标签:
windows账户管理最近部署人员给我们提了一个需求,就是希望简化部署过程。
为了能够远程桌面控制终端电脑,他们需要为每台终端设置进行一些设置,例如创建用户名和密码,开启允许
远程桌面设置,以及开机免登录的设置,这部分的操作加大了部署人员的工作量,所以他们提出是否能够提供
一个软件,直接在终端设备上安装一下,那么这些设置就自动设置好了,而且还能支持后面平台下发修改用户名
和密码的功能。所以有了这些功能的探索,注册表修改部分,用到了注册表比对工具现整理一下成果。
创建管理员账户
删除账户
//传入参数:Username用户名 public static bool DelNTUser(string Username) { try { DirectoryEntry localMachine = new DirectoryEntry("WinNT://" + Environment.MachineName + ",computer"); DirectoryEntry obUser = localMachine.Children.Find(Username, "User");//找得用户 localMachine.Children.Remove(obUser);//删除用户 localMachine.Close(); return true; } catch(Exception ex) { RGCommon.Log(ex.Message); return false; } }重命名账户
/// <summary> /// 重命名账户 /// </summary> /// <param name="username"></param> /// <param name="newname"></param> /// <returns></returns> public static bool Rename(string username, string newname) { try { DirectoryEntry localMachine = new DirectoryEntry($"WinNT://{Environment.MachineName},computer"); DirectoryEntry obUser = localMachine.Children.Find(username, "User"); obUser.Rename(newname);//重命名 obUser.CommitChanges(); obUser.Close(); localMachine.Close(); return true; } catch (Exception ex) { RGCommon.Log(ex.Message); return false; } }修改用户密码
//修改NT用户密码 //传入参数:Username用户名,Userpassword用户新密码 public static bool InitNTPwd(string username, string userpassword) { try { DirectoryEntry localMachine = new DirectoryEntry("WinNT://" + Environment.MachineName + ",computer"); DirectoryEntry obUser = localMachine.Children.Find(username, "User"); obUser.Invoke("SetPassword", userpassword); obUser.CommitChanges(); obUser.Close(); localMachine.Close(); return true; } catch(Exception ex) { RGCommon.Log(ex.Message); return false; } }判断用户是否存在
/// <summary> /// 判断用户是否存在 /// </summary> /// <param name="userName"></param> /// <returns></returns> public static bool ExistWinUser(string userName) { try { using(DirectoryEntry localMachine = new DirectoryEntry($"WinNT://{Environment.MachineName},computer")) { var user = localMachine.Children.Find(userName, "user"); return user != null; } } catch(Exception ex) { RGCommon.Log(ex.Message); } return false; }启用/禁用账户
/// <summary> /// 启用/禁用账户 /// </summary> /// <param name="userName"></param> /// <param name="isDisable"></param> public static void Disable(string userName, bool isDisable) { DirectoryEntry user = new DirectoryEntry($"WinNT://{Environment.MachineName}/{userName},user"); user.InvokeSet("AccountDisabled", isDisable); user.CommitChanges(); user.Close(); }防火墙入站规则添加
/// <summary> /// 添加入站规则 /// </summary> /// <param name="name"></param> /// <param name="port">要入站的端口号</param> /// <param name="protocol"></param> public static void NetFwAddPorts(string name, int port, string protocol) { INetFwMgr netFwMgr = (INetFwMgr)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FwMgr")); INetFwOpenPort objPort = (INetFwOpenPort)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FwOpenPort")); objPort.Name = name; objPort.Port = port; if(protocol.ToUpper() == "TCP") { objPort.Protocol = NET_FW_IP_PROTOCOL_.NET_FW_IP_PROTOCOL_TCP; } else { objPort.Protocol = NET_FW_IP_PROTOCOL_.NET_FW_IP_PROTOCOL_UDP; } objPort.Scope = NET_FW_SCOPE_.NET_FW_SCOPE_ALL; objPort.Enabled = true; bool exist = false; //加入到防火墙管理策略 foreach(INetFwOpenPort mPort in netFwMgr.LocalPolicy.CurrentProfile.GloballyOpenPorts) { if(objPort == mPort) { exist = true; break; } } if (!exist) { netFwMgr.LocalPolicy.CurrentProfile.GloballyOpenPorts.Add(objPort); } }