JakeBanzai
asked on
Enable Disabled LOCAL accounts with Powershell
I need to enable a special local account on about 2000 PCs that were locked out during a security scan. I also would like to remove the "User Must Change Password At Next Logon" field. I've tried the following -
Get-WmiObject Win32_UserAccount -computername (Get-Content C:\ps\computers.txt) -filter "LocalAccount=True"|where {$_.name -eq "SDC_Admin"|%{$_.disable=$ true;}}
But I receive the following error
Property 'disable' cannot be found on this object; make sure it exists and is settable.
At C:\ps\accounts.ps1:1 char:145
However, enable and disable appears to be the syntax I've found in my research, nevertheless I receive the error.
Any suggestions appreciated.
Jake
Get-WmiObject Win32_UserAccount -computername (Get-Content C:\ps\computers.txt) -filter "LocalAccount=True"|where {$_.name -eq "SDC_Admin"|%{$_.disable=$
But I receive the following error
Property 'disable' cannot be found on this object; make sure it exists and is settable.
At C:\ps\accounts.ps1:1 char:145
However, enable and disable appears to be the syntax I've found in my research, nevertheless I receive the error.
Any suggestions appreciated.
Jake
ASKER
Thanks for the input.
You'll notice I am using a text file to populate the computername: -computername (Get-Content C:\ps\computers.txt). This portion of the script works perfectly scrolling the following in ISE:
AccountType : 512
Caption : PC8874F-139670\SDC_Admin
Domain : PC8874F-139670
SID : XXXXXXXXXXXXXXXXXXXXXX
FullName :
Name : SDC_Admin
I thought I had statically specified the account and basic attributes here:
-filter "LocalAccount=True"|where {$_.name -eq "SDC_Admin"|%{$_.Lockout=$ false;$_.p ut()}}
Thanks again for the help.
You'll notice I am using a text file to populate the computername: -computername (Get-Content C:\ps\computers.txt). This portion of the script works perfectly scrolling the following in ISE:
AccountType : 512
Caption : PC8874F-139670\SDC_Admin
Domain : PC8874F-139670
SID : XXXXXXXXXXXXXXXXXXXXXX
FullName :
Name : SDC_Admin
I thought I had statically specified the account and basic attributes here:
-filter "LocalAccount=True"|where {$_.name -eq "SDC_Admin"|%{$_.Lockout=$
Thanks again for the help.
ASKER
http://blogs.technet.com/b/heyscriptingguy/archive/2010/11/22/use-powershell-to-enable-or-disable-a-local-user-account.aspx
This is link helpful, but the last thing I want to do on all these computers is reset the password. Simply want to renable them and ensure the "User Must Change Password at Next Logon" option is UNCHECKED.
This is link helpful, but the last thing I want to do on all these computers is reset the password. Simply want to renable them and ensure the "User Must Change Password at Next Logon" option is UNCHECKED.
Does this work?
Get-WmiObject Win32_UserAccount -computername (Get-Content C:\ps\computers.txt) -filter "LocalAccount=True"|?{$_.n ame -eq "SDC_Admin"} |%{$_.disabled=$false;$_.p ut()}
Get-WmiObject Win32_UserAccount -computername (Get-Content C:\ps\computers.txt) -filter "LocalAccount=True"|?{$_.n
Does this work?
Get-WmiObject Win32_UserAccount -computername (Get-Content C:\ps\computers.txt) -filter "LocalAccount=True"|?{$_.n ame -eq "SDC_Admin"} |%{$_.disabled=$false;$_.p asswordCha ngeable=$t rue;$passw ordrequire d=$true;$_ .put()}
Get-WmiObject Win32_UserAccount -computername (Get-Content C:\ps\computers.txt) -filter "LocalAccount=True"|?{$_.n
ASKER
Marahman3001 - this one must be close, it runs without error - but does not re-enable / unlock the SDC_Admin account.
thanks for the help
thanks for the help
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Marahman3001 - THANK YOU! That unlocked the local account on the PCs I was testing. This will get me some breathing room while I figure out how to clear the "User Must Change Password at Next Logon" option on the account.
Thanks again - I'll look over the code and figure out where I was going wrong!
Jake
Thanks again - I'll look over the code and figure out where I was going wrong!
Jake
My pleasure
Thanks Jake
Mohammed Abdul Raheman
Thanks Jake
Mohammed Abdul Raheman
http://blogs.technet.com/b/heyscriptingguy/archive/2010/11/22/use-powershell-to-enable-or-disable-a-local-user-account.aspx
The most important method on top of all the code required to run it is here:
$ObjUser = [ADSI]"WinNT://$computer/$
When referring to local accounts, your best bet is to use a list of IPs or Computernames in a text file, and pull them into a variable you can use in a foreach.
Then specify statically the account and basic attributes.
Don't use the Win32_UserAccount way.
Good luck!
-DH