Batch Script - Create user in Windows XP programmatically - windows-xp

Is there a way to create a user in Windows XP via Batch Script and even assign it administrator/limited user value?

Suppose the username is rased and password is pAsS
net user rased pAsS /add
net localgroup administrators rased /add
here user is added under administrators group.

Yes, you can create a user by running net user USERNAME PASSWORD /add (omit the PASSWORD if you do not wish to have a password for this account, use * for PASSWORD to require the user to enter a password at run time). This creates a "limited user"; if you wish to make the new user an administrator, run net localgroup Administrators USERNAME /add after creating the user.

Related

Use "Set-ADAccountPassword" to change own password

I'm writing a PS script to change an AD account's password by:
grabbing current user password from a Key Vault
Create a PSCredential $credential using the user's username and password obtained from KV
Generate new password in plain text and convert to secure string $newpass
Running Set-ADAccountPassword:
Set-ADAccountPassword -Identity "testuser" -Reset -NewPassword $newpass -Credential $credential
This fails with "Set-ADAccountPassword: Access is denied". The $credential object contains the current user's credentials which are valid (I'm testing this in advance).
As I understand it users have SELF as able to change their own password, as they can just CTRL+ALT+DEL to reset it. In this case, this account is not allowed interactive logins (so I can't test in a PS terminal using RUNAS), and powershell would be an easy wait to change the password periodically.
Why am I getting access denied, and is there a way around this?
There are two types of password update operations natively supported by AD:
Password Reset
In this operation, permission to update the account password is granted to an administrative user who can then set it without having to know the existing password
Password Change
In this operation, the calling user supplies the existing password as an argument, this authenticating the change - this is what you want!
When you specific the -Reset switch parameter, Set-ADAccountPassword takes it to mean you want to perform a password reset.
To perform a password change instead:
Remove the -Reset switch
Pass the existing password value as an argument to the -OldPassword parameter

PowerShell script Scheduled Task change local user password value based on set password

I am working on a PowerShell script that would run in a Task Scheduler.
The way I want it to work is:
Default value is set to force user to change password at next logon:
net user su /logonpasswordchg:yes
Now the code would be something like:
$password = Azerty123!
if $password is different from $password
switch password from "user must change password at next logon" to "Password never expires"
else leave value to change password at next logon
After multiple tests I figured that the 2 following values would need to be switched based on the current password
Set-LocalUser -Name "su" -PasswordNeverExpires:$true
Set-LocalUser -Name "su" -PasswordNeverExpires:$false
net user su /logonpasswordchg:yes
net user su /logonpasswordchg:no
Basically the script is deployed with Intune, creates a Task Scheduler, it would check the password value every day one per day, if the password has been changed, the password value is changed to never expire, as long as the password as never been changed, leave it as change password at next logon.
Can anyone help me on this ? sorry for my clumsy explanations
Alternative approach could be to change the password expiry setting globally on Windows system.
This will apply to all users and can be done prior specific user changed their password. It can be accomplished by running following command:
net accounts /maxpwage:0
Note: check comments section to the answer for in depth discussion of other approaches

Validate user's credentials supplied during the installation (pre-install)

I'm using InstallAnywhere and due to security reasons, I need to change the Server (our application server) "Log on as" to other user than System.
I'm asking the user during the Pre-Install to supply me with a username (in a format of <Hostname\Username> or <Domain\Username>) and a password. Now I need to verify these credentials supplied by the user are valid, and if not prompt the same Panel again.
The problem is that with command line using the net start... command - I can't supply username & password.
Using the runas command - can give it the username as a parameter but not the password. (also - it was stucked on "attempting to start..." and couldn't start the process)
I've also tried PowerShell script which used the start-service command, using the -Credential parameter, but it didn't work.
another idea - is there a way to verify this using Regedit?

How to validate password policy with default windows server 2008 condition

how to validate default password policy when we adding new user in local user account creation using net user /add $username $password
I have validated the username existence with below command
$CheckUser=net user $UserName
if($CheckUser){
Write-OutPut "Username is already exists"
}
How would I check the password with default windows server password policy?

Can I change my own password in Active Directory using Powershell

I am trying to change password for my own account in AD using powershell. My account is just a regular account (no domain admin rights)
I tried net user, dsquery and powershell cmdlets, but all of them errors out "Access is denied". I think all of those requires admin rights.
Is there a way to change my own password using powershell or cmd ?
Why I am doing that?
We have 8 different AD domains and I have an account in each. With different password expiration policies it is very difficult to remember all the passwords. So I want to do a script that connects to each domain with my user account in that domain and changes the password. I'll repeat that for all the domains.
If you have the Active Directory PowerShell Module installed, this is a pretty easy task using Set-ADAccountPassword.
You can use the -Server parameter to supply a different Domain Controller name from each Domain to set the password on that Domain.
$DomainControllers = "Domain1DC","Domain2DC","Domain3DC"
$MyName = "MyUserName"
ForEach ($DomainController In $DomainControllers) {
Set-AdAccountPassword -Identity $MyName -Server $DomainController
}
Set-ADUserAccountPassword used this way will prompt you for the old password then the new password for each domain controller.