Sign in to follow this  
Followers 0
White_Rabbit

Windows Logon with AutoIt and/or PSExec?

9 posts in this topic

Hi.

Is there any way to login as administrator on a Windows 2000 Client the remote way?

I tried to use PSTools (Sysinternals) but there seems no way to do it. Now I thought that AutoIt may be another way to do it - but how? In other words: is it possible to send "CTRL+ALT+DEL" over the Network and the login as "administrator" anyhow?

It would be extremely helpful to execute an autoit-exe via psexec on several machines that way. Can anyone help? Thank you!

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

enable autologon?

@Echo off

Echo Enable Autologon administrator ...

Title Enable Autologon administrator

If not exist %systemdrive%\logfiles\install md %systemdrive%\Logfiles\Install

::"%~dp0autosec" -a "%~dp0Administrator.inf" >> %systemdrive%\logfiles\install\_Staging.log
@echo net user Administrator  P@ssw0rd007 /add  >> %systemdrive%\logfiles\install\_Staging.log
net user Administrator  P@ssw0rd007 /add        >> %systemdrive%\logfiles\install\_Staging.log

@echo net localgroup administrators Administrator /add  >> %systemdrive%\logfiles\install\_Staging.log
net localgroup administrators Administrator /add        >> %systemdrive%\logfiles\install\_Staging.log

@echo Creating autologon >> %systemdrive%\logfiles\install\_Staging.log
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Defaultusername /d Administrator /t REG_SZ /f
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultDomainName /d %COMPUTERNAME% /t REG_SZ /f
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoAdminLogon /d 1 /t REG_SZ /f
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultPassword /d P@ssw0rd007 /t REG_SZ /f

Reg delete "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "AutoLogonCount" /f
Reg Query  "HKLM"

to disable autologon:

@Echo off
Title Disable Autologon Administrator ...
Echo Disable Autologon Administrator

If not exist %systemdrive%\logfiles\install md %systemdrive%\Logfiles\Install
%~dp0autosec -p >> %systemdrive%\logfiles\install\_Staging.log
@echo net user Administrator /del   >> %systemdrive%\logfiles\install\_Staging.log
net user Administrator /del         >> %systemdrive%\logfiles\install\_Staging.log


@echo Remove autologon
Reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "DefaultUserName" /d "" /t REG_SZ /f
Reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "AltDefaultUserName" /d "" /t REG_SZ /f
Reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "DefaultDomainName" /d "TPT_DOM" /t REG_SZ /f
Reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "AltDefaultDomainName" /d "TPT_DOM" /t REG_SZ /f
Reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "DefaultPassword" /d "" /t REG_SZ /f
Reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "AutoAdminLogon" /d "0" /t REG_SZ /f
Edited by lordofthestrings

Share this post


Link to post
Share on other sites

does that mean that you have to restart between these two scripts? would be a possible way then...

Share this post


Link to post
Share on other sites

well you enable autologon, you execute what you wish (execute locally or from a network share)

reboot all you want, when you're done, you disable autologon and PC is back to normal...

if you need help with this setup, please ask.. if I can help I would like to..


Share this post


Link to post
Share on other sites

that is great!

It's easy to add some lines to the script like

Run("rundll Shell32.dll,SHExitWindowsEx 4")

and it should reboot automatically, right?

The psexec is easy then, too. Thanks!

Share this post


Link to post
Share on other sites

to reboot you could do many things :)

- shutdown -r -t 0 (windows XP and 2003)

- psshutdown (pstools)

- Shutdown ( code ) (AutoIt)

- unplug power cable and put it back in PC (not easily done in AutoIt)

where did you come across that funky rundll reboot command?


Share this post


Link to post
Share on other sites

another question before I test your script: Does it run on Windows 2000 Clients?

Does it run in a domain? (Just to be sure as you "net user /del" the Administrator...)

Share this post


Link to post
Share on other sites

1) run on 2000 : I suppose so, please use a test PC.. One that you can use to test what you want. I would advise you to always test on a testPC, under VMWare or whatever. I've seen people get fired for less..

2) net user Username /del = local SAM account

net user /del /domain (or /DOM or /DO) = on domain controller (domain account)

(be carefull not to delete administrator /DOMAIN) :-)


Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0