White_Rabbit Posted October 3, 2007 Posted October 3, 2007 Hi. Is there any way to login as administrator on a Windows 2000 Client the remote way? I tried to use PSTools (Sysinternals) but there seems no way to do it. Now I thought that AutoIt may be another way to do it - but how? In other words: is it possible to send "CTRL+ALT+DEL" over the Network and the login as "administrator" anyhow? It would be extremely helpful to execute an autoit-exe via psexec on several machines that way. Can anyone help? Thank you!
lordofthestrings Posted October 3, 2007 Posted October 3, 2007 (edited) enable autologon? @Echo off Echo Enable Autologon administrator ... Title Enable Autologon administrator If not exist %systemdrive%\logfiles\install md %systemdrive%\Logfiles\Install ::"%~dp0autosec" -a "%~dp0Administrator.inf" >> %systemdrive%\logfiles\install\_Staging.log @echo net user Administrator P@ssw0rd007 /add >> %systemdrive%\logfiles\install\_Staging.log net user Administrator P@ssw0rd007 /add >> %systemdrive%\logfiles\install\_Staging.log @echo net localgroup administrators Administrator /add >> %systemdrive%\logfiles\install\_Staging.log net localgroup administrators Administrator /add >> %systemdrive%\logfiles\install\_Staging.log @echo Creating autologon >> %systemdrive%\logfiles\install\_Staging.log REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Defaultusername /d Administrator /t REG_SZ /f REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultDomainName /d %COMPUTERNAME% /t REG_SZ /f REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoAdminLogon /d 1 /t REG_SZ /f REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultPassword /d P@ssw0rd007 /t REG_SZ /f Reg delete "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "AutoLogonCount" /f Reg Query "HKLM" to disable autologon: @Echo off Title Disable Autologon Administrator ... Echo Disable Autologon Administrator If not exist %systemdrive%\logfiles\install md %systemdrive%\Logfiles\Install %~dp0autosec -p >> %systemdrive%\logfiles\install\_Staging.log @echo net user Administrator /del >> %systemdrive%\logfiles\install\_Staging.log net user Administrator /del >> %systemdrive%\logfiles\install\_Staging.log @echo Remove autologon Reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "DefaultUserName" /d "" /t REG_SZ /f Reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "AltDefaultUserName" /d "" /t REG_SZ /f Reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "DefaultDomainName" /d "TPT_DOM" /t REG_SZ /f Reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "AltDefaultDomainName" /d "TPT_DOM" /t REG_SZ /f Reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "DefaultPassword" /d "" /t REG_SZ /f Reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "AutoAdminLogon" /d "0" /t REG_SZ /f Edited October 3, 2007 by lordofthestrings
White_Rabbit Posted October 3, 2007 Author Posted October 3, 2007 does that mean that you have to restart between these two scripts? would be a possible way then...
lordofthestrings Posted October 3, 2007 Posted October 3, 2007 well you enable autologon, you execute what you wish (execute locally or from a network share) reboot all you want, when you're done, you disable autologon and PC is back to normal... if you need help with this setup, please ask.. if I can help I would like to..
White_Rabbit Posted October 3, 2007 Author Posted October 3, 2007 that is great! It's easy to add some lines to the script like Run("rundll Shell32.dll,SHExitWindowsEx 4") and it should reboot automatically, right? The psexec is easy then, too. Thanks!
lordofthestrings Posted October 3, 2007 Posted October 3, 2007 to reboot you could do many things - shutdown -r -t 0 (windows XP and 2003) - psshutdown (pstools) - Shutdown ( code ) (AutoIt) - unplug power cable and put it back in PC (not easily done in AutoIt) where did you come across that funky rundll reboot command?
White_Rabbit Posted October 3, 2007 Author Posted October 3, 2007 hehe -- look here:http://www.google.de/search?hl=de&q=ru...Suche&meta=
White_Rabbit Posted October 3, 2007 Author Posted October 3, 2007 another question before I test your script: Does it run on Windows 2000 Clients? Does it run in a domain? (Just to be sure as you "net user /del" the Administrator...)
lordofthestrings Posted October 3, 2007 Posted October 3, 2007 1) run on 2000 : I suppose so, please use a test PC.. One that you can use to test what you want. I would advise you to always test on a testPC, under VMWare or whatever. I've seen people get fired for less.. 2) net user Username /del = local SAM account net user /del /domain (or /DOM or /DO) = on domain controller (domain account) (be carefull not to delete administrator /DOMAIN) :-)
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now