1. 首頁
  2. 問答
  3. 能ADSI可以用來設置Windows密碼帳戶需要在首次登錄

能ADSI可以用來設置Windows密碼帳戶需要在首次登錄

2015-10-29 107 views
2

變化我有這樣的PowerShell腳本的修改版本:https://social.technet.microsoft.com/Forums/scriptcenter/en-US/355d9293-e324-4f60-8eed-18bcc6d67fc0/adsiwinntcomputeradministratoruser-with-alternate-credentials?forum=ITCG能ADSI可以用來設置Windows密碼帳戶需要在首次登錄

嘗試與第一登錄要求修改密碼的帳戶(如果它失敗我可以使用ctrl + alt + del提示手動更改密碼,但通常會在圖像上對VM進行測試)。那重要的部分是:

Invoke-Command -ComputerName $ComputerName -Credential $Credential -ErrorVariable e -ArgumentList $ComputerName,$NewPassword,$User -ScriptBlock { 
      Param($ComputerName,$NewPassword,$User) 
      $Account = [ADSI]"WinNT://$ComputerName/$User,user" 
      $Account.PwdLastSet = 0 
      $Account.SetInfo() 
      $Account.SetPassword($NewPassword) 
      $Account.SetInfo() 
      $e 
     }

當我運行這對於不需要在首次登錄改變它成功完成一筆賬:

> Change-LocalPassword -User 'TestAccount' -Credential $wincred -OldPassword $OP -NewPassword $NP -ComputerName $computerName 
Info::Change-LocalPassword::Changing password from <old> to <new> 
Info::Change-LocalPassword::Service WinRM is already running on Localhost 
Info::Change-LocalPassword::Trusted Hosts Value is: <computer> 
Info::Change-LocalPassword Invoking Command: [adsi]WinNT://<computer>/TestAccount,user 
True

當帳戶運行,需要先登錄:

Change-LocalPassword -User $Config.win_user -Credential $wincred -OldPassword $Config.winog_passwd -NewPassword $Config.win_passwd -ComputerName $computerName 
Info::Change-LocalPassword::Changing password from <old> to <new> 
Info::Change-LocalPassword::Service WinRM is already running on Localhost 
Info::Change-LocalPassword::Trusted Hosts Value is: <computer> 
Info::Change-LocalPassword Invoking Command: [adsi]WinNT://<computer>/<user>,user 
[computer] Connecting to remote server <computer> failed with the following error message : Access is denied. For more information, see 
the about_Remote_Troubleshooting Help topic. 
    + CategoryInfo   : OpenError: (<computer>:String) [], PSRemotingTransportException 
    + FullyQualifiedErrorId : AccessDenied,PSSessionStateBroken 
-Message Error::Change-LocalPassword::Could not set password for <user> on <computer> [computer] Connecting to remote server <computer> failed with the following error message : Access is denied. For more information, see the about_Remote_Troubleshooting Help topic. 
False

本地管理員帳戶是機器上唯一的帳戶,它沒有加入域。其他人是否遇到過這種情況並確定瞭解決方案

來源

2015-10-29 user5505180

回答

1

添加一個密碼永不過期userflag:

$Account = [ADSI]"WinNT://$ComputerName/$User,user" 
     $Account.UserFlags = 65536 
     $Account.PwdLastSet = 0 
     $Account.SetInfo() 
     $Account.SetPassword($NewPassword) 
     $Account.SetInfo()
如果你想添加「用戶不能更改密碼」以及與此替換上述行 

$Account.UserFlags = 64 + 65536

來源

2015-10-30 07:27:34 Avshalom

+0

這似乎我在某種程度上是循環依賴。機器上唯一的帳戶是我嘗試更改密碼的帳戶。執行一個簡單的調用命令失敗,並使用憑據拒絕訪問(假設因爲必須先更改密碼): – user5505180

+0

'PS D:\ projects \ windows-cloudify> Invoke-Command - 計算機名$計算機名-Credential $ wincred -ScriptBlock {ls c:\ TEMP} [計算機]連接到遠程服務器失敗,並顯示以下錯誤消息:訪問被拒絕。有關更多信息,請參閱 about_Remote_Troubleshooting幫助主題。 + CategoryInfo:OpenError :(計算機:字符串)[],PSRemotingTransportException + FullyQualifiedErrorId:AccessDenied,PSSessionStateBroken' – user5505180

相關問題

 相關問題