Re: Force password reset for administrator

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Pollewops wrote:

I would like to force a password reset for a local administrator account on
a
Windows 2003 server which is member of a workgroup.

I know the password reset option after next logon can be set by the
following code:
Const UF_DONT_EXPIRE_PASSWD = &H10000
logf.WriteLine(" Set administrator account to password changed after next
logon") Set WshNetwork =
WScript.CreateObject("WScript.Network") Set Usr =
Getobject("WinNT://" & WshNetwork.ComputerName & "/administrator,user")
Usr.Put "UserFlags", Usr.UserFlags Xor UF_DONT_EXPIRE_PASSWD
Usr.SetInfo usr.Put "PasswordExpired", CLng(1)
usr.SetInfo

But above code generates a popup box mentioning that a password reset is
required, but it can be answered with NO !!!
I want to force this password reset.

Does anyone know if this is possible and how ?
I know with a domain account it is working fine, but will it work with a
local server account as well ?

Any help appreciated.

When you Xor UserFlags with the bit mask UF_DONT_EXPIRE_PASSWD you toggle
the corresponding bit. So if the account was configured so the password
expired, your code would configure so passwords no longer expire. If
passwords did not expire for the account, this program would change the
account so passwords would expire.

To force the user to change their password the next time they logon, simply
assign 1 to the PasswordExpired property. Leave the UF_DONT_EXPIRE_PASSWD
setting alone.

To configure the account so that passwords expire, you must check if the bit
is set and if it is toggle it. For example:
==================
Const UF_DONT_EXPIRE_PASSWD = &H10000
Set objNetwork = CreateObject("Wscript.Network")
Set objUser = GetObject("WinNT://" & objNetwork.ComputerName &
"/administrator,user")

' Check if bit set so passwords do not exipre.
lngFlags = objUser.userFlags
If (lngFlags And UF_DONT_EXPIRE_PASSWD <> 0) Then
' Bit is set so passwords do not expire.
' Toggle the bit.
lngFlags = lngFlags Xor UF_DONT_EXPIRE_PASSWD
objUser.userFlags = lngFlags
objUser.SetInfo
End If

--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--


.

Relevant Pages

  • Re: Force password reset for administrator
    ... When I logon to an account where the password has ... Except if the account is set so that "Password never expires", ... Microsoft MVP Scripting and ADSI ... expired, your code would configure so passwords no longer expire. ...
    (microsoft.public.scripting.vbscript)
  • Re: Force password reset for administrator
    ... My script is in fact doing the same as yours. ... Is also required to set the password reset bit. ... logf.WriteLine(" Set administrator account to password changed after next ... expired, your code would configure so passwords no longer expire. ...
    (microsoft.public.scripting.vbscript)
  • GPO problem
    ... Policies/Security Options> Network Security> Force logoff when logon ... hours expire (Enabled) ... Security Filtering set to my user account as well as my computer ...
    (microsoft.public.windows.server.active_directory)
  • Re: HELP FAST!! Users logged in after a forced mass password change
    ... It's not that they can't login to Exchange, its that they no longer have an ... account that is authenticated because they must change the password at next ... Expire the passwords? ... > next logon for each OU in active directory. ...
    (microsoft.public.windows.server.active_directory)
  • Re: /etc/default/passwd and SSH
    ... SYNOPSIS: Description of "Password Aging" ... The warn field is the number of days of warning the user gets on login ... the expire field perform very distinct functions that are in no way related. ... The account should be disabled after a week so that it can not ...
    (Focus-SUN)