Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 117
  • Last Modified:

workgroup server local users administration.

I have a Window 2003 terminal server in the WORKGROUP.  I need to write two scripts to include the net user command to do two things:

1.  Script one - Make all active users to change password when they login next time.
2.  script two - Disable all Active users.

Can someone please advice the parameter of the net user command?

Many thanks.
0
nav2567
Asked:
nav2567
1 Solution
 
nav2567Author Commented:
I think these are the commands I need.  Can someone clarify?

net user jsmith /active:no
net user jsmith /passwordchg:yes

Thanks.
0
 
bbaoIT ConsultantCommented:
1. correct.

2. incorrect. the command just specifies whether users can (talking about the ability) change their own password, doesn't mean they have to changed the passoword at when sign on the next time.
0
 
bbaoIT ConsultantCommented:
FYI

dsquery user | dsmod user -mustchpwd yes

This command force all the users must change their passwords on next logon, CAUTION its include Domain Administrator also. You can also use "ou" for a group of users instead of "user"

excerpted from http://community.spiceworks.com/topic/336109-need-to-force-all-users-to-change-password-at-next-logon
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
Seth SimmonsSr. Systems AdministratorCommented:
dsquery does not work in a workgroup
0
 
bbaoIT ConsultantCommented:
@seth thanks for reminding this. you are right. i forgot this condition.

anyway, for local users i think we still need to stick on the NET USER command. i guess if we could first remove the password then force to need a password, all by running NET USER command? i can't test it myself at the moment but it's worth trying.

FYI - NET USER
https://technet.microsoft.com/en-us/library/cc771865.aspx
0
 
NVITCommented:
These 2 batch files are similar. The main difference is the line to deactivate the user account via NET USER.

Notes:
 - Copy the code below and save to a .bat file of your choice.
 - As a safety, this version uses ECHO net user and ECHO cscript for testing (visual) purposes. When you are satisfied that it looks like it will work, remove the ECHO in front of net user and cscript. Then save the .bat file. Then run it live.

Batch file 1: To deactivate all local station user accounts
@echo off
REM A batch file to deactivate user account on local station

set FNClients=%temp%\Clients.txt
if exist "%FNClients%" del "%FNClients%"

echo %computername%>"%FNClients%"
set SkipCtClients=0
set SkipCtUsers=4

set FNResults=%temp%\InactvAccts.txt
set FNUsers=%temp%\LocUsrs.txt
set FNChgPW=%temp%\ChgPwAtLogon.vbs
for %%a in ("%FNResults%" "%FNUsers%" "%FNChgPW%") do if exist %%a del %%a

if %SkipCtClients% gtr 0 (
  for /f "skip=%SkipCtClients%" %%a in (%FNClients%) do (call :DoIt %%a)
) else (
  for /f %%a in (%FNClients%) do (call :DoIt %%a)
)
del /q "%FNClients%" "%FNUsers%"
echo.
echo See "%FNResults%"
goto :EOF

:DoIt
net users >>"%FNUsers%"

for /f "skip=%SkipCtUsers% tokens=1-3" %%a in (%FNUsers%) do (call :ProcessUsers %%a %%b %%c)
goto :EOF

:ProcessUsers
for %%d in (%1 %2 %3) do (
  if %%d equ The goto :eof
  if /i %%d neq administrator (
    echo %date% %time% Processing user %%d >>"%FNResults%"
    
    REM Deactivate user account
    REM *** Remove below ECHO to activate the line.
    ECHO net user %%d /active:no>>"%FNResults%"
  )
)
goto :EOF

Open in new window


Batch file 2: To force all local station users to change password at next logon.
Notes:
- This second batch file makes a .vbs file and runs it.
- I have not tested whether it works. Before running this batch live, I would run the resultant .vbs file against a test user, just to confirm it works.
- The code is from http://www.activexperts.com/activmonitor/windowsmanagement/adminscripts/usersgroups/localusers/
- As an alternative to the .vbs... if you have the cusrmgr command line utility, which is available from the Windows 2000 Resource Kit, you can use that with one line of code: cusrmgr -u %%d +s MustChangePassword>>"%FNResults%"

@echo off
REM A batch file to force user to change password at next logon.

set FNClients=%temp%\Clients.txt
if exist "%FNClients%" del "%FNClients%"

echo %computername%>"%FNClients%"
set SkipCtClients=0
set SkipCtUsers=4

set FNResults=%temp%\InactvAccts.txt
set FNUsers=%temp%\LocUsrs.txt
set FNChgPW=%temp%\ChgPwAtLogon.vbs
for %%a in ("%FNResults%" "%FNUsers%" "%FNChgPW%") do if exist %%a del %%a

if %SkipCtClients% gtr 0 (
  for /f "skip=%SkipCtClients%" %%a in (%FNClients%) do (call :DoIt %%a)
) else (
  for /f %%a in (%FNClients%) do (call :DoIt %%a)
)
del /q "%FNClients%" "%FNUsers%"
echo.
echo See "%FNResults%"
goto :EOF

:DoIt
net users >>"%FNUsers%"

for /f "skip=%SkipCtUsers% tokens=1-3" %%a in (%FNUsers%) do (call :ProcessUsers %%a %%b %%c)
goto :EOF

:ProcessUsers
for %%d in (%1 %2 %3) do (
  if %%d equ The goto :eof
  if /i %%d neq administrator (
    echo %date% %time% Processing user %%d >>"%FNResults%"
    
    REM Make vbs file to set user's change password property at next logon.
    echo strComputer = "Computer01">"%FNChgPW%"
    echo set objUser = GetObject("WinNT://" ^& strComputer ^& "%%d"^)>>"%FNChgPW%"
    echo objUser.Put "pwdLastSet", 0>>"%FNChgPW%"
    echo objUser.SetInfo>>"%FNChgPW%"
    
    REM Run vbs file
    REM *** Remove below ECHO to activate the line.
    ECHO cscript.exe //nologo "%FNChgPW%"
  )
)
goto :EOF

Open in new window

0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now