HTML Code:
#RequireAdmin
; CreateAdminWinPE.au3
; AutoIt script to create an Administrator account on the installed (offline) Windows from Win10PE
; Method: place a batch in the target Windows\System32 and register it under HKLM\SOFTWARE\...\RunOnce of the offline hive.
Opt("MustDeclareVars", 1)
#include <MsgBoxConstants.au3>
#include <Array.au3>
#include <File.au3>
Func RunCmd($sCmd, ByRef $sOut = "")
Local $iPID = Run(@ComSpec & " /c " & $sCmd, @SystemDir, @SW_HIDE, $STDOUT_CHILD)
If $iPID = 0 Then Return SetError(1, 0, "")
$sOut = ""
While 1
Local $s = StdoutRead($iPID)
If @error Then ExitLoop
$sOut &= $s
WEnd
ProcessWaitClose($iPID)
Return 0
EndFunc
Local $aWindowsPaths[0]
For $drive = Asc("C") To Asc("Z")
Local $sDrive = Chr($drive) & ":\"
If DriveExists($sDrive) Then
Local $sCheck = $sDrive & "Windows\System32\config\SOFTWARE"
If FileExists($sCheck) Then
_ArrayAdd($aWindowsPaths, $sDrive & "Windows")
EndIf
EndIf
Next
If UBound($aWindowsPaths) = 0 Then
MsgBox($MB_ICONERROR, "wrong", "windows is not installed in current partitions.")
Exit
EndIf
Local $sTargetWin
If UBound($aWindowsPaths) = 1 Then
$sTargetWin = $aWindowsPaths[0]
Else
; Display a choice to the user if multiple systems are present.
Local $sList = ""
For $i = 0 To UBound($aWindowsPaths)-1
$sList &= ($i+1) & " - " & $aWindowsPaths[$i] & @CRLF
Next
Local $sChoice = InputBox("Choose to install Windows", "Multiple installations were found. Select the installation number you want to modify:" & @CRLF & $sList, "1")
If @error Then Exit
If Not StringIsDigit($sChoice) Then Exit
Local $iChoice = Number($sChoice)-1
If $iChoice < 0 Or $iChoice >= UBound($aWindowsPaths) Then
MsgBox($MB_ICONERROR, "wrong", "choice is not correct.")
Exit
EndIf
$sTargetWin = $aWindowsPaths[$iChoice]
EndIf
; --- 2) Read username and password ---
Local $sUser = InputBox("Create an admin account (Offline)", "Enter your new username:", "NewAdmin")
If @error Or StringStripWS($sUser, 8) = "" Then Exit
Local $sPass = InputBox("Create an admin account (Offline)", "Enter your account password:", "P@ssw0rd")
If @error Or StringStripWS($sPass, 8) = "" Then Exit
If MsgBox($MB_YESNO, "confirmation", "The account will be created at: " & $sTargetWin & @CRLF & "username: " & $sUser & @CRLF & "Do you want to continue?") = $IDNO Then Exit
; --- 3) Create the batch inside the System32 folder of the target Windows ---
Local $sSys32 = $sTargetWin & "\System32"
Local $sBatchPath = $sSys32 & "\create_admin.bat"
Local $sBatch =
'@echo off' & @CRLF & _
'REM create_admin.bat - created by CreateAdminWinPE' & @CRLF & _
'chcp 65001 >nul' & @CRLF & _
'echo Creating user %USERNAME% >nul' & @CRLF & _
'net user "' & $sUser & '" "' & $sPass & '" /add' & @CRLF & _
'net localgroup Administrators "' & $sUser & '" /add' & @CRLF & _
'REM try to disable password expiry (if allowed)' & @CRLF & _
'wmic useraccount where name^="' & $sUser & '" set PasswordExpires=False >nul 2>&1' & @CRLF & _
'REM remove the RunOnce entry (RunOnce should auto-remove but we try cleanup)' & @CRLF & _
'reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v CreateAdmin /f >nul 2>&1' & @CRLF & _
'REM delete this batch' & @CRLF & _
'del "%~f0" >nul 2>&1' & @CRLF & _
'exit /b 0' & @CRLF
; attempt to write file (may require elevated rights in WinPE)
If Not DirCreate($sSys32) And Not FileExists($sSys32) Then
MsgBox($MB_ICONERROR, "wrong", "The folder cannot be accessed: " & $sSys32)
Exit
EndIf
Local $h = FileOpen($sBatchPath, $FO_OVERWRITE + $FO_CREATEPATH)
If $h = -1 Then
MsgBox($MB_ICONERROR, "wrong", "File creation failed:" & $sBatchPath)
Exit
EndIf
FileWrite($h, $sBatch)
FileClose($h)
; --- 4) load hive software for windows target to HKLM\OFFLINE ---
Local $sHive = $sTargetWin & "\System32\config\SOFTWARE"
Local $sOut = ""
RunCmd('reg load HKLM\OFFLINE "' & $sHive & '"', $sOut)
If StringInStr($sOut, "The operation completed successfully") Or StringInStr($sOut, "done") Or @error = 0 Then
; continue
Else
; reg load often does not print text but may return zero; we check for presence
EndIf
; Check that the key exists or that the load has been completed.
Local $sTestOut = ""
RunCmd('reg query "HKLM\OFFLINE\Microsoft\Windows\CurrentVersion" /v ""', $sTestOut)
If StringInStr($sTestOut, "ERROR") Then
; Attempt to disassemble and error condition
RunCmd('reg unload HKLM\OFFLINE')
MsgBox($MB_ICONERROR, "wrong", "hive software loading failed or path is invalid: " & $sHive & @CRLF & "Outputs:" & @CRLF & $sTestOut)
Exit
EndIf
; --- 5) Add a RunOnce value to point to the batch on the next boot ---
Local $sRunOnceKey = 'HKLM\OFFLINE\Microsoft\Windows\CurrentVersion\RunOnce'
Local $sCmdAdd = 'reg add "' & $sRunOnceKey & '" /v CreateAdmin /t REG_SZ /d "' & 'C:\Windows\System32\create_admin.bat' & '" /f'
Local $sAddOut = ""
RunCmd($sCmdAdd, $sAddOut)
; Check success
If StringInStr($sAddOut, "The operation completed successfully") Or StringInStr($sAddOut, "done") Or $sAddOut = "" Then
;reg may not return text when successful — we'll read the key to make sure.
Local $sCheck = ""
RunCmd('reg query "' & $sRunOnceKey & '" /v CreateAdmin', $sCheck)
If StringInStr($sCheck, 'CreateAdmin') Then
MsgBox($MB_ICONINFORMATION, "done", "The batch is created and registered under RunOnce for Windows installation." & @CRLF & "Patch location: " & $sBatchPath)
Else
MsgBox($MB_ICONWARNING, "warning", "The RunOnce value may not have been registered successfully. Review the command output:" & @CRLF & $sAddOut)
EndIf
Else
MsgBox($MB_ICONERROR, "fail", "Failed to add RunOnce value. Output:" & @CRLF & $sAddOut)
EndIf
; --- 6) Unload the hive ---
Local $sUnloadOut = ""
RunCmd('reg unload HKLM\OFFLINE', $sUnloadOut)
MsgBox($MB_ICONINFORMATION, "finish", "The script has finished. Reboot your device and look for the account when you log in to the installed system.")
Exit
autoit error
line 11
func runcmd($scmd,ByRef $sout="")
error :badly formatted "func" statement
