我已经构建了一个小的powershell GUI用于创建本地计算机帐户。我有一个问题与我的代码创建帐户,在那里我不要求更改登录后的密码。也许有人能帮忙。我想要一个我可以标记的进一步检查,在Windows登录后我不会被要求更改密码
$ErrorActionPreference = "Stop"
Add-Type -AssemblyName System.Windows.Forms
Add-Type -AssemblyName System.Drawing
# restart elevated if needed
if(!(new-object System.Security.Principal.WindowsPrincipal([System.Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole(544)){
start powershell -Verb runas -ArgumentList '-File',$MyInvocation.MyCommand.Definition
exit
}
#####################################################################################################################################################
#create form
$form = New-Object System.Windows.Forms.Form
$form.Width = 500
$form.Height = 700
$form.MaximizeBox = $false
$form.TopMost = $true
#####################################################################################################################################################
$objLabel = New-Object System.Windows.Forms.label
$objLabel.Location = New-Object System.Drawing.Size(10,20)
$objLabel.Size = New-Object System.Drawing.Size(130,15)
$objLabel.BackColor = "Transparent"
$objLabel.ForeColor = "Black"
$objLabel.Text = "Username"
$Form.Controls.Add($objLabel)
#textbox with choosen user name
$txtBox = New-Object System.Windows.Forms.TextBox
$txtBox.Location = New-Object System.Drawing.Point (180, 20)
$txtBox.Size = New-Object System.Drawing.Size(280,100)
$form.Controls.Add($txtBox)
#####################################################################################################################################################
$objLabel2 = New-Object System.Windows.Forms.label
$objLabel2.Location = New-Object System.Drawing.Size(10,50)
$objLabel2.Size = New-Object System.Drawing.Size(130,15)
$objLabel2.BackColor = "Transparent"
$objLabel2.ForeColor = "Black"
$objLabel2.Text = "Password"
$Form.Controls.Add($objLabel2)
#textbox with choosen password
$txtBox2 = New-Object Windows.Forms.MaskedTextBox
$txtBox2.PasswordChar = '*'
$txtBox2.Location = New-Object System.Drawing.Point (180, 50)
$txtBox2.Size = New-Object System.Drawing.Size(280,100)
$form.Controls.Add($txtBox2)
#####################################################################################################################################################
#create checkbox1
$checkBox = New-Object System.Windows.Forms.CheckBox
$checkBox.Location = New-Object System.Drawing.Point (10, 100)
$checkBox.Size = New-Object System.Drawing.Size(350,30)
$checkBox.Text = "PasswordNeverExpires"
$form.Controls.Add($checkBox)
#create checkbox2
$checkBox2 = New-Object System.Windows.Forms.CheckBox
$checkBox2.Location = New-Object System.Drawing.Point (10, 150)
$checkBox2.Size = New-Object System.Drawing.Size(350,30)
$checkBox2.Text = "UserMayChangePassword"
$form.Controls.Add($checkBox2)
#create checkbox3
$checkBox3 = New-Object System.Windows.Forms.CheckBox
$checkBox3.Location = New-Object System.Drawing.Point (10, 200)
$checkBox3.Size = New-Object System.Drawing.Size(350,30)
$checkBox3.Text = "AccountNeverExpires"
$form.Controls.Add($checkBox3)
#create checkbox4
$checkBox4 = New-Object System.Windows.Forms.CheckBox
$checkBox4.Location = New-Object System.Drawing.Point (10, 250)
$checkBox4.Size = New-Object System.Drawing.Size(350,30)
$checkBox4.Text = "AdminAccount"
$form.Controls.Add($checkBox4)
#create checkbox5
$checkBox5 = New-Object System.Windows.Forms.CheckBox
$checkBox5.Location = New-Object System.Drawing.Point (10, 300)
$checkBox5.Size = New-Object System.Drawing.Size(350,30)
$checkBox5.Text = "noPassword"
$checkbox5.Add_Click({
# disable/enable other controls depending on state of current checkbox
$checkBox.Enabled = !$checkBox5.Checked
$txtBox2.Enabled = !$checkBox5.Checked
$checkbox4.Enabled = !$checkBox5.Checked
})
$form.Controls.Add($checkBox5)
#create checkbox6
$checkBox6 = New-Object System.Windows.Forms.CheckBox
$checkBox6.Location = New-Object System.Drawing.Point (10, 350)
$checkBox6.Size = New-Object System.Drawing.Size(350,30)
$checkBox6.Text = "ChangePasswordAtLogon"
$form.Controls.Add($checkBox6)
#create user button
$Button = New-Object System.Windows.Forms.Button
$Button.Location = New-Object System.Drawing.Size(10,450)
$Button.Size = New-Object System.Drawing.Size(150,50)
$Button.Text = "create user"
$Button.Add_Click({
# Admin or Users Group
$group = @{$true='S-1-5-32-544';$false='S-1-5-32-545'}[$checkbox4.checked]
try{
# define options to create user
$useroptions = @{
Name = $txtbox.Text
Description = $txtbox.Text
Fullname = $txtbox.Text
AccountNeverExpires = $checkbox3.Checked
UserMayNotChangePassword = !$checkbox2.Checked
ChangePasswordAtLogon = $checkbox6.Checked
}
# if the "noPassword" checkbox is not checked
if (!$checkbox5.Checked){
$useroptions.Password = ConvertTo-SecureString $txtbox2.Text -AsPlainText -Force
$useroptions.PasswordNeverExpires = $checkbox.Checked
}else{
# "noPassword" checkbox is checked
$useroptions.NoPassword = $true
$group = 'S-1-5-32-545'
}
# create user and assign to administrators group
New-LocalUser @useroptions | Add-LocalGroupMember -Group (Get-Localgroup | ? Sid -eq $group)
[System.Windows.Forms.MessageBox]::Show("User has been created successfully.","User created",0,64)
}catch{
[System.Windows.Forms.MessageBox]::Show("Error creating new user account:`n $($_.Exception.Message)","Exception",0,48)
}
})
$form.Controls.Add($Button)
#end
[void]$form.ShowDialog()
你好,我做了一些改变从中间到结束你的代码的一部分,我认为你需要这个:
$group = @{$true='Administrators';$false='Users'}[$checkbox4.checked]
try{
# define options to create user
$useroptions = @{
Name = $txtbox.Text
Description = $txtbox.Text
Fullname = $txtbox.Text
AccountNeverExpires = $checkbox3.Checked
UserMayNotChangePassword = !$checkbox2.Checked
#ChangePasswordAtLogon = $checkbox6.Checked
}
# if the "noPassword" checkbox is not checked
if (!$checkbox5.Checked){
$useroptions.Password = ConvertTo-SecureString $txtbox2.Text -AsPlainText -Force
$useroptions.PasswordNeverExpires = $checkbox.Checked
}else{
# "noPassword" checkbox is checked
$useroptions.NoPassword = $true
}
# create user and assign to administrators group
New-LocalUser @useroptions | Set-LocalUser -PasswordNeverExpires $checkbox.Checked
Add-LocalGroupMember -Group $group -Member $useroptions.Name
[System.Windows.Forms.MessageBox]::Show("User has been created successfully.","User created",0,64)
}catch{
[System.Windows.Forms.MessageBox]::Show("Error creating new user account:`n $($_.Exception.Message)","Exception",0,48)
}
})
$form.Controls.Add($Button)
这将在administrators或Users组中添加新用户(取决于是否标记了admin),如果"PasswordNeverExpires"被标记,在第一次登录时不会要求提示新密码。
不能识别为New-LocalUser的参数,所以我注释它,你决定怎么做。#ChangePasswordAtLogon = $checkbox6。检查
代码测试正常
希望这对你有帮助
Active Directory查看pwdLastSet
属性,以查看帐户是否需要更改密码。打开AD用户和计算机,查看"用户下次登录时必须更改密码"的完美用户帐户;框中的帐户选项卡。选中复选框,此属性将被清除。再次取消复选框,它将被设置为当前时间戳,而不管最初的时间戳是什么。
我没有在PowerShell中这样做,但我有类似的c#代码与UserPrincipal
对象,使用userPrincipalInstance.LastPasswordSet.HasValue
来查看此框是否会被选中,并设置(或清除)userPrincipalInstance.LastPasswordSet
以改变它的状态。
当然,这是针对活动目录的UserPrincipal
,但也有可能WindowsPrincipal
对于本地帐户是类似的。