scripting adding local user with options

I know how to add a user:
net user username password /add

but I need to know how to add the two options:
"Password never expires" and "user cannot change password"
This is something I want to deploy on the local machine remotely using Altiris deployment tools.  I can currently add users but can't find options for the other two items.

These are xp sp2 machines.
LVL 4
lawson2305Asked:
Who is Participating?
 
PberConnect With a Mentor Solutions ArchitectCommented:
Try this.  I added a AddToGroup routine.
'Start of VBS
Dim args
set args = WScript.Arguments
If args.count < 1 Then
      MsgBox "Usage = cscript CreateUser.vbs username password"
      WScript.Quit
End if

CreateUser args.item(0),args.item(1)

Sub CreateUser(strUser,strPwd)
      Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000
      Const ADS_UF_PASSWD_CANT_CHANGE = &H40
      
      Set Computer = Getobject("WinNT://.")
      Set User = computer.create("User",strUser)
      'User.fullname = strFullname
      'User.Description = strDesc
      User.SetPassword(strPwd)
      User.setinfo
      Flags = User.Get("UserFlags")
      User.Put "UserFlags", Flags Or ADS_UF_DONT_EXPIRE_PASSWD Or ADS_UF_PASSWD_CANT_CHANGE
      User.setinfo
      strGroup = "Users"
      
      AddtoGroup strUser, strGroup

End Sub

Sub AddtoGroup(strUser,strGroup)
      Set objWshNet = CreateObject("WScript.Network")
      strComputer = objWshNet.ComputerName
      Set objGroup = GetObject("WinNT://" & strComputer & "/"& strGroup & ",group")
      Set objUser = GetObject("WinNT://" & strComputer & "/"& strUser & ",user")
      objGroup.Add(objUser.ADsPath)
End Sub
'End of VBS
0
 
Steve KnightConnect With a Mentor IT ConsultancyCommented:
I think you want these options:

/expires:<date or never> The expiry date of the account. Date format is mm,dd,yy or dd,mm,yy which is determined by the country code
/passwordchg:[yes or no] Used to specify if the user can modify the password
/passwordreq:[yes or no] Used to determine if the account needs a password

i.e. /expires:never /passwordchg:no

Here is a link to all the net.exe command options:

http://www.windowsitpro.com/Article/ArticleID/14478/14478.html

hth

Steve
0
 
Steve KnightIT ConsultancyCommented:
Actually looks like the /expire option doesn't do the password unfortunately thoug the passwordchg bit works... just tried it.

http://www.codecomments.com/archive300-2004-6-205811.html

gives another util that does do it though and pretty sure it could be done through cusrmgr.exe from the resource kits, but haven't used that since NT4 days...
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
lawson2305Author Commented:
/passwordchg:no works and takes care of "user cannot change password"

but /expires sets so the account doesn't have an expiration date.  I need to set the "password never expires".

First thank you half of the answer
0
 
PberSolutions ArchitectCommented:
Try this vbs script...

So in your Altiris batch you can do a
cscript createuser.vbs user1 password
cscript createuser.vbs user2 password
...

Dim args
set args = WScript.Arguments
If args.count < 1 Then
      MsgBox "Usage = cscript CreateUser.vbs username password"
      WScript.Quit
End if

CreateUser args.item(0),args.item(1)

Sub CreateUser(strUser,strPwd)
      Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000
      Const ADS_UF_PASSWD_CANT_CHANGE = &H40
      
      Set Computer = Getobject("WinNT://.")
      Set User = computer.create("User",strUser)
      'User.fullname = strFullname
      'User.Description = strDesc
      User.SetPassword(strPwd)
      User.setinfo
      Flags = User.Get("UserFlags")
      User.Put "UserFlags", Flags Or ADS_UF_DONT_EXPIRE_PASSWD Or ADS_UF_PASSWD_CANT_CHANGE
      User.setinfo
End sub
0
 
lawson2305Author Commented:
OK so do I have no choice but to use the script?  I'm not a vbs script expert or really a novice so I need a bit more info on what this does.

I was hoping it could have been done through command line argument but I guess not.
0
 
Steve KnightIT ConsultancyCommented:
The second link I added above gives a link within there to an EXE which will do it for you but VBS is reasonably easy -- not my language of choice as I don't deal with very often to write new stuff but easy enough to adjust someone elses code....

Steve
0
 
PberSolutions ArchitectCommented:
The script will create the user just like the Net User username password /all does, but sets the two attributes you wanted.
Just save the text below the "Start of VBS file" into notepad and save it as NewUser.vbs (change to 8.3 for compatibility incase you use Altiris DOS scripting).

Save the newuser.vbs file in the same location as your batch that performs the net user /add function.  In that same batch file, just replace:
   net user username password /add
with
   cscript newuser.vbs username password



'Start of VBS file
Dim args
'Gets command line arguments
set args = WScript.Arguments
'displays usage if no command line arguments are specified.
If args.count < 1 Then
     MsgBox "Usage = cscript NewUser.vbs username password"
     WScript.Quit
End if

CreateUser args.item(0),args.item(1)

Sub CreateUser(strUser,strPwd)
     Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000   'password never expires
     Const ADS_UF_PASSWD_CANT_CHANGE = &H40       'user cannot change password
     
     Set Computer = Getobject("WinNT://.")
     Set User = computer.create("User",strUser)
     'User.fullname = strFullname
     'User.Description = strDesc
     User.SetPassword(strPwd)
     'create user
     User.setinfo
     'get user flags
     Flags = User.Get("UserFlags")
    'add our masks to the flags
     User.Put "UserFlags", Flags Or ADS_UF_DONT_EXPIRE_PASSWD Or ADS_UF_PASSWD_CANT_CHANGE
     'Set user flags
     User.setinfo
End sub
'End of VBS file
0
 
ryangormanCommented:
Try DSQuery User -SAMid <username> | DSMOD USER -pwdneverexpires yes
0
 
lawson2305Author Commented:
Pber yours works but when using this method it doesn't add the user to any local groups like USERS.

ryangorman I could not get this to work.
I put in the username I created using
net user testuser pass /add

so I tried this:
DSQuery User -SAMid testuser | DSMOD USER -pwdneverexpires yes
0
 
Steve KnightIT ConsultancyCommented:
Have you tried this prog. from the link I supplied.  Haven't tred it myself as can't try x86 EXE's on this PDA of course...

A)
Command line:

Tip 570 at for a freeware command line tool (NETUSER.EXE):
http://www.jsiinc.com/reghack.htm

This should do it then:

NETUSER.EXE jeanette /pwnexp:y


0
 
lawson2305Author Commented:
dragon-it I'm sorry but security policy prevents me from testing this exe.

I'm sure it works but I can't test it.
0
 
lawson2305Author Commented:
The command Dragon-it gave me provided half of the answer but not a complete solution.  As I'm not going to try misc. exe's to complete the solution.

For the second answer yes it does what I want just in VB but it is a very good solution and thank you pber.

If anyone can provide a cmd line resolution to the second half of my question it would be nice to know.  I believe ryangorman was onto the answer to this but I could not get it to work for me.

Everyone thank you for your help.
0
 
ryangormanCommented:
The Windows 2000 resource kit command CUSRMGR [1] does "Password never expires" and "user cannot change password"

Use +s Property, where Property can be any of the following properties:

MustChangePassword
CanNotChangePassword
PasswordNeverExpires
AccountDisabled
AccountLockout
RASUser

[1] http://www.jsifaq.com/sube/tip2400/rh2445.htm
0
All Courses

From novice to tech pro — start learning today.