小贝子编程

如何在创建用户时"user must change password at next logon"更改本地用户设置



我正在使用Powershell创建一个新的本地用户,我需要确保用户在下次登录时必须更改密码。我已经找到了ADuser的答案,但这个用户将是本地用户,而不是ADuser。

如果您不在最新版本的Windows PowerShell v5x或PowerShell Code v6及更高版本上,则只需要@Graham指向的模块,而这些cmdlet已经内置。

MS文档:

新本地用户

https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.localaccounts/new-localuser?view=powershell-5.1

New-LocalUser -Name "User02" -Description "Description of this account." -NoPassword
$Password = Read-Host -AsSecureString
New-LocalUser "User03" -Password $Password -FullName "Third User" -Description "Description of this account."
New-LocalUser -Name "MicrosoftAccountusr name@Outlook.com" -Description "Description of this account."

设置本地用户

https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.localaccounts/set-localuser?view=powershell-5.1

Set-LocalUser -Name "Admin07" -Description "Description of this account."
$Password = Read-Host -AsSecureString
$UserAccount = Get-LocalUser -Name "User02"
$UserAccount | Set-LocalUser -Password $Password

阅读有关"[-PasswordNeverExpires]"的帮助。

您也可以在没有LocalAccounts模块的情况下自己使用WinNT提供程序来创建这样的本地用户:

$newUser      = 'Test'
$ComputerName = $env:COMPUTERNAME
# create a new local user using the WinNT provider
$Computer = [ADSI]"WinNT://$ComputerName,Computer"
$User = $Computer.Create("User", $newUser)
$User.SetPassword("abc123")
$User.SetInfo()
$User.FullName = "Test User"
$User.SetInfo()
$User.Description = "User to test WinNT"
$User.SetInfo()

为了设置";用户必须在下次登录时更改密码";对于本地用户

# bind to the local user with the WinNT provider
$localUser    = 'Test'
$ComputerName = $env:COMPUTERNAME
$user = [ADSI]"WinNT://$ComputerName/$localUser,user"
if ($user.UserFlags.Value -band 65536) {        # ADS_UF_DONT_EXPIRE_PASSWD
Write-Host "The password for user '$localUser' never expires"
}
elseif ($user.UserFlags.Value -band 64) {       # ADS_UF_PASSWD_CANT_CHANGE
Write-Host "User '$localUser' is not allowed to change password"
}
elseif ($user.UserFlags.Value -band 32) {       # ADS_UF_PASSWD_NOTREQD 
Write-Host "User '$localUser' does not require a password"
}
else {
$user.Put("PasswordExpired", 1)
$user.SetInfo()
}

请参阅ADS_USER_FLAG_ENUM枚举

这并不完全是Powershell的答案,但它确实有效。

使用以下命令:

net user LocalGuy /logonpasswordchg:yes

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium