Require Password Change

Hobbs13 · ‎07-10-2012

Hello All.

First off I should state that I have inherited Lansweeper at my job and have come to love what it offers. I have started reading these forums, but to a 1st time visitor its a little daunting. I also have no scripting experience so please be descriptive in your response.

Is there a way to edit the CHANGE PASSWORD script to require the user to change password on next login?

Also, is a log kept of these actions? (If so, where do I view it?)

Also, can we default the password so the helpdesk tech doesn't need to type it in twice each time? (Since we will require the user to change it anyway)

I found the script itself, but would like some help in editing it to provide what we need.
Thanks in advance for your help on this.

If WScript.Arguments.Count = 1 Then
Dim password1,password2
password1=InputBox("Enter new password(1):")
password2=InputBox("Enter new password(2):")
if password1 <> "" then
if password1=password2 then
struser= WScript.Arguments(0)
Set objUser = GetObject("LDAP://" & struser)
objUser.SetPassword(password1)
msgbox "Password changed"
else
msgbox "Passwords do not match"
end if
else
msgbox "Password cannot be blank"
end if
end if

EB · ‎01-24-2013

See also here..

http://www.lansweeper.com/forum/yaf_postst6908_unlocking-user-and-resetting-pass.aspx

Jono · ‎08-23-2012

Hey Hobbs13 - Thanks a ton for this. Based on your script, I changed mine. Sometimes, though, I change the password for a remote user and they cannot change an expired password remotely. I wanted to use your script for office workers, but I didn't want two different scripts and two different links on the LS page.

So I did this:

If WScript.Arguments.Count = 1 Then
	struser= WScript.Arguments(0)
	Set objUser = GetObject("LDAP://" & struser)
	strCN = objUser.Get("cn")

	chgmsg = MsgBox("Do you want to Force " & strCN & " to" & VbCrLf & _
		"          Change his/her Password at Next Logon?" & VbCrLf & VbCrLf & _
		"'Yes' will set a default password and require a change at next logon." & VbCrLf & _
		VbTab & "-  Use 'Yes' for users in the office." & VbCrLf & VbCrLf & _
		"'No' will ask you to set the password; it will not require it to be changed." & VbCrLf & _
		VbTab & "-  Use 'No' for remote users as they cannot change an " & VbCrLf & _
		VbTab & "    expired password remotely." & VbCrLf & VbCrLf & _
		"'Cancel' will cancel the operation." _
		, 547, "Force " & strCN & " to Change Password At Next Logon?")

	If chgmsg = 6 Then
		objUser.SetPassword("Change1now")
		objUser.pwdLastSet = 0
		objUser.SetInfo
		msgbox "Password changed to: Change1now" & VbCrLf & VbCrLf & _
		"   -  It Must Be Changed At Next Logon!",,strCN & "'s password has been changed!"
	end if

	If chgmsg = 7 Then
		password1=InputBox("Enter " & strCN & "'s new password:",strCN)
		password2=InputBox("Confirm " & strCN & "'s new password:",strCN)
		if password1 <> "" then
		    if password1=password2 then
			objUser.SetPassword(password1)
			msgbox strCN & "'s password has been changed to: " & password1,,strCN & "'s password has been changed!"
		    else
			msgbox "The passwords do not match",,"Error, try again"
		    end if
		else
			msgbox "The password cannot be blank",,"Error, try again"
		end if
	end if
end if

Basically, it asks if I want to force a password change at the next logon. If Yes, then it'll automatically set the default password and force the user to change it. If No, then it'll ask for the password (twice) and it will not force a change.

It works great for me. I hope other's find it useful.

Jono

tbayer · ‎11-10-2012

Hi Jono,

where exactly do I need to insert your script?

Thanks!

Jono · ‎01-31-2013

tbayer wrote:
Hi Jono,

where exactly do I need to insert your script?

Thanks!

Hi tbayer - I didn't mean to ignore your question; I don't get emails when these are updated, so I just now saw your question.

I placed the script in the actions folder and named it ChgPw.vbs.

In LS5, place this as the Action for Users: {actionpath}ChgPw.vbs "{cn}"

I hope that helps.

Jono

Hobbs13 · ‎07-17-2012

Thanks for the help. I was getting an error with Line 6 so I removed it.
Looks like you don't need it at all. Here's the final Script I deployed:

If WScript.Arguments.Count = 1 Then
struser= WScript.Arguments(0)
Set objUser = GetObject("LDAP://" & struser)
objUser.SetPassword("CHANGEME")
objUser.pwdLastSet = 0
objUser.SetInfo
msgbox "Password changed to CHANGEME - Must Be Changed On Next Logon."
end if

The last part just adds a popup confirmation box displaying the password so the helpdesk has it handy.

Note: I updated this script a bit today (7/19/2010). Note this script works for domain accounts only. If you are interested in local accounts you willneed to edit this. See here for more info.

For local user objects, the property is PasswordExpired and you assign the value 1 to force a password change at the next logon (a value of 0 does the opposite).

For example:
' Bind to local user object.
Set objUser = GetObject("WinNT://MyComputer/JSmith,user")

' Require password change at next logon.
objUser.PasswordExpired = 1
objUser.SetInfo

ghelpdesk · ‎07-13-2012

Try the below. Password for the account is set to "changeme" and expired so use must set a new one at next logon.

If WScript.Arguments.Count = 1 Then
struser= WScript.Arguments(0)
Set objUser = GetObject("LDAP://" & struser)
objUser.SetPassword("changeme")
objUser.Put "PasswordExpired", 1
objUser.SetInfo
end if

Hobbs13 · ‎07-12-2012

Was hoping for a response to this issue.
We are looking to edit the script for the change password button.

When the button is pressed, I would like it to automatically change the password to a default string set by me. (Example: PasswordChange)

I would also like it to set the flag so the user is required to change the password on next login.

Any thoughts?

Require Password Change

New to Lansweeper?

Try Lansweeper For Free