Is there a CMD command to set an existing Windows user's property's checkbox, "Password never expires", to be unchecked? (Assumption: The checkbox was previously checked before I unchecked it manually to illustrate the box being unchecked)
I am creating a batch file for windows 10 and I would like to do it programmatically. (I am hardening an OS and baselining it.)
I looked at the CMD command: net user and it does have several password options such as /passwordchg to specify a user can change their own password and /passwordreq which specifies a user must have a password. I find it strange that there isn't one for "Password never expires" (i.e. /passwordexp:{YES|NO}) so my batch file can uncheck that option programmatically. I'm probably missing it in my Google searches but I am unable to find a solution. I include a excerpt of my code:
...
...
net user %Name% /<somePasswordExpireOption:YES
...
...
Any suggestions are welcome. Thanks in advance.
Perhaps, as long as they are local not domain:
WMIC UserAccount Where "Name='%Name%'" Set PasswordExpires=FALSE
Related
Trying to set some firewall rules for a machine on a domain. It requires admin permissions through cmd prompt to set them, however I want to use the %username% variable as the command requires a specific folder stored in the logged in users appdata to be allowed.
Is there anyway to work around this?
As when launching cmd prompt as admin, it uses my admin username in %username% rather than the logged in user and I'm hoping to automate this. Needs to be done through cmd/powershell/batch.
Have managed to resolve it myself. I've managed to save the variable to a file, and call that file into a second command prompt session elevated as admin and use a different variable.
First:
echo %USERNAME%>C:\dir\file.txt
Second:
cd C:\dir\
set /P uname=<uname.txt
echo %uname%
I am working on an application that requires my users to share their fully-qualified-domain-name of their windows machine.
To help my users to extract their machine's FQDN, I want to share simple command line steps that they can copy/paste and execute on their terminals to get the result.
I was thinking of below command to extract local machine's FQDN:
echo %COMPUTERNAME%.%USERDNSDOMAIN%
But there are few problems of this command.
It gives output in ALL CAPS. (I can live with it)
It gives incorrect output if the variable is not set.
For example:
If USERDNSDOMAIN value is not set, then, you'll get following output:
echo %COMPUTERNAME%.%USERDNSDOMAIN% //<- Run this on cmd prompt
ClientComputerName.%USERDNSDOMAIN% //<- wrong output: Notice '%USERDNSDOMAIN%' is appended in o/p
Is there any way to stop echoing a variable if it's value is not set?
Please note that I want to extract "fully qualified domain name" of my windows machine through CMD prompt only.
You can get the FQDN name using PowerShell.
=== Get-FQDN.bat
#ECHO OFF
FOR /F %%A IN ('powershell -NoLogo -NoProfile -Command ^
"([System.Net.Dns]::GetHostByName($Env:COMPUTERNAME)).HostName"') DO (
SET "THEFQDN=%%A"
)
ECHO %THEFQDN%
If you have multiple users, then you surely have some way to get programs and batch files installed on them. Once this batch file script is installed into a directory on the user's PATH, it is a one-line command.
Get-FQDN
1st, please note that the "USER DNS Domain" is NOT the domain the computer is joined to, it is the domain the USER who is logged in belongs to.
If you log in as a user from a trusted domain, or a child or parent domain, then it will display that domain.
So, if you log in as a LOCAL account it will be blank (likely you are running into this)
There is a fairly simple way to get the actual computer domain however, by using NLTest. (For the like of me I could never figure out why Microsoft didn't pre-populate a variable with this info.)
At the CMD Line simply dump this into the command prompt (I believe you will need to run with admin privileges but I haven't tested):
FOR /F "tokens=3" %_ IN ('nltest /DOMAIN_TRUSTS /PRIMARY ^|FIND /I "0:"') DO #(ECHO.%COMPUTERNAME%.%_)
The result will be in all caps because that is how Microsoft displays this info.
Here is an example output:
MYLAPTOP.USERS.MYDOMAIN.LOCAL
But on-re-read you want something the users know how to do themselves, so ymmv if you could just send a reference email, or hand it to them each time they need it.
If you just wan this info and other info easily available you could use BGInfo or other options like that to set the desktop background.
Alternatively you could change the logon scripts to generate a simple text file with all the info each time the user logs on, and placed in a certain folder you tell them to look in.
I am running few scripts in powershell and cmd through windows scheduler. I have to provide my credentials and access keys in both the cmd and powershell scripts.
Is there anyway where I can provide my credentials through parameters like in Continous integration Tools? or any other way?
ex:
SET Username=Usrnme
Set Password=pswd //shouldn't be visible
curl.exe --basic --u usrnme:pswd -X get "https:www.google.com" -k
I don't want everybody who has access to the system to view the username and password.
Please suggest.
Here are your options:
Put the user name and password in a file and read it into batch script variables using for /f command
If you not using "simple filesharing" (= home edition versions of windows) you can set security so only one specific user has access to a password file or leave it in batch script and make that file's security so only one specific user has access.
Any text you are passing on a curl command line it is visible to any process while your curl.exe process is running. Another task can list running tasks eg from command prompt wmic process where ^(name^="curl.exe"^) get commandline would show it. I don't know how to obscure that.
You can use the Powershell Credential Manager to safely store the password on local computer. Then you can add the parameter to the script that represents credential target. See the example here
How do I start/call a batch file from another, but with administrative privileges, so that it doesn't give me errors like the following?
Access is denied error code 5
Here is something like what I would like it to be.
echo PLEASE TYPE YOUR USERNAME AND PASSWORD IN THE FIELDS BELOW.
echo.
echo.
echo.
echo.
set /p u=Username:
echo.
set /p p=Password:
start next.bat %u% %p%
No matter which way you chose, You must accept run it with admin privilege, so the point is which way is shorter? You could Right Click > Run as administrator as jean-Michael said although I prefer james approach (using vbScript) but if you don't want to use another vbScript file and just want benefit of just click on batch file and accept run with admin privilege (Note you have one right click and left click less) I suggest you this:
create a shortcut from your batch file and right click on shortcut > Properties > Shortcut Tab > Advanced now check the Run as administrator check-box. every time you execute it from the shortcut you just have one click to accept run it with admin privilege.
Hope this help.
Sometimes third party utilities like AutoIt (see runas function) are not an option - but if you do have that option, check it out as that will let you do exactly what you're aiming to. You can then call the AutoIt script from your script and use its runas function.
Windows runas doesn't support providing a password unless you're happy with the /savecred option - which is fine if you're only running the task from a single computer. The first time it will ask you for a password, but after that it won't (though you still have to use /savecred option each time you use it). I've got a feeling using this could be a huge security hole. But since it seems this is for your own machine, in your batch use this:
runas /user:computername\username /savecred yourcommand.exe
Another way is to make a scheduled task that can be called by your script. You can make it using the GUI or from an elevated command line as described here.
You can then call it from your script like this:
SCHTASKS /Run /TN yourtaskname
Simply put the bat file into the Windows directory, and it will run as administrator. I tried this myself, and it worked:
C:\Windows\batch_file.bat
It should work like that.
Within the batch file itself there is no way to run as an administrator, however if you launch the batch file from within a .VBS file, you are able to specify a 'runas' parameter.
set shell=CreateObject("Shell.Application")
shell.ShellExecute "your_batch_file.bat",,"C:\path\to\thedirectory", "runas", 0
set shell=nothing
This will launch your batch file as an administrator, and you can enable or disable the shell display (this example hides it as i wanted my program to run in the background without being seen).
Right click -> Run as administrator.
I think microsoft made as much as they could to prevent batch script to get administrative privileges on their own.
#cmd, I posted an example (How can I test effective permissions of a user from a batch script?) to run another bat file with ShellExecute and elevated rights (only when it's needed).
Take a look if it's what you looking for and what you need. If not, let me know and we could adapt your script to make it work.
good luck
I actually joined just to answer this, the simplest way by far is to create a shortcut to the program you want to run, then set the shortcut to run as administrator and just call the shortcut from the batch file. This will run with the settings specified in the shortcut and you could place this shortcut in the same folder as your batch file or just call it from the start menu.
Example:
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Folder\Shortcut Name.lnk"
After installing the new server, I am facing an issue.
I have lot of .vbs files, all need to run in wscript, reason, I use all those command like WScript.Echo "hello"
I want to be able to see the output when I double click the VBScript file.
But when I right click on the vbs file, I see console, I want to change the default to Windows host, globally!
How can I do that?
You can change the default scripting host to wscript.exe like so:
wscript.exe //H:wscript
If you wish to set cscript as the default host, that works in the same way:
wscript.exe //H:cscript
You can execute cscript.exe with the same arguments for the same result.
You can switch the default script engine with:
wscript //H:Wscript
Good luck!
I was able to solve it by using the following steps:
selecting the VBScript file that I want to open,
right click to select default program for this,
browse to C:/windows/windows32/wscript.exe, and select this.
In command prompt (as administrator):
To set windows script host as default script host enter:
wscript.exe //H:WScript
To set command line based script host as default script host enter:
cscript.exe //H:cscript
Check the Windows Explorer settings for the filetype *.vbs (something like tools->options->file types etc.) and change the "open with" setting to cscript.
Edit: I now advise caution with the recommendations I give below. After continuing to toggle and test my settings, I find I am unable to re-establish cscript as my default script host. (Note that I also retried the procedures given by other answers to this question.)
In addition, I tried using Process Monitor (a.k.a., "ProcMon") to find the reason for my difficulties, but unfortunately have not been unsuccessful.
Finally, I also considered going back to an earlier Windows 7 restore point, but this was complicated by the fact that I just yesterday changed my domain password. So, for now, I'm going to have to put my investigation to rest as other tasks are pressing.
On last thought...I have also considered the possibility that there are network policy security settings that are thwarting my efforts.
Original Answer: Enter the following line in a Windows batch file:
ftype VBSFile="%%SystemRoot%%\System32\WScript.exe" "%%1" %%*
Then, run a Command Prompt as an Administrator and run the batch file.
I believe the above will make the change for all users on the system. To make the change for only the logged in user, do the following (on Windows 7):
Control Panel => Programs => Default Programs => Associate a file type or protocol with a program
Then, in the Name column, scroll down to .vbs and click Change program... in the upper right. Then choose one of the Recommended Programs. If you do not see Microsoft ® Windows Based Script Host, browse to the following file:
C:\Windows\System32\wscript.exe
The guy above who right-clicked to choose the default program was right, however the path should be: C:\Windows\System32\wscript.exe