Scripts to manage Local Users—windows用户管理脚本

Scripts to manage Local Users

Changing the Local Administrator Password
Configuring a Local User Account So It Never Expires
Configuring a Local User Account Password So It Never Expires
Creating a Local User Account
Deleting a Local User Account
Determining Whether an Account Exists in a Windows NT 4.0 Domain
Determining Account Expiration Dates for a Windows NT 4.0 Domain
Disabling a Local User Account
Enumerating All the User Accounts in an NT 4.0 Domain
Enumerating User Accounts on the Local Computer
Requiring a Local User to Change His or Her Password
Returning Attribute Values for a Local User Account
Retrieving userAccountControl Values for a Local User Account
Setting an Expiration Date for a Local User Account
Using WMI to Enumerate Local Groups
Using WMI to Enumerate Local User Accounts

---

Changing the Local Administrator Password

Binds to the local Administrator account on the computer MyComputer, and changes the password for the account to testpassword.

strComputer = "MyComputer"Set objUser = GetObject("WinNT://" & strComputer & "/Administrator, user")objUser.SetPassword "testpassword"objUser.SetInfo

Configuring a Local User Account So It Never Expires

Binds to the local user account on a computer named atl-win2k-01, and configures the account so that it never expires.

Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000strComputer = "atl-win2k-01"Set objUser = GetObject("WinNT:// " & strComputer & "/kenmyer ")objUserFlags = objUser.Get("UserFlags")objPasswordExpirationFlag = objUserFlags OR ADS_UF_DONT_EXPIRE_PASSWDobjUser.Put "userFlags", objPasswordExpirationFlag objUser.SetInfo

Configuring a Local User Account Password So It Never Expires

Binds to a local user account on a computer named atl-win2k-01, and configures the account's password so that it never expires.

Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000 strDomainOrWorkgroup = "Fabrikam"strComputer = "atl-win2k-01"strUser = "KenMeyer" Set objUser = GetObject("WinNT://" & strDomainOrWorkgroup & "/" & _    strComputer & "/" & strUser & ",User") objUserFlags = objUser.Get("UserFlags")objPasswordExpirationFlag = objUserFlags OR ADS_UF_DONT_EXPIRE_PASSWDobjUser.Put "userFlags", objPasswordExpirationFlag objUser.SetInfo

Creating a Local User Account

Creates a local user account (Admin2) on a computer named MyComputer, and sets the password for the account to test.

strComputer = "MyComputer"Set colAccounts = GetObject("WinNT://" & strComputer & "")Set objUser = colAccounts.Create("user", "Admin2")objUser.SetPassword "test"objUser.SetInfo

Deleting a Local User Account

Deletes the local user account Admin2 from a computer named MyComputer.

strComputer = "MyComputer"strUser = "Admin2"Set objComputer = GetObject("WinNT://" & strComputer & "")objComputer.Delete "user", strUser

Determining Whether an Account Exists in a Windows NT 4.0 Domain

Subroutine that checks to see if a user account (kenmyer) exists in a Windows NT 4.0 domain named Fabrikam.

QueryForUser("kenmyer")Wscript.Echo "This user account does not exist." Sub QueryForUser(strUserName)    Set objDomain = GetObject("WinNT://FABRIKAM")    objDomain.Filter = Array("user")    For Each User In objDomain        If lcase(User.Name) = lcase(strUserName) Then            WScript.Echo User.Name & " already exists."            WScript.Quit        End If        NextEnd Sub

Determining Account Expiration Dates for a Windows NT 4.0 Domain

Determines the expiration dates for all the user accounts in a Windows NT 4.0 domain named Fabrikam.

On Error Resume NextSet objDomain = GetObject("WinNT://fabrikam,domain")objDomain.Filter = Array("User")For Each objUser In objDomain   If IsNull(objUser.AccountExpirationDate) Then       Wscript.Echo objUser.Name, "Account has no expiration date."   Else       Wscript.Echo objUser.Name, objUser.AccountExpirationDate   End IfNext

Disabling a Local User Account

Disables the local Guest account on a computer named MyComputer.

strComputer = "MyComputer"Set objUser = GetObject("WinNT://" & strComputer & "/Guest")objUser.AccountDisabled = TrueobjUser.SetInfo

Enumerating All the User Accounts in an NT 4.0 Domain

Returns a list of all the user accounts in a Windows NT 4.0 domain named Fabrikam.

Set objDomain = GetObject("WinNT://fabrikam,domain")objDomain.Filter = Array("User")For Each objUser In objDomain    Wscript.Echo objUser.Name Next

Enumerating User Accounts on the Local Computer

Returns a list of all the user accounts found on the local computer.

Set objNetwork = CreateObject("Wscript.Network")strComputer = objNetwork.ComputerNameSet colAccounts = GetObject("WinNT://" & strComputer & "")colAccounts.Filter = Array("user")For Each objUser In colAccounts    Wscript.Echo objUser.Name Next

Requiring a Local User to Change His or Her Password

Binds to a local user account on the computer named atl-win2k-01, and configures the account so that the user (kenmyer) must change his password the next time he logs on.

strComputer = "atl-win2k-01"Set objUser = GetObject("WinNT:// " & strComputer & "/kenmyer ")objUser.Put "PasswordExpired", 1objUser.SetInfo

Returning Attribute Values for a Local User Account

Displays mandatory and optional attributes (and their values) for a local user account named kenmyer on a computer named atl-win2k-01.

On Error Resume Next strComputer = "atl-win2k-01"Set objUser = GetObject("WinNT:// " & strComputer & "/kenmyer ")Set objClass = GetObject(objUser.Schema) WScript.Echo "Mandatory properties for " & objUser.Name & ":"For Each property In objClass.MandatoryProperties    WScript.Echo property, objUser.Get(property)Next WScript.Echo "Optional properties for " & objUser.Name & ":"For Each property In objClass.OptionalProperties    WScript.Echo property, objUser.Get(property)Next

Retrieving userAccountControl Values for a Local User Account

Accesses the userAccountControl to retrieve attribute values for the local user account kenmyer on a computer named atl-win2k-01. These attribute values include such things as account status (enabled or disabled), whether the user requires a password and, if so, whether or not that password will ever expire.

Const ADS_UF_SCRIPT = &H0001 Const ADS_UF_ACCOUNTDISABLE = &H0002 Const ADS_UF_HOMEDIR_REQUIRED = &H0008 Const ADS_UF_LOCKOUT = &H0010 Const ADS_UF_PASSWD_NOTREQD = &H0020 Const ADS_UF_PASSWD_CANT_CHANGE = &H0040 Const ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = &H0080 Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000 Const ADS_UF_SMARTCARD_REQUIRED = &H40000 Const ADS_UF_PASSWORD_EXPIRED = &H800000  Set usr = GetObject("WinNT://atl-win2k-01/kenmyer")flag = usr.Get("UserFlags") If flag AND ADS_UF_SCRIPT Then    Wscript.Echo "Logon script will be executed."Else    Wscript.Echo "Logon script will not be executed."End If If flag AND ADS_UF_ACCOUNTDISABLE Then    Wscript.Echo "Account is disabled."Else    Wscript.Echo "Account is not disabled."End If If flag AND ADS_UF_HOMEDIR_REQUIRED Then    Wscript.Echo "Home directory required."Else    Wscript.Echo "Home directory not required."End If If flag AND ADS_UF_PASSWD_NOTREQD Then    Wscript.Echo "Password not required."Else    Wscript.Echo "Password required."End If If flag AND ADS_PASSWORD_CANT_CHANGE Then    Wscript.Echo "User cannot change password."Else    Wscript.Echo "User can change password."End If If flag AND ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED Then    Wscript.Echo "Encrypted password allowed."Else    Wscript.Echo "Encrypted password not allowed."End If If flag AND ADS_UF_DONT_EXPIRE_PASSWD Then    Wscript.Echo "Password does not expire."Else    Wscript.Echo "Password expires."End If If flag AND ADS_UF_SMARTCARD_REQUIRED Then    Wscript.Echo "Smartcard required for logon."Else    Wscript.Echo "Smart card not required for logon."End If If flag AND ADS_UF_PASSWORD_EXPIRED Then    Wscript.Echo "Password has expired."Else    Wscript.Echo "Password has not expired."End If

Setting an Expiration Date for a Local User Account

Binds to a local user account (kenmyer) on a computer named atl-win2k-01, and configures the account to expire on March 1, 2003.

strComputer = "atl-win2k-01"Set objUser = GetObject("WinNT:// " & strComputer & "/kenmyer ")objUser.AccountExpirationDate = #03/01/2003# objUser.SetInfo

Using WMI to Enumerate Local Groups

Returns information about the local groups found on a computer.

On Error Resume NextstrComputer = "."Set objWMIService = GetObject("winmgmts://" & strComputer & "/root/cimv2")Set colItems = objWMIService.ExecQuery _    ("Select * from Win32_Group  Where LocalAccount = True")For Each objItem in colItems    Wscript.Echo "Caption: " & objItem.Caption    Wscript.Echo "Description: " & objItem.Description    Wscript.Echo "Domain: " & objItem.Domain    Wscript.Echo "Local Account: " & objItem.LocalAccount    Wscript.Echo "Name: " & objItem.Name    Wscript.Echo "SID: " & objItem.SID    Wscript.Echo "SID Type: " & objItem.SIDType    Wscript.Echo "Status: " & objItem.Status    Wscript.EchoNext

Using WMI to Enumerate Local User Accounts

Returns information about the local user accounts found on a computer.

On Error Resume NextstrComputer = "."Set objWMIService = GetObject("winmgmts://" & strComputer & "/root/cimv2")Set colItems = objWMIService.ExecQuery _    ("Select * from Win32_UserAccount Where LocalAccount = True")For Each objItem in colItems    Wscript.Echo "Account Type: " & objItem.AccountType    Wscript.Echo "Caption: " & objItem.Caption    Wscript.Echo "Description: " & objItem.Description    Wscript.Echo "Disabled: " & objItem.Disabled    Wscript.Echo "Domain: " & objItem.Domain    Wscript.Echo "Full Name: " & objItem.FullName    Wscript.Echo "Local Account: " & objItem.LocalAccount    Wscript.Echo "Lockout: " & objItem.Lockout    Wscript.Echo "Name: " & objItem.Name    Wscript.Echo "Password Changeable: " & objItem.PasswordChangeable    Wscript.Echo "Password Expires: " & objItem.PasswordExpires    Wscript.Echo "Password Required: " & objItem.PasswordRequired    Wscript.Echo "SID: " & objItem.SID    Wscript.Echo "SID Type: " & objItem.SIDType    Wscript.Echo "Status: " & objItem.Status    Wscript.EchoNext