Is there an easy way to set a password for a local user when the user doesn't have a password yet? I searched for it but couldn't find anything that worked. The following is what I found:
$password="password"
$UserAccount = Get-LocalUser -Name "nameofuser"
$UserAccount | Set-LocalUser -Password $password
The computers I am trying to give a password are not in a domain.
Related
I triyng to reset a password using this code:
Set-ADAccountPassword -Identity <username> -Reset -NewPassword (ConvertTo-SecureString -AsPlainText 'N3WP#SS' -Force)
But it uses the credentials of the logged user to execute this action. How do I specify other user to perform this action using
-Credential?
If you are trying to specify other user :
PSCredential Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.
To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.
You can also create a PSCredential object by using a script or by using the Get-Credential cmdlet. You can then set the Credential parameter to the PSCredential object.
Prompt a specified user to change their password.
Use this command below :
Set-ADAccountPassword -Identity TestName
Please enter the current password for 'CN=Evan Narvaez,CN=Users,DC=Fabrikam,DC=com'
Password:**********
Please enter the desired password for 'CN=Evan Narvaez,CN=Users,DC=Fabrikam,DC=com'
Password:***********
Repeat Password:***********
Set a password for a user account using a distinguished name :
Set-ADAccountPassword -Identity 'CN=Elisa
Daugherty,OU=Accounts,DC=Fabrikam,DC=com' -Reset -NewPassword
(ConvertTo-SecureString -AsPlainText "p#ssw0rd" -Force)
Please take a look at this doc for more reference : Ser-ADAccountPassword
I have 2 servers (windows server 2012 R2) in the same domain.
I execute a command on server01:
Invoke-Command -ComputerName server02 -Credential Administrator -ScriptBlock {Get-Culture}
I give the password of my Administrator (of server2) and it works well.
But when I try:
Invoke-Command -ComputerName server02 -ScriptBlock {Get-Culture}
It also seems to work. Probably because the 2 servers are in the same domain. While I only want it to work when you can provide the right credentials. Can someone help me with it?
You are probably doing this by Domain Admin account or account that it's in Domain Admins group or so.
In any case this results because your account has privelegies on that computer.
With which user do you execute the script on server01? Does that user have permissions on server02 too? If your user has admin permission on server01 and server02 then no credentials are neccessary... (as far as I know)
To check if the provided credentials are valid have a look here:
https://gallery.technet.microsoft.com/scriptcenter/Test-Credential-dda902c6
Or something like this:
$cred = Get-Credential #Read credentials
$username = $cred.username
$password = $cred.GetNetworkCredential().password
# Get current domain using logged-on user's credentials
$CurrentDomain = "LDAP://" + ([ADSI]"").distinguishedName
$domain = New-Object System.DirectoryServices.DirectoryEntry($CurrentDomain,$UserName,$Password)
if ($domain.name -eq $null)
{
write-host "Authentication failed - please verify your username and password."
exit #terminate the script.
}
else
{
write-host "Successfully authenticated with domain $domain.name"
}
Which was found here (but I haven't tested it):
https://serverfault.com/questions/276098/check-if-user-password-input-is-valid-in-powershell-script
This question already has answers here:
How do I get the result of a command in a variable in windows? [duplicate]
(13 answers)
Closed 6 years ago.
I am deploying Airwatch to my organization. On company-owned laptops, I would like to lock them down if/when the device is ever un-enrolled. There is no built-in method of doing this, so I am looking for a script to do it. My relevant background: I know very little batch, some powershell, a lot of vbscript (for classic ASP).
I would like one or both of the following:
Reset all user passwords on the laptop to something preset
Create a specific local admin and then disable all other local users
I know I can use "net user" to get a list of users, but I do not know how to use that list to actually disable the users or change their passwords. The batch commands to fit this logic would be ideal:
net user NewAdmin Password /add
net localgroup administrators NewAdmin /add
UserList = net user output
For each UserName in UserList
If UserName <> "NewAdmin" Then
net user UserName NewPassword
net user UserName /active:no
End If
Next
If you are using Windows 10 Vs.1607 or newer, you can use something like this PowerShell script:
$AdminPwd = ConvertTo-SecureString -string "foobar2016!" -AsPlainText -Force
$UserPwd = ConvertTo-SecureString -string "foobar2016!" -AsPlainText -Force
$NewAdmin = "NewAdmin"
New-LocalUser -Name $NewAdmin -FullName "New Admin" -Password $AdminPwd
Add-LocalGroupMember -Member $NewAdmin -Group "Administrators"
Get-LocalUser | ForEach-Object {
if ($_.Name -ne $NewAdmin)
{
$_ | Set-LocalUser -Password $UserPwd
$_ | Disable-LocalUser
}
}
Be careful when testing it, it disables all users except the new one.
The LocalUser cmdlets are new in PowerShell Vs. 5.1
I have several domains and one admin account in each one. It is a great pain to log into each domain to change password every month..
I have therefore written a script that will connect to all domains and check to see if I have already changed the password or if I am still using the old one.
If I am using the old one the script should update it.
I connect to the domains (sequentially) with
$oldPassword = Read-Host "Enter old password" -AsSecureString
$newPassword = Read-Host "Enter new password" -AsSecureString
$oldCredentials = new-object -typename System.Management.Automation.PSCredential -argumentlist "$domain\$adminusername",$oldPassword
Connect-QADService -Service $domain -Credential $oldCredentials
and if I get a successfull connection with $oldcredentials I try to change pwd with
GET-QADUSER $adminusername | SET-QADUSER -UserPassword $newPassword
I am guessing that I am not passing the secure string correctly to SET-QADUSER but I've found no documentation on another way to do it.
Please advice:)
SET-QADUSER -UserPassword accept [string] type not [System.Security.SecureString].
Try to pass just a string as password.
I need to create a new local user account, and then add them to the local Administrators group. Can this be done in PowerShell?
EDIT:
# Create new local Admin user for script purposes
$Computer = [ADSI]"WinNT://$Env:COMPUTERNAME,Computer"
$LocalAdmin = $Computer.Create("User", "LocalAdmin")
$LocalAdmin.SetPassword("Password01")
$LocalAdmin.SetInfo()
$LocalAdmin.FullName = "Local Admin by Powershell"
$LocalAdmin.SetInfo()
$LocalAdmin.UserFlags = 64 + 65536 # ADS_UF_PASSWD_CANT_CHANGE + ADS_UF_DONT_EXPIRE_PASSWD
$LocalAdmin.SetInfo()
I have this, but was wondering if there is anything more PowerShell-esque.
Another alternative is the old school NET USER commands:
NET USER username "password" /ADD
OK - you can't set all the options but it's a lot less convoluted for simple user creation & easy to script up in Powershell.
NET LOCALGROUP "group" "user" /add to set group membership.
As of PowerShell 5.1 there cmdlet New-LocalUser which could create local user account.
Example of usage:
Create a user account
New-LocalUser -Name "User02" -Description "Description of this account." -NoPassword
or Create a user account that has a password
$Password = Read-Host -AsSecureString
New-LocalUser "User03" -Password $Password -FullName "Third User" -Description "Description of this account."
or Create a user account that is connected to a Microsoft account
New-LocalUser -Name "MicrosoftAccount\usr name#Outlook.com" -Description "Description of this account."
Try using Carbon's Install-User and Add-GroupMember functions:
Install-User -Username "User" -Description "LocalAdmin" -FullName "Local Admin by Powershell" -Password "Password01"
Add-GroupMember -Name 'Administrators' -Member 'User'
Disclaimer: I am the creator/maintainer of the Carbon project.
As of 2014, here is a statement from a Microsoft representative (the Scripting Guy):
As much as we might hate to admit it, there are still no Windows
PowerShell cmdlets from Microsoft that permit creating local user
accounts or local user groups. We finally have a Desired State
Configuration (DSC ) provider that can do this—but to date, no
cmdlets.
Import-Csv C:\test.csv |
Foreach-Object {
NET USER $ _.username $ _.password /ADD
NET LOCALGROUP "group" $_.username /ADD
}
edit csv as username,password
and change "group" for your groupname
:) worked on 2012 R2
$sec_pass = ConvertTo-SecureString -String "SomePasword" -AsPlainText -Force
New-LocalUser -Name username -FullName username -PasswordNeverExpires -Password $sec_pass
Add-LocalGroupMember -Group Administrators -Member username