Password Required for Local Accounts
Set password required and password expires for all local user accounts
So I have a requirement to ensure all local accounts require a password and that the password can expire.
Below is a VB script that I run as a startup script from a Machine GPO. Later we will include this into our imaging process and remove the GPO. (Our imaging is done by SCCM so we will just add this as a task at the end)
I ended up doing this in 2 steps
The first part runs through all the local accounts and runs “net user User.Name /passwordreq:yes”
The second part looks to see if the password does not expire flag is set or not. If its is set to not expire then it gets changed to allow expire.
‘####### Begin VB Script #######
‘ Set Passwordreq:yes for all local accounts
Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
On Error Resume Next
strComputer = “.”
Set colAccounts = GetObject(“WinNT://” & strComputer & “”)
colAccounts.Filter = Array(“user”)
For Each objUser in colAccounts
‘ WScript.Echo objUser.Name ‘ this is here to test script
Dim oShell
Set oShell = WScript.CreateObject (“WScript.Shell”)
oShell.run “net user ” & objUser.Name & ” /passwordreq:yes”
Set oShell = Nothing
Flags = objUser.Get(“UserFlags”)
If (Flags AND ADS_UF_DONT_EXPIRE_PASSWD) <> 0 Then ‘ Check to see if password expires if not change it so that it does
objUser.put “Userflags”, flags XOR &H10000
objUser.setinfo
End If
Next
‘####### End VB Script #######
One word of warning DO NOT apply this to a Domain Controller
SuperG
Write a comment
You need to login to post comments!