i have built a little powershell gui for creating local computer accounts. i have a problem with my code creating accounts, where i am not asked for changing the password after login. maybe someone can help. i want a further checkbock i can mark, where i am not been asked for changing my password after windows login
$ErrorActionPreference = "Stop"
Add-Type -AssemblyName System.Windows.Forms
Add-Type -AssemblyName System.Drawing
# restart elevated if needed
if(!(new-object System.Security.Principal.WindowsPrincipal([System.Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole(544)){
start powershell -Verb runas -ArgumentList '-File',$MyInvocation.MyCommand.Definition
exit
}
#####################################################################################################################################################
#create form
$form = New-Object System.Windows.Forms.Form
$form.Width = 500
$form.Height = 700
$form.MaximizeBox = $false
$form.TopMost = $true
#####################################################################################################################################################
$objLabel = New-Object System.Windows.Forms.label
$objLabel.Location = New-Object System.Drawing.Size(10,20)
$objLabel.Size = New-Object System.Drawing.Size(130,15)
$objLabel.BackColor = "Transparent"
$objLabel.ForeColor = "Black"
$objLabel.Text = "Username"
$Form.Controls.Add($objLabel)
#textbox with choosen user name
$txtBox = New-Object System.Windows.Forms.TextBox
$txtBox.Location = New-Object System.Drawing.Point (180, 20)
$txtBox.Size = New-Object System.Drawing.Size(280,100)
$form.Controls.Add($txtBox)
#####################################################################################################################################################
$objLabel2 = New-Object System.Windows.Forms.label
$objLabel2.Location = New-Object System.Drawing.Size(10,50)
$objLabel2.Size = New-Object System.Drawing.Size(130,15)
$objLabel2.BackColor = "Transparent"
$objLabel2.ForeColor = "Black"
$objLabel2.Text = "Password"
$Form.Controls.Add($objLabel2)
#textbox with choosen password
$txtBox2 = New-Object Windows.Forms.MaskedTextBox
$txtBox2.PasswordChar = '*'
$txtBox2.Location = New-Object System.Drawing.Point (180, 50)
$txtBox2.Size = New-Object System.Drawing.Size(280,100)
$form.Controls.Add($txtBox2)
#####################################################################################################################################################
#create checkbox1
$checkBox = New-Object System.Windows.Forms.CheckBox
$checkBox.Location = New-Object System.Drawing.Point (10, 100)
$checkBox.Size = New-Object System.Drawing.Size(350,30)
$checkBox.Text = "PasswordNeverExpires"
$form.Controls.Add($checkBox)
#create checkbox2
$checkBox2 = New-Object System.Windows.Forms.CheckBox
$checkBox2.Location = New-Object System.Drawing.Point (10, 150)
$checkBox2.Size = New-Object System.Drawing.Size(350,30)
$checkBox2.Text = "UserMayChangePassword"
$form.Controls.Add($checkBox2)
#create checkbox3
$checkBox3 = New-Object System.Windows.Forms.CheckBox
$checkBox3.Location = New-Object System.Drawing.Point (10, 200)
$checkBox3.Size = New-Object System.Drawing.Size(350,30)
$checkBox3.Text = "AccountNeverExpires"
$form.Controls.Add($checkBox3)
#create checkbox4
$checkBox4 = New-Object System.Windows.Forms.CheckBox
$checkBox4.Location = New-Object System.Drawing.Point (10, 250)
$checkBox4.Size = New-Object System.Drawing.Size(350,30)
$checkBox4.Text = "AdminAccount"
$form.Controls.Add($checkBox4)
#create checkbox5
$checkBox5 = New-Object System.Windows.Forms.CheckBox
$checkBox5.Location = New-Object System.Drawing.Point (10, 300)
$checkBox5.Size = New-Object System.Drawing.Size(350,30)
$checkBox5.Text = "noPassword"
$checkbox5.Add_Click({
# disable/enable other controls depending on state of current checkbox
$checkBox.Enabled = !$checkBox5.Checked
$txtBox2.Enabled = !$checkBox5.Checked
$checkbox4.Enabled = !$checkBox5.Checked
})
$form.Controls.Add($checkBox5)
#create checkbox6
$checkBox6 = New-Object System.Windows.Forms.CheckBox
$checkBox6.Location = New-Object System.Drawing.Point (10, 350)
$checkBox6.Size = New-Object System.Drawing.Size(350,30)
$checkBox6.Text = "ChangePasswordAtLogon"
$form.Controls.Add($checkBox6)
#create user button
$Button = New-Object System.Windows.Forms.Button
$Button.Location = New-Object System.Drawing.Size(10,450)
$Button.Size = New-Object System.Drawing.Size(150,50)
$Button.Text = "create user"
$Button.Add_Click({
# Admin or Users Group
$group = @{$true='S-1-5-32-544';$false='S-1-5-32-545'}[$checkbox4.checked]
try{
# define options to create user
$useroptions = @{
Name = $txtbox.Text
Description = $txtbox.Text
Fullname = $txtbox.Text
AccountNeverExpires = $checkbox3.Checked
UserMayNotChangePassword = !$checkbox2.Checked
ChangePasswordAtLogon = $checkbox6.Checked
}
# if the "noPassword" checkbox is not checked
if (!$checkbox5.Checked){
$useroptions.Password = ConvertTo-SecureString $txtbox2.Text -AsPlainText -Force
$useroptions.PasswordNeverExpires = $checkbox.Checked
}else{
# "noPassword" checkbox is checked
$useroptions.NoPassword = $true
$group = 'S-1-5-32-545'
}
# create user and assign to administrators group
New-LocalUser @useroptions | Add-LocalGroupMember -Group (Get-Localgroup | ? Sid -eq $group)
[System.Windows.Forms.MessageBox]::Show("User has been created successfully.","User created",0,64)
}catch{
[System.Windows.Forms.MessageBox]::Show("Error creating new user account:`n $($_.Exception.Message)","Exception",0,48)
}
})
$form.Controls.Add($Button)
#end
[void]$form.ShowDialog()
CodePudding user response:
Hi i make some changes from middle to end part of your code, i think you need this:
$group = @{$true='Administrators';$false='Users'}[$checkbox4.checked]
try{
# define options to create user
$useroptions = @{
Name = $txtbox.Text
Description = $txtbox.Text
Fullname = $txtbox.Text
AccountNeverExpires = $checkbox3.Checked
UserMayNotChangePassword = !$checkbox2.Checked
#ChangePasswordAtLogon = $checkbox6.Checked
}
# if the "noPassword" checkbox is not checked
if (!$checkbox5.Checked){
$useroptions.Password = ConvertTo-SecureString $txtbox2.Text -AsPlainText -Force
$useroptions.PasswordNeverExpires = $checkbox.Checked
}else{
# "noPassword" checkbox is checked
$useroptions.NoPassword = $true
}
# create user and assign to administrators group
New-LocalUser @useroptions | Set-LocalUser -PasswordNeverExpires $checkbox.Checked
Add-LocalGroupMember -Group $group -Member $useroptions.Name
[System.Windows.Forms.MessageBox]::Show("User has been created successfully.","User created",0,64)
}catch{
[System.Windows.Forms.MessageBox]::Show("Error creating new user account:`n $($_.Exception.Message)","Exception",0,48)
}
})
$form.Controls.Add($Button)
this will add new user in Adminsitrators or in Users group (depends if admin is flagged) and if "PasswordNeverExpires" is flagged, will not ask for prompt new password on the first login.
this is not recognized as parameter for New-LocalUser, so i comment it, you decide what to do. #ChangePasswordAtLogon = $checkbox6.Checked
CODE TESTED AND WORKING
hope this help you
CodePudding user response:
Active Directory looks at the pwdLastSet attribute to see if the account needs to change a password or not. Open AD Users and Computer and look at a perfectly good user account for the "User must change password at next login" box on the Accounts tab. Check the box, and this attribute will be cleared. Uncheck the box again, and it is set to the current timestamp, regardless of what was there originally.
I haven't done this in PowerShell, but I have similar C# code with a UserPrincipal object that uses userPrincipalInstance.LastPasswordSet.HasValue to see is this box would be checked or not, and set (or clear) the userPrincipalInstance.LastPasswordSet to change it's status.
Of course, this is for Active Directory's UserPrincipal, but it's possible WindowsPrincipal for local accounts is similar.