Solved

scripting adding local user with options

Posted on 2006-07-21
14
741 Views
Last Modified: 2008-01-09
I know how to add a user:
net user username password /add

but I need to know how to add the two options:
"Password never expires" and "user cannot change password"
This is something I want to deploy on the local machine remotely using Altiris deployment tools.  I can currently add users but can't find options for the other two items.

These are xp sp2 machines.
0
Comment
Question by:lawson2305
  • 5
  • 4
  • 3
  • +1
14 Comments
 
LVL 43

Assisted Solution

by:Steve Knight
Steve Knight earned 200 total points
ID: 17156893
I think you want these options:

/expires:<date or never> The expiry date of the account. Date format is mm,dd,yy or dd,mm,yy which is determined by the country code
/passwordchg:[yes or no] Used to specify if the user can modify the password
/passwordreq:[yes or no] Used to determine if the account needs a password

i.e. /expires:never /passwordchg:no

Here is a link to all the net.exe command options:

http://www.windowsitpro.com/Article/ArticleID/14478/14478.html

hth

Steve
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17156943
Actually looks like the /expire option doesn't do the password unfortunately thoug the passwordchg bit works... just tried it.

http://www.codecomments.com/archive300-2004-6-205811.html

gives another util that does do it though and pretty sure it could be done through cusrmgr.exe from the resource kits, but haven't used that since NT4 days...
0
 
LVL 4

Author Comment

by:lawson2305
ID: 17156987
/passwordchg:no works and takes care of "user cannot change password"

but /expires sets so the account doesn't have an expiration date.  I need to set the "password never expires".

First thank you half of the answer
0
 
LVL 26

Expert Comment

by:Pber
ID: 17156996
Try this vbs script...

So in your Altiris batch you can do a
cscript createuser.vbs user1 password
cscript createuser.vbs user2 password
...

Dim args
set args = WScript.Arguments
If args.count < 1 Then
      MsgBox "Usage = cscript CreateUser.vbs username password"
      WScript.Quit
End if

CreateUser args.item(0),args.item(1)

Sub CreateUser(strUser,strPwd)
      Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000
      Const ADS_UF_PASSWD_CANT_CHANGE = &H40
      
      Set Computer = Getobject("WinNT://.")
      Set User = computer.create("User",strUser)
      'User.fullname = strFullname
      'User.Description = strDesc
      User.SetPassword(strPwd)
      User.setinfo
      Flags = User.Get("UserFlags")
      User.Put "UserFlags", Flags Or ADS_UF_DONT_EXPIRE_PASSWD Or ADS_UF_PASSWD_CANT_CHANGE
      User.setinfo
End sub
0
 
LVL 4

Author Comment

by:lawson2305
ID: 17167530
OK so do I have no choice but to use the script?  I'm not a vbs script expert or really a novice so I need a bit more info on what this does.

I was hoping it could have been done through command line argument but I guess not.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17167574
The second link I added above gives a link within there to an EXE which will do it for you but VBS is reasonably easy -- not my language of choice as I don't deal with very often to write new stuff but easy enough to adjust someone elses code....

Steve
0
 
LVL 26

Expert Comment

by:Pber
ID: 17167659
The script will create the user just like the Net User username password /all does, but sets the two attributes you wanted.
Just save the text below the "Start of VBS file" into notepad and save it as NewUser.vbs (change to 8.3 for compatibility incase you use Altiris DOS scripting).

Save the newuser.vbs file in the same location as your batch that performs the net user /add function.  In that same batch file, just replace:
   net user username password /add
with
   cscript newuser.vbs username password



'Start of VBS file
Dim args
'Gets command line arguments
set args = WScript.Arguments
'displays usage if no command line arguments are specified.
If args.count < 1 Then
     MsgBox "Usage = cscript NewUser.vbs username password"
     WScript.Quit
End if

CreateUser args.item(0),args.item(1)

Sub CreateUser(strUser,strPwd)
     Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000   'password never expires
     Const ADS_UF_PASSWD_CANT_CHANGE = &H40       'user cannot change password
     
     Set Computer = Getobject("WinNT://.")
     Set User = computer.create("User",strUser)
     'User.fullname = strFullname
     'User.Description = strDesc
     User.SetPassword(strPwd)
     'create user
     User.setinfo
     'get user flags
     Flags = User.Get("UserFlags")
    'add our masks to the flags
     User.Put "UserFlags", Flags Or ADS_UF_DONT_EXPIRE_PASSWD Or ADS_UF_PASSWD_CANT_CHANGE
     'Set user flags
     User.setinfo
End sub
'End of VBS file
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 10

Expert Comment

by:ryangorman
ID: 17169004
Try DSQuery User -SAMid <username> | DSMOD USER -pwdneverexpires yes
0
 
LVL 4

Author Comment

by:lawson2305
ID: 17169183
Pber yours works but when using this method it doesn't add the user to any local groups like USERS.

ryangorman I could not get this to work.
I put in the username I created using
net user testuser pass /add

so I tried this:
DSQuery User -SAMid testuser | DSMOD USER -pwdneverexpires yes
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17169310
Have you tried this prog. from the link I supplied.  Haven't tred it myself as can't try x86 EXE's on this PDA of course...

A)
Command line:

Tip 570 at for a freeware command line tool (NETUSER.EXE):
http://www.jsiinc.com/reghack.htm

This should do it then:

NETUSER.EXE jeanette /pwnexp:y


0
 
LVL 26

Accepted Solution

by:
Pber earned 300 total points
ID: 17169366
Try this.  I added a AddToGroup routine.
'Start of VBS
Dim args
set args = WScript.Arguments
If args.count < 1 Then
      MsgBox "Usage = cscript CreateUser.vbs username password"
      WScript.Quit
End if

CreateUser args.item(0),args.item(1)

Sub CreateUser(strUser,strPwd)
      Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000
      Const ADS_UF_PASSWD_CANT_CHANGE = &H40
      
      Set Computer = Getobject("WinNT://.")
      Set User = computer.create("User",strUser)
      'User.fullname = strFullname
      'User.Description = strDesc
      User.SetPassword(strPwd)
      User.setinfo
      Flags = User.Get("UserFlags")
      User.Put "UserFlags", Flags Or ADS_UF_DONT_EXPIRE_PASSWD Or ADS_UF_PASSWD_CANT_CHANGE
      User.setinfo
      strGroup = "Users"
      
      AddtoGroup strUser, strGroup

End Sub

Sub AddtoGroup(strUser,strGroup)
      Set objWshNet = CreateObject("WScript.Network")
      strComputer = objWshNet.ComputerName
      Set objGroup = GetObject("WinNT://" & strComputer & "/"& strGroup & ",group")
      Set objUser = GetObject("WinNT://" & strComputer & "/"& strUser & ",user")
      objGroup.Add(objUser.ADsPath)
End Sub
'End of VBS
0
 
LVL 4

Author Comment

by:lawson2305
ID: 17170072
dragon-it I'm sorry but security policy prevents me from testing this exe.

I'm sure it works but I can't test it.
0
 
LVL 4

Author Comment

by:lawson2305
ID: 17224954
The command Dragon-it gave me provided half of the answer but not a complete solution.  As I'm not going to try misc. exe's to complete the solution.

For the second answer yes it does what I want just in VB but it is a very good solution and thank you pber.

If anyone can provide a cmd line resolution to the second half of my question it would be nice to know.  I believe ryangorman was onto the answer to this but I could not get it to work for me.

Everyone thank you for your help.
0
 
LVL 10

Expert Comment

by:ryangorman
ID: 17225109
The Windows 2000 resource kit command CUSRMGR [1] does "Password never expires" and "user cannot change password"

Use +s Property, where Property can be any of the following properties:

MustChangePassword
CanNotChangePassword
PasswordNeverExpires
AccountDisabled
AccountLockout
RASUser

[1] http://www.jsifaq.com/sube/tip2400/rh2445.htm
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This video discusses moving either the default database or any database to a new volume.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now