Re: Force password reset for administrator
- From: Pollewops <Pollewops@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 18 Dec 2007 00:15:00 -0800
Hi Richard,
First, thanks for you reply.
Second,
My script is in fact doing the same as yours. I tested it and they both do
their work.
The script part:
objUser.Put "PasswordExpired", CLng(1)
objUser.SetInfo
Is also required to set the password reset bit.
But my problem and question is not about this script, but about the message
box that will appear after logon and when the password needs to be changed.
The user is allowed to click NO and by that leave the old password as it is.
I want to really force it ! So the user have to set the new password or will
be e.g. log off again.
Any help/info on this one.
regards,
Johan
PS. i visit you personal website. Looks great and was already very helpful
for me for other tasks.
"Richard Mueller [MVP]" wrote:
Pollewops wrote:.
I would like to force a password reset for a local administrator account on
a
Windows 2003 server which is member of a workgroup.
I know the password reset option after next logon can be set by the
following code:
Const UF_DONT_EXPIRE_PASSWD = &H10000
logf.WriteLine(" Set administrator account to password changed after next
logon") Set WshNetwork =
WScript.CreateObject("WScript.Network") Set Usr =
Getobject("WinNT://" & WshNetwork.ComputerName & "/administrator,user")
Usr.Put "UserFlags", Usr.UserFlags Xor UF_DONT_EXPIRE_PASSWD
Usr.SetInfo usr.Put "PasswordExpired", CLng(1)
usr.SetInfo
But above code generates a popup box mentioning that a password reset is
required, but it can be answered with NO !!!
I want to force this password reset.
Does anyone know if this is possible and how ?
I know with a domain account it is working fine, but will it work with a
local server account as well ?
Any help appreciated.
When you Xor UserFlags with the bit mask UF_DONT_EXPIRE_PASSWD you toggle
the corresponding bit. So if the account was configured so the password
expired, your code would configure so passwords no longer expire. If
passwords did not expire for the account, this program would change the
account so passwords would expire.
To force the user to change their password the next time they logon, simply
assign 1 to the PasswordExpired property. Leave the UF_DONT_EXPIRE_PASSWD
setting alone.
To configure the account so that passwords expire, you must check if the bit
is set and if it is toggle it. For example:
==================
Const UF_DONT_EXPIRE_PASSWD = &H10000
Set objNetwork = CreateObject("Wscript.Network")
Set objUser = GetObject("WinNT://" & objNetwork.ComputerName &
"/administrator,user")
' Check if bit set so passwords do not exipre.
lngFlags = objUser.userFlags
If (lngFlags And UF_DONT_EXPIRE_PASSWD <> 0) Then
' Bit is set so passwords do not expire.
' Toggle the bit.
lngFlags = lngFlags Xor UF_DONT_EXPIRE_PASSWD
objUser.userFlags = lngFlags
objUser.SetInfo
End If
--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--
- Follow-Ups:
- Re: Force password reset for administrator
- From: Richard Mueller [MVP]
- Re: Force password reset for administrator
- References:
- Re: Force password reset for administrator
- From: Richard Mueller [MVP]
- Re: Force password reset for administrator
- Prev by Date: Group Policy Startup Script that changes the machine name
- Next by Date: Re: what kind of scripting is this ?
- Previous by thread: Re: Force password reset for administrator
- Next by thread: Re: Force password reset for administrator
- Index(es):
Relevant Pages
|
