The below script will perform the following tasks:
#Script title: Set Local Administrator account password Never expired and can not changed#
#Usage: Change csv file path
#-----------------------------------------------------------------------------------------------#
$list = Import-CSV "C:\Scripts\Serverslist.csv" #give your file path here
$ADS_UF_PASSWD_CANT_CHANGE = 64 # 0x40
$ADS_UF_DONT_EXPIRE_PASSWD = 65536 # 0x10000
foreach($Server in $list) {
$computerName = $Server.ServerName
$computer = [ADSI]"WinNT://$computerName,computer"
$Users = $computer.psbase.Children | Where-Object {$_.psbase.schemaclassname -eq 'user'}
foreach ($user in $Users.psbase.syncroot)
{
try{
If ( $user.name -ne "Guest"){
$user.userflags = $user.userflags[0] -bor $ADS_UF_DONT_EXPIRE_PASSWD
$user.userflags = $user.userflags[0] -bor $ADS_UF_PASSWD_CANT_CHANGE
$user.SetInfo()
Write-Host "User account has been set with Password Never Expried" -ForegroundColor "Green" -BackgroundColor "Black"
Write-Host "User account has been set with User Can not change Password" -ForegroundColor "yellow" -BackgroundColor "Black"
}
}
catch{
Write-Host "Unable to reach server $computerName" -ForegroundColor "Red" -BackgroundColor "Black"
}
}
}
- Set Password Never expire
- Set User can not change Password
#Script title: Set Local Administrator account password Never expired and can not changed#
#Usage: Change csv file path
#-----------------------------------------------------------------------------------------------#
$list = Import-CSV "C:\Scripts\Serverslist.csv" #give your file path here
$ADS_UF_PASSWD_CANT_CHANGE = 64 # 0x40
$ADS_UF_DONT_EXPIRE_PASSWD = 65536 # 0x10000
foreach($Server in $list) {
$computerName = $Server.ServerName
$computer = [ADSI]"WinNT://$computerName,computer"
$Users = $computer.psbase.Children | Where-Object {$_.psbase.schemaclassname -eq 'user'}
foreach ($user in $Users.psbase.syncroot)
{
try{
If ( $user.name -ne "Guest"){
$user.userflags = $user.userflags[0] -bor $ADS_UF_DONT_EXPIRE_PASSWD
$user.userflags = $user.userflags[0] -bor $ADS_UF_PASSWD_CANT_CHANGE
$user.SetInfo()
Write-Host "User account has been set with Password Never Expried" -ForegroundColor "Green" -BackgroundColor "Black"
Write-Host "User account has been set with User Can not change Password" -ForegroundColor "yellow" -BackgroundColor "Black"
}
}
catch{
Write-Host "Unable to reach server $computerName" -ForegroundColor "Red" -BackgroundColor "Black"
}
}
}
No comments:
Post a Comment