Re: Force password reset for administrator

I cannot duplicate that. When I logon to an account where the password has
expired, there is no "No" button, or any way to logon without providing a
new password. Except if the account is set so that "Password never expires",
then expiring the password has no affect and the user is never prompted to
change their password.

--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--

"Pollewops" <Pollewops@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:39B2CD68-824B-419B-98E3-685E92C64790@xxxxxxxxxxxxxxxx
Hi Richard,

First, thanks for you reply.
Second,

My script is in fact doing the same as yours. I tested it and they both do
their work.
The script part:
objUser.Put "PasswordExpired", CLng(1)
objUser.SetInfo
Is also required to set the password reset bit.

But my problem and question is not about this script, but about the
message
box that will appear after logon and when the password needs to be
changed.
The user is allowed to click NO and by that leave the old password as it
is.
I want to really force it ! So the user have to set the new password or
will
be e.g. log off again.
Any help/info on this one.

regards,
Johan

PS. i visit you personal website. Looks great and was already very helpful
for me for other tasks.

"Richard Mueller [MVP]" wrote:

Pollewops wrote:

I would like to force a password reset for a local administrator account
on
a
Windows 2003 server which is member of a workgroup.

I know the password reset option after next logon can be set by the
following code:
Const UF_DONT_EXPIRE_PASSWD = &H10000
logf.WriteLine(" Set administrator account to password changed after
next
logon") Set WshNetwork =
WScript.CreateObject("WScript.Network") Set Usr =
Getobject("WinNT://" & WshNetwork.ComputerName & "/administrator,user")
Usr.Put "UserFlags", Usr.UserFlags Xor UF_DONT_EXPIRE_PASSWD
Usr.SetInfo usr.Put "PasswordExpired", CLng(1)
usr.SetInfo

But above code generates a popup box mentioning that a password reset
is
required, but it can be answered with NO !!!
I want to force this password reset.

Does anyone know if this is possible and how ?
I know with a domain account it is working fine, but will it work with
a
local server account as well ?

Any help appreciated.

When you Xor UserFlags with the bit mask UF_DONT_EXPIRE_PASSWD you toggle
the corresponding bit. So if the account was configured so the password
expired, your code would configure so passwords no longer expire. If
passwords did not expire for the account, this program would change the
account so passwords would expire.

To force the user to change their password the next time they logon,
simply
assign 1 to the PasswordExpired property. Leave the UF_DONT_EXPIRE_PASSWD
setting alone.

To configure the account so that passwords expire, you must check if the
bit
is set and if it is toggle it. For example:
==================
Const UF_DONT_EXPIRE_PASSWD = &H10000
Set objNetwork = CreateObject("Wscript.Network")
Set objUser = GetObject("WinNT://" & objNetwork.ComputerName &
"/administrator,user")

' Check if bit set so passwords do not exipre.
lngFlags = objUser.userFlags
If (lngFlags And UF_DONT_EXPIRE_PASSWD <> 0) Then
' Bit is set so passwords do not expire.
' Toggle the bit.
lngFlags = lngFlags Xor UF_DONT_EXPIRE_PASSWD
objUser.userFlags = lngFlags
objUser.SetInfo
End If

--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--





.