Solved

workgroup server local users administration.

Posted on 2015-02-15
6
104 Views
Last Modified: 2015-04-04
I have a Window 2003 terminal server in the WORKGROUP.  I need to write two scripts to include the net user command to do two things:

1.  Script one - Make all active users to change password when they login next time.
2.  script two - Disable all Active users.

Can someone please advice the parameter of the net user command?

Many thanks.
0
Comment
Question by:nav2567
6 Comments
 

Author Comment

by:nav2567
ID: 40611505
I think these are the commands I need.  Can someone clarify?

net user jsmith /active:no
net user jsmith /passwordchg:yes

Thanks.
0
 
LVL 37

Accepted Solution

by:
Bing CISM / CISSP earned 500 total points
ID: 40611518
1. correct.

2. incorrect. the command just specifies whether users can (talking about the ability) change their own password, doesn't mean they have to changed the passoword at when sign on the next time.
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 40611525
FYI

dsquery user | dsmod user -mustchpwd yes

This command force all the users must change their passwords on next logon, CAUTION its include Domain Administrator also. You can also use "ou" for a group of users instead of "user"

excerpted from http://community.spiceworks.com/topic/336109-need-to-force-all-users-to-change-password-at-next-logon
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 34

Expert Comment

by:Seth Simmons
ID: 40611528
dsquery does not work in a workgroup
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 40611558
@seth thanks for reminding this. you are right. i forgot this condition.

anyway, for local users i think we still need to stick on the NET USER command. i guess if we could first remove the password then force to need a password, all by running NET USER command? i can't test it myself at the moment but it's worth trying.

FYI - NET USER
https://technet.microsoft.com/en-us/library/cc771865.aspx
0
 
LVL 23

Expert Comment

by:NVIT
ID: 40611660
These 2 batch files are similar. The main difference is the line to deactivate the user account via NET USER.

Notes:
 - Copy the code below and save to a .bat file of your choice.
 - As a safety, this version uses ECHO net user and ECHO cscript for testing (visual) purposes. When you are satisfied that it looks like it will work, remove the ECHO in front of net user and cscript. Then save the .bat file. Then run it live.

Batch file 1: To deactivate all local station user accounts
@echo off
REM A batch file to deactivate user account on local station

set FNClients=%temp%\Clients.txt
if exist "%FNClients%" del "%FNClients%"

echo %computername%>"%FNClients%"
set SkipCtClients=0
set SkipCtUsers=4

set FNResults=%temp%\InactvAccts.txt
set FNUsers=%temp%\LocUsrs.txt
set FNChgPW=%temp%\ChgPwAtLogon.vbs
for %%a in ("%FNResults%" "%FNUsers%" "%FNChgPW%") do if exist %%a del %%a

if %SkipCtClients% gtr 0 (
  for /f "skip=%SkipCtClients%" %%a in (%FNClients%) do (call :DoIt %%a)
) else (
  for /f %%a in (%FNClients%) do (call :DoIt %%a)
)
del /q "%FNClients%" "%FNUsers%"
echo.
echo See "%FNResults%"
goto :EOF

:DoIt
net users >>"%FNUsers%"

for /f "skip=%SkipCtUsers% tokens=1-3" %%a in (%FNUsers%) do (call :ProcessUsers %%a %%b %%c)
goto :EOF

:ProcessUsers
for %%d in (%1 %2 %3) do (
  if %%d equ The goto :eof
  if /i %%d neq administrator (
    echo %date% %time% Processing user %%d >>"%FNResults%"
    
    REM Deactivate user account
    REM *** Remove below ECHO to activate the line.
    ECHO net user %%d /active:no>>"%FNResults%"
  )
)
goto :EOF

Open in new window


Batch file 2: To force all local station users to change password at next logon.
Notes:
- This second batch file makes a .vbs file and runs it.
- I have not tested whether it works. Before running this batch live, I would run the resultant .vbs file against a test user, just to confirm it works.
- The code is from http://www.activexperts.com/activmonitor/windowsmanagement/adminscripts/usersgroups/localusers/
- As an alternative to the .vbs... if you have the cusrmgr command line utility, which is available from the Windows 2000 Resource Kit, you can use that with one line of code: cusrmgr -u %%d +s MustChangePassword>>"%FNResults%"

@echo off
REM A batch file to force user to change password at next logon.

set FNClients=%temp%\Clients.txt
if exist "%FNClients%" del "%FNClients%"

echo %computername%>"%FNClients%"
set SkipCtClients=0
set SkipCtUsers=4

set FNResults=%temp%\InactvAccts.txt
set FNUsers=%temp%\LocUsrs.txt
set FNChgPW=%temp%\ChgPwAtLogon.vbs
for %%a in ("%FNResults%" "%FNUsers%" "%FNChgPW%") do if exist %%a del %%a

if %SkipCtClients% gtr 0 (
  for /f "skip=%SkipCtClients%" %%a in (%FNClients%) do (call :DoIt %%a)
) else (
  for /f %%a in (%FNClients%) do (call :DoIt %%a)
)
del /q "%FNClients%" "%FNUsers%"
echo.
echo See "%FNResults%"
goto :EOF

:DoIt
net users >>"%FNUsers%"

for /f "skip=%SkipCtUsers% tokens=1-3" %%a in (%FNUsers%) do (call :ProcessUsers %%a %%b %%c)
goto :EOF

:ProcessUsers
for %%d in (%1 %2 %3) do (
  if %%d equ The goto :eof
  if /i %%d neq administrator (
    echo %date% %time% Processing user %%d >>"%FNResults%"
    
    REM Make vbs file to set user's change password property at next logon.
    echo strComputer = "Computer01">"%FNChgPW%"
    echo set objUser = GetObject("WinNT://" ^& strComputer ^& "%%d"^)>>"%FNChgPW%"
    echo objUser.Put "pwdLastSet", 0>>"%FNChgPW%"
    echo objUser.SetInfo>>"%FNChgPW%"
    
    REM Run vbs file
    REM *** Remove below ECHO to activate the line.
    ECHO cscript.exe //nologo "%FNChgPW%"
  )
)
goto :EOF

Open in new window

0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now