I am trying to get a script to run for a local user while logged in to have there user account require them to change their password once they log of then log back in. I have about 40 different users that all have there own local internet connection so i don't have active directory for these computers where i can easily set this. I want to be able to push out a script through remote access that will preform this action (having to reset their password).
The user account name that I am trying to run the script for is called: Ual-Lab-Tech
The script I am running is:
' Bind to local user object.
Set objUser = GetObject("Ual-Lab-Tech")
' Require password change at next logon.
objUser.PasswordExpired = 1
objUser.SetInfo
However when I run the script I am getting an error:
Script: C:\\Users\UAL-Lab-Tech\Desktop\change password at logon.vbs
Line: 2
Char: 1
Error: Invalid syntax
Code: 800401E4
Source (null)
What am I doing wrong?
The sample above is for local accounts.
For an AD account you have to use ADSI like this:
Set objUser = GetObject ("LDAP://CN=username,CN=Users,DC=domain,DC=local")
objUser.Put "PasswordExpired", 1
objUser.SetInfo
You will find a working sample here:
strComputer = "atl-win2k-01"
Set objUser = GetObject("WinNT://" & strComputer & "/kenmyer ")
objUser.Put "PasswordExpired", 1
objUser.SetInfo
Related
I have a windows script running from a scheduled task, set to run with domain credentials.
It checks the disk space on all of my domain joined servers using WMI.
Set wmi = GetObject("winmgmts:\\" & hostname & "\root\cimv2")
...
Set wmiresults = wmi.ExecQuery("SELECT * FROM Win32_LogicalDisk WHERE Name = '" & _
UCase(diskletter) & ":'")
For Each wmiresult In wmiresults
ptotalspace = Round(CDbl(wmiresult.Size) / 1073741824, 2)
pfreespace = Round(CDbl(wmiresult.Freespace) / 1073741824, 2)
Next
This script works fine for all domain joined servers. But I need to include a non-domain-joined server into this checking, and it fails as the script lacks the necessary permissions on the target server.
I have tried the hacky method of creating a local user account with the same name and password as the domain admin acct, and adding it to local admins, but this didn't work.
Is there a way to allow the script permission to check the server's disks without joining it to the domain, and without having to create a duplicate or version of this script that runs using a local account with permission to perform this check?
The solution is here: Connecting to WMI Remotely with VBScript
Look at option 2 under the heading "To connect to a remote system using VBScript". You can use the SWbemLocator.ConnectServer method to pass different credentials to the connection. It looks like this:
strComputer = "Computer_B"
Set objSWbemLocator = CreateObject("WbemScripting.SWbemLocator")
Set objSWbemServices = objSWbemLocator.ConnectServer(strComputer, _
"Root\CIMv2", _
"fabrikam\administrator", _
"password")
Just replace "fabrikam\administrator" and "password" with a username and password that has permission on that machine. Then you can use that objSWbemServices object the same way you were using your wmi object.
That should work if you run it from a machine inside the domain too... I think. Give it a try.
I am trying to create a HTA file that, among other things, connects to a remote network drive on a Windows 7 PC. In order to do this I need a username / password. I have the following code:
Sub ConnectDrive
Set objNetwork = CreateObject("WScript.Network")
Set oShell = CreateObject("Shell.Application")
objNetwork.MapNetworkDrive "x:", "\\testsystem3\temp", False, User, Pass
If Err.Number = 0 Then
oShell.NameSpace("x:").Self.Name = "Temp on TS3"
End If
Set oShell = Nothing
Set objNetwork = Nothing
End Sub
User and Pass are the actual username and password used in order to connect.
The problem is that I get a Logon failure error message: "Logon failure: unknown user name or bad password".
I am sure that the username and password are ok since using the net use x: \\testsystem3\temp /user:User pass command connects the drive successfully.
Any suggestions how to get this to work? I could turn off password protected sharing on the Windows 7 machine but I wouldn't like that...
Thank you!
I have a standalone computer connected to a basic router at home and has time warner. I am trying to write a script so that i can run it on the computer and it will make me change my password at next login.
Ive tried the following script where UAL-10167 is the computer name and the username is: UAL-Lab-Tech
And it is not working. Any Advise would be great!!
strComputer = "UAL-10167"
Set objUser = GetObject("WinNT://" & strComputer & "/UAL-Lab-Tech")
objUser.Put "PasswordExpired", 1
objUser.SetInfo
I know it's an old question, but it still unanswered...
To force a user to set his or her password on the next log on set the pwdLastSet property to 0, as in...
objUser.Put "pwdLastSet", 0
objUser.SetInfo
I need to create a .VBS script to reset the Windows local administrator password on a large group of computers. My problem is that some of our sites have renamed the administrator account for security reasons. Does anyone have a script which changes the password of the administrator account based on the SID of the original Administrator account?
Using the fact that local admin's SID always ends with -500:
strComputer="." ' local computer by default
Set objUser=GetObject("WinNT://" & strComputer & "/" & GetAdminName & ",user")
objUser.SetPassword "New local admin password"
objUser.SetInfo
Function GetAdminName
'This function was written using information from Table J.1 from the Windows XP resource Kit
'http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prnc_sid_cids.asp
Set objNetwork = CreateObject("Wscript.Network") 'get the current computer name
objComputerName = objNetwork.ComputerName
Set objwmi = GetObject("winmgmts:{impersonationLevel=impersonate}!//" & objComputerName)
qry = "SELECT * FROM Win32_Account where Domain = '" & cstr(objComputerName) & "'"
'set query, making sure to only look at local computer
For Each Admin in objwmi.ExecQuery(qry)
if (left(admin.sid, 6) = "S-1-5-" and right(admin.sid,4) = "-500") then 'look for admin sid
GetAdminName = admin.name
end if
next
end Function
There's a tool floating around somewhere called LookupAccountName (with source!) that given the SID of the builtin adminitrator will give you its name.
You're probably going to end up writing C++ code to pull this one off reasonably well.
Like Joshua says, I don't think you can do this with windows scripting host only, you could use it download something and execute it:
A custom app that calls LookupAccountSid(S-1-5-domain-500 SID or enum admin group)+NetUserSetInfo to reset the password (Needs to run this as admin)
http://home.eunet.no/pnordahl/ntpasswd/ (Reset at boot)
Dump the SAM hashes and crack the password (Cain,John the Ripper,L0phtCrack etc)
#DmitryK's answer is good, and I didn't know any of that stuff. But I do know that this sort of thing is usually cleaner in PowerShell, so I ported it.
For example, the whole GetAdminName function can be written:
$adminName = (gwmi win32_account | ? { $.SID.StartsWith( 'S-1-5-' ) -and $.SID.EndsWith( '-500' ) }).Name
(Add the -ComputerName option to the gwmi call to do this on a server.)
The rest becomes:
$user = ([ADSI]"WinNT://$($env:COMPUTERNAME)/$adminName,User")
$user.SetPassword( 'xxx' )
$user.SetInfo()
(applying the appropriate computer name as needed, of course.)
How can I retrieve all users from Active Directory using VBScript?
Dim oDomain = GetObject("LDAP://OU=YourOU,DC=YourDomain,DC=com")
For Each oUser in oDomain
WScript.echo oUser.Get("distinguishedName")
Maybe this will get you running?