Solved

workgroup server local users administration.

Posted on 2015-02-15
6
111 Views
Last Modified: 2015-04-04
I have a Window 2003 terminal server in the WORKGROUP.  I need to write two scripts to include the net user command to do two things:

1.  Script one - Make all active users to change password when they login next time.
2.  script two - Disable all Active users.

Can someone please advice the parameter of the net user command?

Many thanks.
0
Comment
Question by:nav2567
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 

Author Comment

by:nav2567
ID: 40611505
I think these are the commands I need.  Can someone clarify?

net user jsmith /active:no
net user jsmith /passwordchg:yes

Thanks.
0
 
LVL 37

Accepted Solution

by:
bbao earned 500 total points
ID: 40611518
1. correct.

2. incorrect. the command just specifies whether users can (talking about the ability) change their own password, doesn't mean they have to changed the passoword at when sign on the next time.
0
 
LVL 37

Expert Comment

by:bbao
ID: 40611525
FYI

dsquery user | dsmod user -mustchpwd yes

This command force all the users must change their passwords on next logon, CAUTION its include Domain Administrator also. You can also use "ou" for a group of users instead of "user"

excerpted from http://community.spiceworks.com/topic/336109-need-to-force-all-users-to-change-password-at-next-logon
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 35

Expert Comment

by:Seth Simmons
ID: 40611528
dsquery does not work in a workgroup
0
 
LVL 37

Expert Comment

by:bbao
ID: 40611558
@seth thanks for reminding this. you are right. i forgot this condition.

anyway, for local users i think we still need to stick on the NET USER command. i guess if we could first remove the password then force to need a password, all by running NET USER command? i can't test it myself at the moment but it's worth trying.

FYI - NET USER
https://technet.microsoft.com/en-us/library/cc771865.aspx
0
 
LVL 25

Expert Comment

by:NVIT
ID: 40611660
These 2 batch files are similar. The main difference is the line to deactivate the user account via NET USER.

Notes:
 - Copy the code below and save to a .bat file of your choice.
 - As a safety, this version uses ECHO net user and ECHO cscript for testing (visual) purposes. When you are satisfied that it looks like it will work, remove the ECHO in front of net user and cscript. Then save the .bat file. Then run it live.

Batch file 1: To deactivate all local station user accounts
@echo off
REM A batch file to deactivate user account on local station

set FNClients=%temp%\Clients.txt
if exist "%FNClients%" del "%FNClients%"

echo %computername%>"%FNClients%"
set SkipCtClients=0
set SkipCtUsers=4

set FNResults=%temp%\InactvAccts.txt
set FNUsers=%temp%\LocUsrs.txt
set FNChgPW=%temp%\ChgPwAtLogon.vbs
for %%a in ("%FNResults%" "%FNUsers%" "%FNChgPW%") do if exist %%a del %%a

if %SkipCtClients% gtr 0 (
  for /f "skip=%SkipCtClients%" %%a in (%FNClients%) do (call :DoIt %%a)
) else (
  for /f %%a in (%FNClients%) do (call :DoIt %%a)
)
del /q "%FNClients%" "%FNUsers%"
echo.
echo See "%FNResults%"
goto :EOF

:DoIt
net users >>"%FNUsers%"

for /f "skip=%SkipCtUsers% tokens=1-3" %%a in (%FNUsers%) do (call :ProcessUsers %%a %%b %%c)
goto :EOF

:ProcessUsers
for %%d in (%1 %2 %3) do (
  if %%d equ The goto :eof
  if /i %%d neq administrator (
    echo %date% %time% Processing user %%d >>"%FNResults%"
    
    REM Deactivate user account
    REM *** Remove below ECHO to activate the line.
    ECHO net user %%d /active:no>>"%FNResults%"
  )
)
goto :EOF

Open in new window


Batch file 2: To force all local station users to change password at next logon.
Notes:
- This second batch file makes a .vbs file and runs it.
- I have not tested whether it works. Before running this batch live, I would run the resultant .vbs file against a test user, just to confirm it works.
- The code is from http://www.activexperts.com/activmonitor/windowsmanagement/adminscripts/usersgroups/localusers/
- As an alternative to the .vbs... if you have the cusrmgr command line utility, which is available from the Windows 2000 Resource Kit, you can use that with one line of code: cusrmgr -u %%d +s MustChangePassword>>"%FNResults%"

@echo off
REM A batch file to force user to change password at next logon.

set FNClients=%temp%\Clients.txt
if exist "%FNClients%" del "%FNClients%"

echo %computername%>"%FNClients%"
set SkipCtClients=0
set SkipCtUsers=4

set FNResults=%temp%\InactvAccts.txt
set FNUsers=%temp%\LocUsrs.txt
set FNChgPW=%temp%\ChgPwAtLogon.vbs
for %%a in ("%FNResults%" "%FNUsers%" "%FNChgPW%") do if exist %%a del %%a

if %SkipCtClients% gtr 0 (
  for /f "skip=%SkipCtClients%" %%a in (%FNClients%) do (call :DoIt %%a)
) else (
  for /f %%a in (%FNClients%) do (call :DoIt %%a)
)
del /q "%FNClients%" "%FNUsers%"
echo.
echo See "%FNResults%"
goto :EOF

:DoIt
net users >>"%FNUsers%"

for /f "skip=%SkipCtUsers% tokens=1-3" %%a in (%FNUsers%) do (call :ProcessUsers %%a %%b %%c)
goto :EOF

:ProcessUsers
for %%d in (%1 %2 %3) do (
  if %%d equ The goto :eof
  if /i %%d neq administrator (
    echo %date% %time% Processing user %%d >>"%FNResults%"
    
    REM Make vbs file to set user's change password property at next logon.
    echo strComputer = "Computer01">"%FNChgPW%"
    echo set objUser = GetObject("WinNT://" ^& strComputer ^& "%%d"^)>>"%FNChgPW%"
    echo objUser.Put "pwdLastSet", 0>>"%FNChgPW%"
    echo objUser.SetInfo>>"%FNChgPW%"
    
    REM Run vbs file
    REM *** Remove below ECHO to activate the line.
    ECHO cscript.exe //nologo "%FNChgPW%"
  )
)
goto :EOF

Open in new window

0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Suggested Courses

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question