首先,取得出现此故障电脑的管理员权限,包括可\\ip \share$权限
然后开始准备
第一步:
准备好pstools工具包。
在这里主要用到的是psexec.exe
第二步:准备好注册表文件。名字随便。filename.reg
内容:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe"
"Userinit"="C:\\winnt\\system32\\userinit.exe,"
"UIHost"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6c,00,\
6f,00,67,00,6f,00,6e,00,75,00,69,00,2e,00,65,00,78,00,65,00,00,00
或批处理文件也行。名字filename.bat
内容:
@ECHO OFF
> "%Temp%.\DefOpen.reg" ECHO Windows Registry Editor Version 5.00
>>"%Temp%.\DefOpen.reg" ECHO.
>>"%Temp%.\DefOpen.reg" ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
>>"%Temp%.\DefOpen.reg" ECHO "Shell"="Explorer.exe"
>>"%Temp%.\DefOpen.reg" ECHO "Userinit"="C:\\winnt\\system32\\userinit.exe,"
>>"%Temp%.\DefOpen.reg" ECHO "UIHost"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
>>"%Temp%.\DefOpen.reg" ECHO 00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6c,00,\
>>"%Temp%.\DefOpen.reg" ECHO 6f,00,67,00,6f,00,6e,00,75,00,69,00,2e,00,65,00,78,00,65,00,00,00
>>"%Temp%.\DefOpen.reg" ECHO.
START /WAIT REGEDIT /S "%Temp%.\DefOpen.reg"
DEL "%Temp%.\DefOpen.reg"
第三步:
把filename.bat或filename.reg传到故障电脑上。
第四步:
psexec.exe \\ip address -u usrname -p passwd c:\windows\regedit -s x:\filename.reg
psexec.exe \\ip address -u usrname -p passwd c:\windows\system32\cmd -s x:\filename.bat
如果是2000系统,把windows换成winnt
通过解决办法我们可以看出,其实造成这种现象的原因是注册表中的管理启动的这一项损坏。
当然也有通过复制userinit.exe来覆盖故障电脑中的userinit.exe 文档来解决的,这样可以看出只是userinit.exe文件被损。 |