Password Required for Local Accounts

By SuperG - Last updated: Tuesday, April 3, 2012 - Save & Share - Leave a Comment

Set password required and password expires for all local user accounts

So I have a requirement to ensure all local accounts require a password and that the password can expire.

Below is a VB script that I run as a startup script from a Machine GPO. Later we will include this into our imaging process and remove the GPO. (Our imaging is done by SCCM so we will just add this as a task at the end)

I ended up doing this in 2 steps

The first part runs through all the local accounts and runs “net user User.Name /passwordreq:yes”

The second part looks to see if the password does not expire flag is set or not. If its is set to not expire then it gets changed to allow expire.

‘####### Begin VB Script #######

‘ Set Passwordreq:yes for all local accounts

Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000

On Error Resume Next

strComputer = “.”

Set colAccounts = GetObject(“WinNT://” & strComputer & “”)

colAccounts.Filter = Array(“user”)

For Each objUser in colAccounts

‘ WScript.Echo objUser.Name ‘ this is here to test script

Dim oShell

Set oShell = WScript.CreateObject (“WScript.Shell”)

oShell.run “net user ” & objUser.Name & ” /passwordreq:yes”

Set oShell = Nothing

Flags = objUser.Get(“UserFlags”)

If (Flags AND ADS_UF_DONT_EXPIRE_PASSWD) <> 0 Then ‘ Check to see if password expires if not change it so that it does

objUser.put “Userflags”, flags XOR &H10000

objUser.setinfo

End If

Next

‘####### End VB Script #######

One word of warning DO NOT apply this to a Domain Controller
SuperG

Posted in Uncategorized • • Top Of Page

Write a comment

You need to login to post comments!