Solved

workgroup server local users administration.

Posted on 2015-02-15
6
105 Views
Last Modified: 2015-04-04
I have a Window 2003 terminal server in the WORKGROUP.  I need to write two scripts to include the net user command to do two things:

1.  Script one - Make all active users to change password when they login next time.
2.  script two - Disable all Active users.

Can someone please advice the parameter of the net user command?

Many thanks.
0
Comment
Question by:nav2567
6 Comments
 

Author Comment

by:nav2567
ID: 40611505
I think these are the commands I need.  Can someone clarify?

net user jsmith /active:no
net user jsmith /passwordchg:yes

Thanks.
0
 
LVL 37

Accepted Solution

by:
bbao earned 500 total points
ID: 40611518
1. correct.

2. incorrect. the command just specifies whether users can (talking about the ability) change their own password, doesn't mean they have to changed the passoword at when sign on the next time.
0
 
LVL 37

Expert Comment

by:bbao
ID: 40611525
FYI

dsquery user | dsmod user -mustchpwd yes

This command force all the users must change their passwords on next logon, CAUTION its include Domain Administrator also. You can also use "ou" for a group of users instead of "user"

excerpted from http://community.spiceworks.com/topic/336109-need-to-force-all-users-to-change-password-at-next-logon
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 34

Expert Comment

by:Seth Simmons
ID: 40611528
dsquery does not work in a workgroup
0
 
LVL 37

Expert Comment

by:bbao
ID: 40611558
@seth thanks for reminding this. you are right. i forgot this condition.

anyway, for local users i think we still need to stick on the NET USER command. i guess if we could first remove the password then force to need a password, all by running NET USER command? i can't test it myself at the moment but it's worth trying.

FYI - NET USER
https://technet.microsoft.com/en-us/library/cc771865.aspx
0
 
LVL 24

Expert Comment

by:NVIT
ID: 40611660
These 2 batch files are similar. The main difference is the line to deactivate the user account via NET USER.

Notes:
 - Copy the code below and save to a .bat file of your choice.
 - As a safety, this version uses ECHO net user and ECHO cscript for testing (visual) purposes. When you are satisfied that it looks like it will work, remove the ECHO in front of net user and cscript. Then save the .bat file. Then run it live.

Batch file 1: To deactivate all local station user accounts
@echo off
REM A batch file to deactivate user account on local station

set FNClients=%temp%\Clients.txt
if exist "%FNClients%" del "%FNClients%"

echo %computername%>"%FNClients%"
set SkipCtClients=0
set SkipCtUsers=4

set FNResults=%temp%\InactvAccts.txt
set FNUsers=%temp%\LocUsrs.txt
set FNChgPW=%temp%\ChgPwAtLogon.vbs
for %%a in ("%FNResults%" "%FNUsers%" "%FNChgPW%") do if exist %%a del %%a

if %SkipCtClients% gtr 0 (
  for /f "skip=%SkipCtClients%" %%a in (%FNClients%) do (call :DoIt %%a)
) else (
  for /f %%a in (%FNClients%) do (call :DoIt %%a)
)
del /q "%FNClients%" "%FNUsers%"
echo.
echo See "%FNResults%"
goto :EOF

:DoIt
net users >>"%FNUsers%"

for /f "skip=%SkipCtUsers% tokens=1-3" %%a in (%FNUsers%) do (call :ProcessUsers %%a %%b %%c)
goto :EOF

:ProcessUsers
for %%d in (%1 %2 %3) do (
  if %%d equ The goto :eof
  if /i %%d neq administrator (
    echo %date% %time% Processing user %%d >>"%FNResults%"
    
    REM Deactivate user account
    REM *** Remove below ECHO to activate the line.
    ECHO net user %%d /active:no>>"%FNResults%"
  )
)
goto :EOF

Open in new window


Batch file 2: To force all local station users to change password at next logon.
Notes:
- This second batch file makes a .vbs file and runs it.
- I have not tested whether it works. Before running this batch live, I would run the resultant .vbs file against a test user, just to confirm it works.
- The code is from http://www.activexperts.com/activmonitor/windowsmanagement/adminscripts/usersgroups/localusers/
- As an alternative to the .vbs... if you have the cusrmgr command line utility, which is available from the Windows 2000 Resource Kit, you can use that with one line of code: cusrmgr -u %%d +s MustChangePassword>>"%FNResults%"

@echo off
REM A batch file to force user to change password at next logon.

set FNClients=%temp%\Clients.txt
if exist "%FNClients%" del "%FNClients%"

echo %computername%>"%FNClients%"
set SkipCtClients=0
set SkipCtUsers=4

set FNResults=%temp%\InactvAccts.txt
set FNUsers=%temp%\LocUsrs.txt
set FNChgPW=%temp%\ChgPwAtLogon.vbs
for %%a in ("%FNResults%" "%FNUsers%" "%FNChgPW%") do if exist %%a del %%a

if %SkipCtClients% gtr 0 (
  for /f "skip=%SkipCtClients%" %%a in (%FNClients%) do (call :DoIt %%a)
) else (
  for /f %%a in (%FNClients%) do (call :DoIt %%a)
)
del /q "%FNClients%" "%FNUsers%"
echo.
echo See "%FNResults%"
goto :EOF

:DoIt
net users >>"%FNUsers%"

for /f "skip=%SkipCtUsers% tokens=1-3" %%a in (%FNUsers%) do (call :ProcessUsers %%a %%b %%c)
goto :EOF

:ProcessUsers
for %%d in (%1 %2 %3) do (
  if %%d equ The goto :eof
  if /i %%d neq administrator (
    echo %date% %time% Processing user %%d >>"%FNResults%"
    
    REM Make vbs file to set user's change password property at next logon.
    echo strComputer = "Computer01">"%FNChgPW%"
    echo set objUser = GetObject("WinNT://" ^& strComputer ^& "%%d"^)>>"%FNChgPW%"
    echo objUser.Put "pwdLastSet", 0>>"%FNChgPW%"
    echo objUser.SetInfo>>"%FNChgPW%"
    
    REM Run vbs file
    REM *** Remove below ECHO to activate the line.
    ECHO cscript.exe //nologo "%FNChgPW%"
  )
)
goto :EOF

Open in new window

0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
A procedure for exporting installed hotfix details of remote computers using powershell
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question