Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

workgroup server local users administration.

Posted on 2015-02-15
6
Medium Priority
?
116 Views
Last Modified: 2015-04-04
I have a Window 2003 terminal server in the WORKGROUP.  I need to write two scripts to include the net user command to do two things:

1.  Script one - Make all active users to change password when they login next time.
2.  script two - Disable all Active users.

Can someone please advice the parameter of the net user command?

Many thanks.
0
Comment
Question by:nav2567
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 

Author Comment

by:nav2567
ID: 40611505
I think these are the commands I need.  Can someone clarify?

net user jsmith /active:no
net user jsmith /passwordchg:yes

Thanks.
0
 
LVL 37

Accepted Solution

by:
bbao earned 2000 total points
ID: 40611518
1. correct.

2. incorrect. the command just specifies whether users can (talking about the ability) change their own password, doesn't mean they have to changed the passoword at when sign on the next time.
0
 
LVL 37

Expert Comment

by:bbao
ID: 40611525
FYI

dsquery user | dsmod user -mustchpwd yes

This command force all the users must change their passwords on next logon, CAUTION its include Domain Administrator also. You can also use "ou" for a group of users instead of "user"

excerpted from http://community.spiceworks.com/topic/336109-need-to-force-all-users-to-change-password-at-next-logon
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 35

Expert Comment

by:Seth Simmons
ID: 40611528
dsquery does not work in a workgroup
0
 
LVL 37

Expert Comment

by:bbao
ID: 40611558
@seth thanks for reminding this. you are right. i forgot this condition.

anyway, for local users i think we still need to stick on the NET USER command. i guess if we could first remove the password then force to need a password, all by running NET USER command? i can't test it myself at the moment but it's worth trying.

FYI - NET USER
https://technet.microsoft.com/en-us/library/cc771865.aspx
0
 
LVL 25

Expert Comment

by:NVIT
ID: 40611660
These 2 batch files are similar. The main difference is the line to deactivate the user account via NET USER.

Notes:
 - Copy the code below and save to a .bat file of your choice.
 - As a safety, this version uses ECHO net user and ECHO cscript for testing (visual) purposes. When you are satisfied that it looks like it will work, remove the ECHO in front of net user and cscript. Then save the .bat file. Then run it live.

Batch file 1: To deactivate all local station user accounts
@echo off
REM A batch file to deactivate user account on local station

set FNClients=%temp%\Clients.txt
if exist "%FNClients%" del "%FNClients%"

echo %computername%>"%FNClients%"
set SkipCtClients=0
set SkipCtUsers=4

set FNResults=%temp%\InactvAccts.txt
set FNUsers=%temp%\LocUsrs.txt
set FNChgPW=%temp%\ChgPwAtLogon.vbs
for %%a in ("%FNResults%" "%FNUsers%" "%FNChgPW%") do if exist %%a del %%a

if %SkipCtClients% gtr 0 (
  for /f "skip=%SkipCtClients%" %%a in (%FNClients%) do (call :DoIt %%a)
) else (
  for /f %%a in (%FNClients%) do (call :DoIt %%a)
)
del /q "%FNClients%" "%FNUsers%"
echo.
echo See "%FNResults%"
goto :EOF

:DoIt
net users >>"%FNUsers%"

for /f "skip=%SkipCtUsers% tokens=1-3" %%a in (%FNUsers%) do (call :ProcessUsers %%a %%b %%c)
goto :EOF

:ProcessUsers
for %%d in (%1 %2 %3) do (
  if %%d equ The goto :eof
  if /i %%d neq administrator (
    echo %date% %time% Processing user %%d >>"%FNResults%"
    
    REM Deactivate user account
    REM *** Remove below ECHO to activate the line.
    ECHO net user %%d /active:no>>"%FNResults%"
  )
)
goto :EOF

Open in new window


Batch file 2: To force all local station users to change password at next logon.
Notes:
- This second batch file makes a .vbs file and runs it.
- I have not tested whether it works. Before running this batch live, I would run the resultant .vbs file against a test user, just to confirm it works.
- The code is from http://www.activexperts.com/activmonitor/windowsmanagement/adminscripts/usersgroups/localusers/
- As an alternative to the .vbs... if you have the cusrmgr command line utility, which is available from the Windows 2000 Resource Kit, you can use that with one line of code: cusrmgr -u %%d +s MustChangePassword>>"%FNResults%"

@echo off
REM A batch file to force user to change password at next logon.

set FNClients=%temp%\Clients.txt
if exist "%FNClients%" del "%FNClients%"

echo %computername%>"%FNClients%"
set SkipCtClients=0
set SkipCtUsers=4

set FNResults=%temp%\InactvAccts.txt
set FNUsers=%temp%\LocUsrs.txt
set FNChgPW=%temp%\ChgPwAtLogon.vbs
for %%a in ("%FNResults%" "%FNUsers%" "%FNChgPW%") do if exist %%a del %%a

if %SkipCtClients% gtr 0 (
  for /f "skip=%SkipCtClients%" %%a in (%FNClients%) do (call :DoIt %%a)
) else (
  for /f %%a in (%FNClients%) do (call :DoIt %%a)
)
del /q "%FNClients%" "%FNUsers%"
echo.
echo See "%FNResults%"
goto :EOF

:DoIt
net users >>"%FNUsers%"

for /f "skip=%SkipCtUsers% tokens=1-3" %%a in (%FNUsers%) do (call :ProcessUsers %%a %%b %%c)
goto :EOF

:ProcessUsers
for %%d in (%1 %2 %3) do (
  if %%d equ The goto :eof
  if /i %%d neq administrator (
    echo %date% %time% Processing user %%d >>"%FNResults%"
    
    REM Make vbs file to set user's change password property at next logon.
    echo strComputer = "Computer01">"%FNChgPW%"
    echo set objUser = GetObject("WinNT://" ^& strComputer ^& "%%d"^)>>"%FNChgPW%"
    echo objUser.Put "pwdLastSet", 0>>"%FNChgPW%"
    echo objUser.SetInfo>>"%FNChgPW%"
    
    REM Run vbs file
    REM *** Remove below ECHO to activate the line.
    ECHO cscript.exe //nologo "%FNChgPW%"
  )
)
goto :EOF

Open in new window

0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question