asked on

Enable Disabled LOCAL accounts with Powershell

I need to enable a special local account on about 2000 PCs that were locked out during a security scan. I also would like to remove the "User Must Change Password At Next Logon" field. I've tried the following -

Get-WmiObject Win32_UserAccount -computername (Get-Content C:\ps\computers.txt) -filter "LocalAccount=True"|where {$_.name -eq "SDC_Admin"|%{$_.disable=$true;}}

But I receive the following error

Property 'disable' cannot be found on this object; make sure it exists and is settable.
At C:\ps\accounts.ps1:1 char:145

However, enable and disable appears to be the syntax I've found in my research, nevertheless I receive the error.

Any suggestions appreciated.

Jake

Dale Harris

All the nuts and bolts you're going to need are here:
http://blogs.technet.com/b/heyscriptingguy/archive/2010/11/22/use-powershell-to-enable-or-disable-a-local-user-account.aspx

The most important method on top of all the code required to run it is here:
$ObjUser = [ADSI]"WinNT://$computer/$user"

When referring to local accounts, your best bet is to use a list of IPs or Computernames in a text file, and pull them into a variable you can use in a foreach.

Then specify statically the account and basic attributes.

Don't use the Win32_UserAccount way.

Good luck!

-DH

JakeBanzai

ASKER

Thanks for the input.

You'll notice I am using a text file to populate the computername: -computername (Get-Content C:\ps\computers.txt). This portion of the script works perfectly scrolling the following in ISE:

AccountType : 512
Caption : PC8874F-139670\SDC_Admin
Domain : PC8874F-139670
SID : XXXXXXXXXXXXXXXXXXXXXX
FullName :
Name : SDC_Admin

I thought I had statically specified the account and basic attributes here:

-filter "LocalAccount=True"|where {$_.name -eq "SDC_Admin"|%{$_.Lockout=$false;$_.put()}}

Thanks again for the help.

JakeBanzai

ASKER

http://blogs.technet.com/b/heyscriptingguy/archive/2010/11/22/use-powershell-to-enable-or-disable-a-local-user-account.aspx

This is link helpful, but the last thing I want to do on all these computers is reset the password. Simply want to renable them and ensure the "User Must Change Password at Next Logon" option is UNCHECKED.

Dale Harris

Does this work?

Get-WmiObject Win32_UserAccount -computername (Get-Content C:\ps\computers.txt) -filter "LocalAccount=True"|?{$_.name -eq "SDC_Admin"} |%{$_.disabled=$false;$_.put()}

Raheman M. Abdul

Does this work?

Get-WmiObject Win32_UserAccount -computername (Get-Content C:\ps\computers.txt) -filter "LocalAccount=True"|?{$_.name -eq "SDC_Admin"} |%{$_.disabled=$false;$_.passwordChangeable=$true;$passwordrequired=$true;$_.put()}

JakeBanzai

ASKER

Marahman3001 - this one must be close, it runs without error - but does not re-enable / unlock the SDC_Admin account.

thanks for the help

ASKER CERTIFIED SOLUTION

Raheman M. Abdul

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

JakeBanzai

ASKER

Marahman3001 - THANK YOU! That unlocked the local account on the PCs I was testing. This will get me some breathing room while I figure out how to clear the "User Must Change Password at Next Logon" option on the account.

Thanks again - I'll look over the code and figure out where I was going wrong!

Jake

Raheman M. Abdul

My pleasure
Thanks Jake
Mohammed Abdul Raheman