?
Solved

scripting adding local user with options

Posted on 2006-07-21
14
Medium Priority
?
779 Views
Last Modified: 2008-01-09
I know how to add a user:
net user username password /add

but I need to know how to add the two options:
"Password never expires" and "user cannot change password"
This is something I want to deploy on the local machine remotely using Altiris deployment tools.  I can currently add users but can't find options for the other two items.

These are xp sp2 machines.
0
Comment
Question by:lawson2305
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 3
  • +1
14 Comments
 
LVL 43

Assisted Solution

by:Steve Knight
Steve Knight earned 800 total points
ID: 17156893
I think you want these options:

/expires:<date or never> The expiry date of the account. Date format is mm,dd,yy or dd,mm,yy which is determined by the country code
/passwordchg:[yes or no] Used to specify if the user can modify the password
/passwordreq:[yes or no] Used to determine if the account needs a password

i.e. /expires:never /passwordchg:no

Here is a link to all the net.exe command options:

http://www.windowsitpro.com/Article/ArticleID/14478/14478.html

hth

Steve
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17156943
Actually looks like the /expire option doesn't do the password unfortunately thoug the passwordchg bit works... just tried it.

http://www.codecomments.com/archive300-2004-6-205811.html

gives another util that does do it though and pretty sure it could be done through cusrmgr.exe from the resource kits, but haven't used that since NT4 days...
0
 
LVL 4

Author Comment

by:lawson2305
ID: 17156987
/passwordchg:no works and takes care of "user cannot change password"

but /expires sets so the account doesn't have an expiration date.  I need to set the "password never expires".

First thank you half of the answer
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 26

Expert Comment

by:Pber
ID: 17156996
Try this vbs script...

So in your Altiris batch you can do a
cscript createuser.vbs user1 password
cscript createuser.vbs user2 password
...

Dim args
set args = WScript.Arguments
If args.count < 1 Then
      MsgBox "Usage = cscript CreateUser.vbs username password"
      WScript.Quit
End if

CreateUser args.item(0),args.item(1)

Sub CreateUser(strUser,strPwd)
      Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000
      Const ADS_UF_PASSWD_CANT_CHANGE = &H40
      
      Set Computer = Getobject("WinNT://.")
      Set User = computer.create("User",strUser)
      'User.fullname = strFullname
      'User.Description = strDesc
      User.SetPassword(strPwd)
      User.setinfo
      Flags = User.Get("UserFlags")
      User.Put "UserFlags", Flags Or ADS_UF_DONT_EXPIRE_PASSWD Or ADS_UF_PASSWD_CANT_CHANGE
      User.setinfo
End sub
0
 
LVL 4

Author Comment

by:lawson2305
ID: 17167530
OK so do I have no choice but to use the script?  I'm not a vbs script expert or really a novice so I need a bit more info on what this does.

I was hoping it could have been done through command line argument but I guess not.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17167574
The second link I added above gives a link within there to an EXE which will do it for you but VBS is reasonably easy -- not my language of choice as I don't deal with very often to write new stuff but easy enough to adjust someone elses code....

Steve
0
 
LVL 26

Expert Comment

by:Pber
ID: 17167659
The script will create the user just like the Net User username password /all does, but sets the two attributes you wanted.
Just save the text below the "Start of VBS file" into notepad and save it as NewUser.vbs (change to 8.3 for compatibility incase you use Altiris DOS scripting).

Save the newuser.vbs file in the same location as your batch that performs the net user /add function.  In that same batch file, just replace:
   net user username password /add
with
   cscript newuser.vbs username password



'Start of VBS file
Dim args
'Gets command line arguments
set args = WScript.Arguments
'displays usage if no command line arguments are specified.
If args.count < 1 Then
     MsgBox "Usage = cscript NewUser.vbs username password"
     WScript.Quit
End if

CreateUser args.item(0),args.item(1)

Sub CreateUser(strUser,strPwd)
     Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000   'password never expires
     Const ADS_UF_PASSWD_CANT_CHANGE = &H40       'user cannot change password
     
     Set Computer = Getobject("WinNT://.")
     Set User = computer.create("User",strUser)
     'User.fullname = strFullname
     'User.Description = strDesc
     User.SetPassword(strPwd)
     'create user
     User.setinfo
     'get user flags
     Flags = User.Get("UserFlags")
    'add our masks to the flags
     User.Put "UserFlags", Flags Or ADS_UF_DONT_EXPIRE_PASSWD Or ADS_UF_PASSWD_CANT_CHANGE
     'Set user flags
     User.setinfo
End sub
'End of VBS file
0
 
LVL 10

Expert Comment

by:ryangorman
ID: 17169004
Try DSQuery User -SAMid <username> | DSMOD USER -pwdneverexpires yes
0
 
LVL 4

Author Comment

by:lawson2305
ID: 17169183
Pber yours works but when using this method it doesn't add the user to any local groups like USERS.

ryangorman I could not get this to work.
I put in the username I created using
net user testuser pass /add

so I tried this:
DSQuery User -SAMid testuser | DSMOD USER -pwdneverexpires yes
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17169310
Have you tried this prog. from the link I supplied.  Haven't tred it myself as can't try x86 EXE's on this PDA of course...

A)
Command line:

Tip 570 at for a freeware command line tool (NETUSER.EXE):
http://www.jsiinc.com/reghack.htm

This should do it then:

NETUSER.EXE jeanette /pwnexp:y


0
 
LVL 26

Accepted Solution

by:
Pber earned 1200 total points
ID: 17169366
Try this.  I added a AddToGroup routine.
'Start of VBS
Dim args
set args = WScript.Arguments
If args.count < 1 Then
      MsgBox "Usage = cscript CreateUser.vbs username password"
      WScript.Quit
End if

CreateUser args.item(0),args.item(1)

Sub CreateUser(strUser,strPwd)
      Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000
      Const ADS_UF_PASSWD_CANT_CHANGE = &H40
      
      Set Computer = Getobject("WinNT://.")
      Set User = computer.create("User",strUser)
      'User.fullname = strFullname
      'User.Description = strDesc
      User.SetPassword(strPwd)
      User.setinfo
      Flags = User.Get("UserFlags")
      User.Put "UserFlags", Flags Or ADS_UF_DONT_EXPIRE_PASSWD Or ADS_UF_PASSWD_CANT_CHANGE
      User.setinfo
      strGroup = "Users"
      
      AddtoGroup strUser, strGroup

End Sub

Sub AddtoGroup(strUser,strGroup)
      Set objWshNet = CreateObject("WScript.Network")
      strComputer = objWshNet.ComputerName
      Set objGroup = GetObject("WinNT://" & strComputer & "/"& strGroup & ",group")
      Set objUser = GetObject("WinNT://" & strComputer & "/"& strUser & ",user")
      objGroup.Add(objUser.ADsPath)
End Sub
'End of VBS
0
 
LVL 4

Author Comment

by:lawson2305
ID: 17170072
dragon-it I'm sorry but security policy prevents me from testing this exe.

I'm sure it works but I can't test it.
0
 
LVL 4

Author Comment

by:lawson2305
ID: 17224954
The command Dragon-it gave me provided half of the answer but not a complete solution.  As I'm not going to try misc. exe's to complete the solution.

For the second answer yes it does what I want just in VB but it is a very good solution and thank you pber.

If anyone can provide a cmd line resolution to the second half of my question it would be nice to know.  I believe ryangorman was onto the answer to this but I could not get it to work for me.

Everyone thank you for your help.
0
 
LVL 10

Expert Comment

by:ryangorman
ID: 17225109
The Windows 2000 resource kit command CUSRMGR [1] does "Password never expires" and "user cannot change password"

Use +s Property, where Property can be any of the following properties:

MustChangePassword
CanNotChangePassword
PasswordNeverExpires
AccountDisabled
AccountLockout
RASUser

[1] http://www.jsifaq.com/sube/tip2400/rh2445.htm
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question