", 300, 50)
        Sleep(2000)
        SplashOff()
    Else
        SplashTextOn("Warning", "Admin Account Is Already Enabled", 300, 50)
        Sleep(2000)
        SplashOff()
    EndIf
EndFunc   ;==>_EnableAdminAcc

Func _DisableAdminAcc()
    If _IsAdminEnabled() = True Then
        Run(@ComSpec & ' /c ' & 'net user ' & $GetName & ' /active:no', "", @SW_HIDE) ; disables the hidden account
        SplashTextOn("Working", "Hidden Admin Account Disabled", 300, 50)
        Sleep(2000)
        SplashOff()
    Else
        SplashTextOn("Warning", "Admin Account Is Already Disabled", 300, 50)
        Sleep(2000)
        SplashOff()
    EndIf
EndFunc   ;==>_DisableAdminAcc

Func _IsAdminEnabled() ; By Rover, guinness & spudw2k ; checks if the hidden account is enabled
    Local $oWMIService = ObjGet('winmgmts:\\localhost\root\CIMV2')
    Local $oColItems = $oWMIService.ExecQuery('Select Disabled From Win32_UserAccount Where LocalAccount = True AND SID Like "%-500"', "WQL", 0x30)
    If IsObj($oColItems) Then
        For $oItem In $oColItems
            Return $oItem.Disabled = False
        Next
    EndIf
    Return True
EndFunc   ;==>_IsAdminEnabled

Func _GetLocalAdmin() ; Credits to spudw2k Checks for correct name of local account
    Local $admin
    Local $objWMIService = ObjGet("winmgmts:{impersonationLevel=impersonate}!\\" & @ComputerName & "\root\cimv2")
    Local $colItems = $objWMIService.ExecQuery("SELECT Name from Win32_UserAccount WHERE LocalAccount = True AND SID like '%-500'")
    For $acct In $colItems
        $admin = $acct.Name
    Next
    $objWMIService = 0
    $colItems = 0
    Return $admin
EndFunc

Have Fun ;)

Edited by Chimaera
Link to comment
Share on other sites

Ideal for a technician.

A couple of points, try not to declare variables within loops as it's known to cause a decrease in speed, if only minimal and...

In the spirit of using 'net user' here is how to extract the information on whether or not the Admin account is enabled.

#include <Constants.au3>

ConsoleWrite(_IsAdminEnabled() & @CRLF)

; Check if the Administrator account is enabled.
Func _IsAdminEnabled()
    Local $iPID = Run(@ComSpec & ' /c net user Administrator', @SystemDir, @SW_HIDE, $STDOUT_CHILD + $STDERR_CHILD), $sReturn = ''
    While 1
        $sReturn &= StdoutRead($iPID)
        If @error Then
            ExitLoop
        EndIf
    WEnd

    Local $aReturn = StringRegExp($sReturn, 'Account actives*(.*?)r', 3)
    If @error Then
        Return SetError(1, 0, False)
    EndIf
    Return $aReturn[0] = 'Yes'
EndFunc   ;==>_IsAdminEnabled

UDF List:

 
_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_ArrayFilter/_ArrayReduce_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 22/04/2018

Link to comment
Share on other sites

  • 3 weeks later...

I'm pretty sure the net user command will fail if say the administrator account has been renamed.

How about using the local admin SID?

Edited by spudw2k
Link to comment
Share on other sites

Here's a little snippet to retrieve the Local Admin account name via WMI.

#RequireAdmin

msgbox(0,"",_GetLocalAdmin())

Func _GetLocalAdmin()
    $objWMIService = ObjGet("winmgmts:{impersonationLevel=impersonate}!" & @ComputerName & "rootcimv2")
    $colItems = $objWMIService.ExecQuery("SELECT Name from Win32_UserAccount WHERE LocalAccount = True AND SID like '%-500'")

    For $acct In $colItems
        $admin = $acct.Name
    Next
    $objWMIService = 0
    $colItems = 0
    Return $admin
EndFunc

Edited by spudw2k
Link to comment
Share on other sites

Im not following this m8

if the account is a hidden account created when windows is installed or a mass produced pc etc

The account should always be the same name?

I can see that error checking on the account maybe be usefull like your example but is your example finding the same account?

Link to comment
Share on other sites

If your intent is for this script to only work on English Windows Deployments, or system where people have not renamed the admin account then there is no problem.

This was just my suggestion to correctly identify the admin account in any deployment, any windows OS (on which AutoIT runs of course) and any language (untested).

Perhaps you can "expect" the account to exist with the default name, but if that fails this will provide the correct admin account. Up to you how to implement (if at all).

Edited by spudw2k
Link to comment
Share on other sites

Nice function spudw2k.

I would add some error checking just in case using IsObj.

ConsoleWrite(_GetLocalAdmin() & @CRLF)

Func _GetLocalAdmin() ; By spudw2k.
    Local $oWMIService = ObjGet('winmgmts:{impersonationLevel=impersonate}!' & @ComputerName & 'rootcimv2')
    Local $oColItems = $oWMIService.ExecQuery('Select Name From Win32_UserAccount Where LocalAccount = True AND SID Like "%-500"')
    If IsObj($oColItems) Then
        For $oItems In $oColItems
            Return $oItems.Name
        Next
    EndIf
    Return SetError(1, 0, '')
EndFunc   ;==>_GetLocalAdmin

UDF List:

 
_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_ArrayFilter/_ArrayReduce_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 22/04/2018

Link to comment
Share on other sites

@guinness - You're right about the error handling. Thanks for the input.

@Chimaera - Couple last critiques.

Your IsAdminEnabled function:

It still calls "Administrator" instead of the $GetName var you implemented. You may also wish to add the "LocalAccount = True" param that I used if you intend to run the script in a "domain" environment ever, else it will search the entire domain which may signifcantly slow down your query depending on the number of accounts in the domain and network config. Also, "selecting" just the Disabled property as opposed to * may improve the return time of the query.

And last, your $GetName variable:

I would recommend just assigning it at the beggining of the script rather than calling each after each press (Not sure why'd you'd bother checking to see if the admin account name changed in between button presses).

Also if you assign it before you call IsAdminEnabled then you'd have the $GetName var ready.

I hope this doesn't come across as being cocky. I'm no expert, but I have learned a lot in the last 5+ years of using AutoIt. Just my two cents on how to shape things up. Take it or leave it. ;)

Edited by spudw2k
Link to comment
Share on other sites

Your IsAdminEnabled function:

It still calls "Administrator" instead of the $GetName var you implemented.

My fault.

Func _IsAdminEnabled() ; By Rover, guinness & spudw2k ; checks if the hidden account is enabled
    Local $oWMIService = ObjGet('winmgmts:localhostrootCIMV2')
    Local $oColItems = $oWMIService.ExecQuery('Select Disabled From Win32_UserAccount Where LocalAccount = True AND SID Like "%-500"', "WQL", 0x30)
    If IsObj($oColItems) Then
        For $oItem In $oColItems
            Return $oItem.Disabled = False
        Next
    EndIf
    Return True
EndFunc   ;==>_IsAdminEnabled
Edited by guinness

UDF List:

 
_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_ArrayFilter/_ArrayReduce_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 22/04/2018

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...