Re: Changing Password Settings

---

• From: "Tom Ker" <thomas.DOT.kerA@xxxxxxxxxxxxx>
• Date: Tue, 3 Jul 2007 14:06:39 -0400

---

Excellent! Thanks for the prompt reply, Richard.

Tom

"Richard Mueller [MVP]" <rlmueller-nospam@xxxxxxxxxxxxxxxxxxxx> wrote in
message news:uxaeFgZvHHA.1104@xxxxxxxxxxxxxxxxxxxxxxx

Tom wrote:

Some time ago I was asked to write a script to set some local users'
passwords and make them non-expiring and unchangable. I used this code
to do that...

snip<

Set oUser = oComputer.GetObject("user", UserToProtect)
oAccountFlag = oUserFlags OR ADS_UF_DONT_EXPIRE_PASSWD
oUser.Put "userFlags", oAccountFlag
oAccountFlag = oUserFlags OR ADS_UF_PASSWD_CANT_CHANGE
oUser.Put "userFlags", oAccountFlag
oUser.SetPassword sPswd
oUser.SetInfo

snip<

It worked well. Now I've been asked to reverse that so the password will
expire and the user can change it. I see plenty of examples of how to do
what I've already done, but none on how to undo it.

The trick is that you unset a bit by toggling it, using the XOR operator.
You test a bit with AND, you set a bit with OR, and you toggle a bit with
XOR. I check if the bit is set using AND, then if it is set, XOR it to
turn it off. For example:

Const ADS_UF_PASSWD_CANT_CHANGE = &H40
Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000

Set objUser = GetObject("LDAP://cn=Jim Smith,ou=Sales,dc=MyDomain,dc=com")
blnChanged = False
lngFlag = objUser.userAccountControl
If (lngFlag AND ADS_UF_PASSWD_CANT_CHANGE) <> 0 Then
lngFlag = lngFlag XOR ADS_UF_PASSWD_CANT_CHANGE
blnChanged = True
End IF
If (lngFlag AND ADS_UF_DONT_EXPIRE_PASSWD) <> 0 Then
lngFlag = lngFlag XOR ADS_UF_DONT_EXPIRE_PASSWD
blnChanged = True
End If
If (blnChanged = True) Then
objUser.userAccountControl = lngFlag
objUser.SetInfo
End If

--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--

.

---

• References:
  • Changing Password Settings
    • From: Tom Ker
  • Re: Changing Password Settings
    • From: Richard Mueller [MVP]

• Prev by Date: Re: Changing Password Settings
• Next by Date: How do I display only the last output string in vbscript
• Previous by thread: Re: Changing Password Settings
• Next by thread: Re: Changing Password Settings
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Changing Password Settings ... passwords and make them non-expiring and unchangable. ... oUser.Put "userFlags", oAccountFlag ... The trick is that you unset a bit by toggling it, using the XOR operator. ... (microsoft.public.scripting.vbscript) Changing Password Settings ... Some time ago I was asked to write a script to set some local users' ... passwords and make them non-expiring and unchangable. ... oUser.Put "userFlags", oAccountFlag ... (microsoft.public.scripting.vbscript) Re: "Assumed User" at startup -- How to set/unset one ... Richard ... > Control Panel|Users and Passwords, then check the box for "Users must ... > Microsoft MVP [Windows] ... (microsoft.public.win2000.setup) Re: attack 2 ... > Looking at ricrmoss there's some possibility of associating it with ... but guessing it in the first place is going to take serious ... Richard would have no problem remembering it at all. ... passwords that my process generates. ... (Fedora) Users cant change password!? ... check whether the DC holding the PDC emulator operating ... Richard ... >I went in to the Domain Group Policy to check on the ... >The users can still not change their passwords?! ... (microsoft.public.win2000.security)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Scripting  > microsoft.public.scripting.vbscript  > 2007-07