Re: Setting "User Must Change Password at next Logon" via script:Non-AD.

From: Torgeir Bakken \(MVP\) (Torgeir.Bakken-spam_at_hydro.com)
Date: 10/08/04 

Date: Fri, 08 Oct 2004 22:04:54 +0200

Tim Nettleton wrote:

> I need to add a local NTFS user and force them to chenge their password when
> they logon. All examples point to AD, but this is a local account.
>
> How can I manipulate the "User Must Change Password at next Logon" bits via
> DOS, VBS or WMI?
Hi

Here is a VBScript solution that creates a local user account (with
"User Must Change Password at Next Logon" enabled) and adds it to a
local group.

'--------------------8<----------------------
' name of user to be created
sNewUser = "mini-strator"

' name of the group the user is to be added to
sGroupname = "Administrators"

' get computer name
Set oWshNet = CreateObject("WScript.Network")
sComputerName = oWshNet.ComputerName

' connect to the Winnt provider
Set oComputer = GetObject("WinNT://" & sComputerName)

' create the user
Set oUser = oComputer.Create("user", sNewUser)

oUser.SetPassword "A1234_B1234"

On Error Resume Next
' save the user
oUser.Setinfo

' If user exists already or password restrictions
' are not fulfilled, we get an error
If Err.Number = 0 Then

   ' configure the user
   On Error Goto 0

   ' Enable "User Must Change Password at Next Logon"
   oUser.Put "PasswordExpired", 1

   oUser.Fullname = "John Doe"
   oUser.Description = "hi!"
   oUser.Setinfo
End If
On Error Goto 0

' Add the user to the group
Set oGroup = GetObject("WinNT://" & sComputerName & "/" & sGroupname)

' Use error handling in case he is a member already
On Error Resume Next
oGroup.Add(oUser.ADsPath)
On Error Goto 0
'--------------------8<----------------------

More links:

Configuring a Local User Account So It Never Expires
http://www.microsoft.com/technet/community/scriptcenter/user/scrug115.mspx

WSH 5.6 documentation (local help file) can be downloaded from here
if you haven't got it already:
http://msdn.microsoft.com/downloads/list/webdev.asp 

-- 
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.mspx

Relevant Pages

  • Re: Logon local to W2k workstation using domain account
    ... >> Domain user accounts such as those listed in AD Users and computers ... >> can only logon to the domain or a trusted domain only. ... you must use local user account. ... > torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway ...
    (microsoft.public.win2000.security)
  • Re: WMI not working
    ... what does this have to do with WMI? ... Scripting and WMI Filters. ... relating to the use of WMI Filters being applied to Group Policy ... user logon processing hence the link between WMI and logon. ...
    (microsoft.public.win32.programmer.wmi)
  • Re: Logon local to W2k workstation using domain account
    ... > can only logon to the domain or a trusted domain only. ... > a local computer, you must use local user account. ... -- torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: ...
    (microsoft.public.win2000.security)
  • Re: Local User Account on Workstations
    ... > local user account and resetting it's password using a script. ... ' If you want to do this on the local computer, ... ' rename the user ... torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway ...
    (microsoft.public.windows.server.scripting)
  • Re: Change specific registry settings with Group Policy
    ... Hmmmmm......anyway to stop the caching of doman credentials? ... > You would have to create a local user account for them to logon to. ... > logon to their computer with cached domain credentials then Group Policy ...
    (microsoft.public.windows.group_policy)