Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

changing existing local user flag "never expires"

69 views
Skip to first unread message

Christian Goldmann

unread,
Nov 30, 2004, 8:50:39 AM11/30/04
to
Hello

I'm searching for a usable script to change the flag "password never
expires" on two local users.

No domain, no OU, or so - simple local accounts.

System is Windows XP Prof SP2

I found two scripts - no one seems to work for me.
Script 1:
Set objUser = GetObject("WinNT://image/trulli")
objUserFlags = objUser.Get("UserFlags")
objPasswordExpirationFlag = objUserFlags OR ADS_UF_DONT_EXPIRE_PASSWD
objUser.Put "userFlags", objPasswordExpirationFlag
objUser.SetInfo

Script 2:
Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000
Set objUser = GetObject("WinNT://image/trulli,user")
lngFlags = objUser.Get("userFlags")
If (lngFlags And ADS_UF_DONT_EXPIRE_PASSWD) <> 0 Then
lngFlags = lngFlags Xor ADS_UF_DONT_EXPIRE_PASSWD
objUser.Put "userFlags", lngFlags
objUser.SetInfo
End If

Both scripts runs on doubleclick without error, but the flag seems not
been set.
System/User/Properties.... is the flag unchecked after the scripts.

What can i do?

Greetings
Chris

Richard Mueller [MVP]

unread,
Nov 30, 2004, 10:25:55 AM11/30/04
to
Hi,

In the first script, ADS_UF_DONT_EXPIRE_PASSWD is not defined. Otherwise the
Or operation means the bit is set, so if the constant were defined, it would
set the flag "password never expires". In the second script, the And
operation tests if the bit is set. A non-zero result means that the flag is
set. So, when the flag is set, you Xor the attribute with the bit mask,
which toggles it, which means that the script results in the flag not being
set.

I would prefer to test first, then if the flag is not set, use Or to set the
flag:

Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000
Set objUser = GetObject("WinNT://image/trulli,user")
lngFlags = objUser.Get("userFlags")

If (lngFlags And ADS_UF_DONT_EXPIRE_PASSWD) = 0 Then
lngFlags = lngFlags Or ADS_UF_DONT_EXPIRE_PASSWD


objUser.Put "userFlags", lngFlags
objUser.SetInfo
End If

This assumes you have the correct binding string for the user. Remember "Or"
sets a bit, "Xor" toggles a bit (the only way to turn a bit off), "And"
tests a bit. When you "And", a non-zero result means the bit is set, a zero
result means the bit is not set. In VBScript you must define the constants.

--
Richard
Microsoft MVP Scripting and ADSI
Hilltop Lab web site - http://www.rlmueller.net
--

"Christian Goldmann" <derd...@web.de> wrote in message
news:39f7148c.04113...@posting.google.com...

Christian Goldmann

unread,
Dec 1, 2004, 3:38:33 AM12/1/04
to
Hello Richard

Thank You, it worked fine for me.

Greetings
Chris


"Richard Mueller [MVP]" <rlmuelle...@ameritech.NOSPAM.net> wrote in message news:<O5X6FEv1...@TK2MSFTNGP09.phx.gbl>...

[...]

> I would prefer to test first, then if the flag is not set, use Or to set the
> flag:
>
> Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000
> Set objUser = GetObject("WinNT://image/trulli,user")
> lngFlags = objUser.Get("userFlags")
> If (lngFlags And ADS_UF_DONT_EXPIRE_PASSWD) = 0 Then
> lngFlags = lngFlags Or ADS_UF_DONT_EXPIRE_PASSWD
> objUser.Put "userFlags", lngFlags
> objUser.SetInfo
> End If
>

[...]

0 new messages