如何编写脚本来修改 Windows Server 上用户的密码到期值?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/4824230/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How do I write a script to modify the password expiration values for users on a Windows Server?
提问by Max_Steve
I need to create several users on Windows 2008 servers and modify the password expiration value to "Never". These will be local (not AD) users. I can create them using "net user", it's modifying the pass expiry that is killing me. If I do a "net user username" it lists the field and its value, but there is no switch (at least not one that the help file references) to modify it, and most of the solutions I saw online suggested installing 3rd party tools, however this solution must be native to Windows (ideally using Powershell). Any help is appreciated.
我需要在 Windows 2008 服务器上创建多个用户并将密码过期值修改为“从不”。这些将是本地(非 AD)用户。我可以使用“ net user”创建它们,它正在修改正在杀死我的通行证到期时间。如果我执行“ net user username”,它会列出该字段及其值,但是没有开关(至少没有帮助文件引用的开关)来修改它,而且我在网上看到的大多数解决方案都建议安装 3rd 方工具,但是此解决方案必须是 Windows 原生的(最好使用 Powershell)。任何帮助表示赞赏。
UPDATE
更新
I said if I figured out how to do this in Powershell I would post it here, and I am a man of my word.
我说过,如果我想出如何在 Powershell 中执行此操作,我会将其发布在这里,而且我是一个言出必行的人。
Get-WmiObject -Class Win32_UserAccount -Filter "name = 'steve'" | Set-WmiInstance -Argument @{PasswordExpires = 0}
Get-WmiObject -Class Win32_UserAccount -Filter "name = 'steve'" | Set-WmiInstance -Argument @{PasswordExpires = 0}
This is a boolean value so if you wanted to set a password to expire just change 0 to 1. This is beautiful to me in its simplicity, and I have tested this method updating other WMI objects and it works every time.
这是一个布尔值,因此如果您想设置密码过期,只需将 0 更改为 1。这对我来说很简单,因为它很简单,我已经测试了这种更新其他 WMI 对象的方法,并且每次都有效。
回答by Cody Gray
The simple solution is to create a batch file that issues the following command:
简单的解决方案是创建一个批处理文件,发出以下命令:
net accounts /maxpwage:unlimited
However, that will set the maximum password age for allaccounts on the local machine to unlimited, not just the new accounts that you have created.
但是,这会将本地计算机上所有帐户的最长密码期限设置为无限制,而不仅仅是您创建的新帐户。
If you need a finer level of control (i.e., the ability to set the password expiration values for individual users), you'll need something a little more complicated. The Scripting Guys share an exampleof a VBScript that will modify a local user account so that its password never expires:
如果您需要更精细的控制(即,为单个用户设置密码到期值的能力),您将需要一些更复杂的东西。脚本专家分享了一个 VBScript示例,该示例将修改本地用户帐户,使其密码永不过期:
Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
strDomainOrWorkgroup = "Fabrikam"
strComputer = "atl-win2k-01"
strUser = "KenMeyer"
Set objUser = GetObject("WinNT://" & strDomainOrWorkgroup & "/" & _
strComputer & "/" & strUser & ",User")
objUserFlags = objUser.Get("UserFlags")
objPasswordExpirationFlag = objUserFlags OR ADS_UF_DONT_EXPIRE_PASSWD
objUser.Put "userFlags", objPasswordExpirationFlag
objUser.SetInfo
It would be easy to modify this to work for any user of your choice, or even to create a new user.
很容易修改它以适用于您选择的任何用户,甚至创建一个新用户。
Finally, here's an example in C#, which you should be able to port to PowerShell. I'm not much of a PS expert, but considering it uses the .NET Framework, the above code should give you some ideas.
最后,这里有一个 C# 示例,您应该可以将其移植到 PowerShell。我不是一个 PS 专家,但考虑到它使用 .NET Framework,上面的代码应该会给你一些想法。
回答by JasonMArcher
From this technet thread.
从这个技术网线程。
$computer = $env:Computername
$account = ([adsi]"WinNT://$computer/TestAccount")
$account.PasswordExpired = 1
$account.psbase.commitchanges()
You can add the domain before the computer name if you need to.
如果需要,您可以在计算机名称之前添加域。
回答by Der_Meister
Set password never expiresfor local user. Do not change other flags:
为本地用户设置密码永不过期。不要更改其他标志:
$ADS_UF_DONT_EXPIRE_PASSWD = 0x10000
$username = 'user'
$user = [adsi] "WinNT://./$username"
$user.UserFlags = $user.UserFlags[0] -bor $ADS_UF_DONT_EXPIRE_PASSWD
$user.SetInfo()
回答by Andrey Rubanko
works for me:
对我有用:
WMIC USERACCOUNT WHERE "Name='ftpuser'" SET PasswordExpires=FALSE
WMIC USERACCOUNT WHERE "Name='ftpuser'" SET PasswordExpires=FALSE
replace ftpuserwith correct user name
用正确的用户名替换ftpuser
回答by Deadly-Bagel
The other solutions weren't working for me so I tweaked Jason's solution to:
其他解决方案对我不起作用,因此我将 Jason 的解决方案调整为:
$svrname = $env:computername
$user = ([adsi]"WinNT://$svrname/Administrator")
$user.userflags = 66049
$user.psbase.commitchanges()
The userflags value determines what tickboxes are checked for the user - this one is a basic "password doesn't expire" value. Can't seem to work out how it the numbers go together, the below may be useful but according to that I've got a reserved value enabled which doesn't make sense.
userflags 值确定为用户检查哪些复选框 - 这是一个基本的“密码不会过期”值。似乎无法弄清楚这些数字是如何组合在一起的,下面的内容可能有用,但据此我启用了一个没有意义的保留值。
http://www.selfadsi.org/ads-attributes/user-userAccountControl.htm
http://www.selfadsi.org/ads-attributes/user-userAccountControl.htm
Instead I just enabled the options I needed on a test box and retrieved the value. Is the most reliable means of determining what you need I guess.
相反,我只是在测试盒上启用了我需要的选项并检索了值。我猜是确定您需要什么的最可靠方法。
回答by Stephen
I took Deadly-Bagel's solution and it didn't work, until I made a small change. See below:
我采用了 Deadly-Bagel 的解决方案,但它没有用,直到我做了一个小改动。见下文:
$svrname = $env:computername
$user = ([adsi]"WinNT://$svrname/Administrator")
$user.psbase.InvokeSet("userflags", 66049)
$user.psbase.commitchanges()
