lawson2305
asked on
scripting adding local user with options
I know how to add a user:
net user username password /add
but I need to know how to add the two options:
"Password never expires" and "user cannot change password"
This is something I want to deploy on the local machine remotely using Altiris deployment tools. I can currently add users but can't find options for the other two items.
These are xp sp2 machines.
net user username password /add
but I need to know how to add the two options:
"Password never expires" and "user cannot change password"
This is something I want to deploy on the local machine remotely using Altiris deployment tools. I can currently add users but can't find options for the other two items.
These are xp sp2 machines.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
/passwordchg:no works and takes care of "user cannot change password"
but /expires sets so the account doesn't have an expiration date. I need to set the "password never expires".
First thank you half of the answer
but /expires sets so the account doesn't have an expiration date. I need to set the "password never expires".
First thank you half of the answer
Try this vbs script...
So in your Altiris batch you can do a
cscript createuser.vbs user1 password
cscript createuser.vbs user2 password
...
Dim args
set args = WScript.Arguments
If args.count < 1 Then
MsgBox "Usage = cscript CreateUser.vbs username password"
WScript.Quit
End if
CreateUser args.item(0),args.item(1)
Sub CreateUser(strUser,strPwd)
Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000
Const ADS_UF_PASSWD_CANT_CHANGE = &H40
Set Computer = Getobject("WinNT://.")
Set User = computer.create("User",str User)
'User.fullname = strFullname
'User.Description = strDesc
User.SetPassword(strPwd)
User.setinfo
Flags = User.Get("UserFlags")
User.Put "UserFlags", Flags Or ADS_UF_DONT_EXPIRE_PASSWD Or ADS_UF_PASSWD_CANT_CHANGE
User.setinfo
End sub
So in your Altiris batch you can do a
cscript createuser.vbs user1 password
cscript createuser.vbs user2 password
...
Dim args
set args = WScript.Arguments
If args.count < 1 Then
MsgBox "Usage = cscript CreateUser.vbs username password"
WScript.Quit
End if
CreateUser args.item(0),args.item(1)
Sub CreateUser(strUser,strPwd)
Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000
Const ADS_UF_PASSWD_CANT_CHANGE = &H40
Set Computer = Getobject("WinNT://.")
Set User = computer.create("User",str
'User.fullname = strFullname
'User.Description = strDesc
User.SetPassword(strPwd)
User.setinfo
Flags = User.Get("UserFlags")
User.Put "UserFlags", Flags Or ADS_UF_DONT_EXPIRE_PASSWD Or ADS_UF_PASSWD_CANT_CHANGE
User.setinfo
End sub
ASKER
OK so do I have no choice but to use the script? I'm not a vbs script expert or really a novice so I need a bit more info on what this does.
I was hoping it could have been done through command line argument but I guess not.
I was hoping it could have been done through command line argument but I guess not.
The second link I added above gives a link within there to an EXE which will do it for you but VBS is reasonably easy -- not my language of choice as I don't deal with very often to write new stuff but easy enough to adjust someone elses code....
Steve
Steve
The script will create the user just like the Net User username password /all does, but sets the two attributes you wanted.
Just save the text below the "Start of VBS file" into notepad and save it as NewUser.vbs (change to 8.3 for compatibility incase you use Altiris DOS scripting).
Save the newuser.vbs file in the same location as your batch that performs the net user /add function. In that same batch file, just replace:
net user username password /add
with
cscript newuser.vbs username password
'Start of VBS file
Dim args
'Gets command line arguments
set args = WScript.Arguments
'displays usage if no command line arguments are specified.
If args.count < 1 Then
MsgBox "Usage = cscript NewUser.vbs username password"
WScript.Quit
End if
CreateUser args.item(0),args.item(1)
Sub CreateUser(strUser,strPwd)
Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000 'password never expires
Const ADS_UF_PASSWD_CANT_CHANGE = &H40 'user cannot change password
Set Computer = Getobject("WinNT://.")
Set User = computer.create("User",str User)
'User.fullname = strFullname
'User.Description = strDesc
User.SetPassword(strPwd)
'create user
User.setinfo
'get user flags
Flags = User.Get("UserFlags")
'add our masks to the flags
User.Put "UserFlags", Flags Or ADS_UF_DONT_EXPIRE_PASSWD Or ADS_UF_PASSWD_CANT_CHANGE
'Set user flags
User.setinfo
End sub
'End of VBS file
Just save the text below the "Start of VBS file" into notepad and save it as NewUser.vbs (change to 8.3 for compatibility incase you use Altiris DOS scripting).
Save the newuser.vbs file in the same location as your batch that performs the net user /add function. In that same batch file, just replace:
net user username password /add
with
cscript newuser.vbs username password
'Start of VBS file
Dim args
'Gets command line arguments
set args = WScript.Arguments
'displays usage if no command line arguments are specified.
If args.count < 1 Then
MsgBox "Usage = cscript NewUser.vbs username password"
WScript.Quit
End if
CreateUser args.item(0),args.item(1)
Sub CreateUser(strUser,strPwd)
Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000 'password never expires
Const ADS_UF_PASSWD_CANT_CHANGE = &H40 'user cannot change password
Set Computer = Getobject("WinNT://.")
Set User = computer.create("User",str
'User.fullname = strFullname
'User.Description = strDesc
User.SetPassword(strPwd)
'create user
User.setinfo
'get user flags
Flags = User.Get("UserFlags")
'add our masks to the flags
User.Put "UserFlags", Flags Or ADS_UF_DONT_EXPIRE_PASSWD Or ADS_UF_PASSWD_CANT_CHANGE
'Set user flags
User.setinfo
End sub
'End of VBS file
Try DSQuery User -SAMid <username> | DSMOD USER -pwdneverexpires yes
ASKER
Pber yours works but when using this method it doesn't add the user to any local groups like USERS.
ryangorman I could not get this to work.
I put in the username I created using
net user testuser pass /add
so I tried this:
DSQuery User -SAMid testuser | DSMOD USER -pwdneverexpires yes
ryangorman I could not get this to work.
I put in the username I created using
net user testuser pass /add
so I tried this:
DSQuery User -SAMid testuser | DSMOD USER -pwdneverexpires yes
Have you tried this prog. from the link I supplied. Haven't tred it myself as can't try x86 EXE's on this PDA of course...
A)
Command line:
Tip 570 at for a freeware command line tool (NETUSER.EXE):
http://www.jsiinc.com/reghack.htm
This should do it then:
NETUSER.EXE jeanette /pwnexp:y
A)
Command line:
Tip 570 at for a freeware command line tool (NETUSER.EXE):
http://www.jsiinc.com/reghack.htm
This should do it then:
NETUSER.EXE jeanette /pwnexp:y
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
dragon-it I'm sorry but security policy prevents me from testing this exe.
I'm sure it works but I can't test it.
I'm sure it works but I can't test it.
ASKER
The command Dragon-it gave me provided half of the answer but not a complete solution. As I'm not going to try misc. exe's to complete the solution.
For the second answer yes it does what I want just in VB but it is a very good solution and thank you pber.
If anyone can provide a cmd line resolution to the second half of my question it would be nice to know. I believe ryangorman was onto the answer to this but I could not get it to work for me.
Everyone thank you for your help.
For the second answer yes it does what I want just in VB but it is a very good solution and thank you pber.
If anyone can provide a cmd line resolution to the second half of my question it would be nice to know. I believe ryangorman was onto the answer to this but I could not get it to work for me.
Everyone thank you for your help.
The Windows 2000 resource kit command CUSRMGR [1] does "Password never expires" and "user cannot change password"
Use +s Property, where Property can be any of the following properties:
MustChangePassword
CanNotChangePassword
PasswordNeverExpires
AccountDisabled
AccountLockout
RASUser
[1] http://www.jsifaq.com/sube/tip2400/rh2445.htm
Use +s Property, where Property can be any of the following properties:
MustChangePassword
CanNotChangePassword
PasswordNeverExpires
AccountDisabled
AccountLockout
RASUser
[1] http://www.jsifaq.com/sube/tip2400/rh2445.htm
http://www.codecomments.com/archive300-2004-6-205811.html
gives another util that does do it though and pretty sure it could be done through cusrmgr.exe from the resource kits, but haven't used that since NT4 days...