1. 首页
  2. 问答
  3. 能ADSI可以用来设置Windows密码帐户需要在首次登录

能ADSI可以用来设置Windows密码帐户需要在首次登录

2015-10-29 61 views
2

变化我有这样的PowerShell脚本的修改版本:https://social.technet.microsoft.com/Forums/scriptcenter/en-US/355d9293-e324-4f60-8eed-18bcc6d67fc0/adsiwinntcomputeradministratoruser-with-alternate-credentials?forum=ITCG能ADSI可以用来设置Windows密码帐户需要在首次登录

尝试与第一登录要求修改密码的帐户(如果它失败我可以使用ctrl + alt + del提示手动更改密码,但通常会在图像上对VM进行测试)。那重要的部分是:

Invoke-Command -ComputerName $ComputerName -Credential $Credential -ErrorVariable e -ArgumentList $ComputerName,$NewPassword,$User -ScriptBlock { 
      Param($ComputerName,$NewPassword,$User) 
      $Account = [ADSI]"WinNT://$ComputerName/$User,user" 
      $Account.PwdLastSet = 0 
      $Account.SetInfo() 
      $Account.SetPassword($NewPassword) 
      $Account.SetInfo() 
      $e 
     }

当我运行这对于不需要在首次登录改变它成功完成一笔账:

> Change-LocalPassword -User 'TestAccount' -Credential $wincred -OldPassword $OP -NewPassword $NP -ComputerName $computerName 
Info::Change-LocalPassword::Changing password from <old> to <new> 
Info::Change-LocalPassword::Service WinRM is already running on Localhost 
Info::Change-LocalPassword::Trusted Hosts Value is: <computer> 
Info::Change-LocalPassword Invoking Command: [adsi]WinNT://<computer>/TestAccount,user 
True

当帐户运行,需要先登录:

Change-LocalPassword -User $Config.win_user -Credential $wincred -OldPassword $Config.winog_passwd -NewPassword $Config.win_passwd -ComputerName $computerName 
Info::Change-LocalPassword::Changing password from <old> to <new> 
Info::Change-LocalPassword::Service WinRM is already running on Localhost 
Info::Change-LocalPassword::Trusted Hosts Value is: <computer> 
Info::Change-LocalPassword Invoking Command: [adsi]WinNT://<computer>/<user>,user 
[computer] Connecting to remote server <computer> failed with the following error message : Access is denied. For more information, see 
the about_Remote_Troubleshooting Help topic. 
    + CategoryInfo   : OpenError: (<computer>:String) [], PSRemotingTransportException 
    + FullyQualifiedErrorId : AccessDenied,PSSessionStateBroken 
-Message Error::Change-LocalPassword::Could not set password for <user> on <computer> [computer] Connecting to remote server <computer> failed with the following error message : Access is denied. For more information, see the about_Remote_Troubleshooting Help topic. 
False

本地管理员帐户是机器上唯一的帐户,它没有加入域。其他人是否遇到过这种情况并确定了解决方案

来源

2015-10-29 user5505180

回答

1

添加一个密码永不过期userflag:

$Account = [ADSI]"WinNT://$ComputerName/$User,user" 
     $Account.UserFlags = 65536 
     $Account.PwdLastSet = 0 
     $Account.SetInfo() 
     $Account.SetPassword($NewPassword) 
     $Account.SetInfo()
如果你想添加“用户不能更改密码”以及与此替换上述行 

$Account.UserFlags = 64 + 65536

来源

2015-10-30 07:27:34 Avshalom

+0

这似乎我在某种程度上是循环依赖。机器上唯一的帐户是我尝试更改密码的帐户。执行一个简单的调用命令失败,并使用凭据拒绝访问(假设因为必须先更改密码): – user5505180

+0

'PS D:\ projects \ windows-cloudify> Invoke-Command - 计算机名$计算机名-Credential $ wincred -ScriptBlock {ls c:\ TEMP} [计算机]连接到远程服务器失败,并显示以下错误消息:访问被拒绝。有关更多信息,请参阅 about_Remote_Troubleshooting帮助主题。 + CategoryInfo:OpenError :(计算机:字符串)[],PSRemotingTransportException + FullyQualifiedErrorId:AccessDenied,PSSessionStateBroken' – user5505180

相关问题

 相关问题