Wednesday, May 29, 2013

Powershell - Local user password expiration and other properties with WMI

I found a lot information about using net user and wmic. I run into a issue with wmic grabbing a domain account with the same name. My guess is there is a quick fix but it wasn't using /node so i decided to go down try something new. Below is a code snippet for creating a user if it doesn't exist and adding to administrators with password that doesn't expire. This code works wonders using Powershell remoting to setup new virtual machines with dynamic users based on requester.

Changing Password Expires field and updating user:
$localuser = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" -Filter "LocalAccount='$True'" | where {$_.Name -eq $user}
$localuser.PasswordExpires = $false
$localuser.Put()
 
 
Here are a list of the properties that can be read or changed.
Properties:
AccountType         Property      uint32 AccountType {get;set;}                                    
Caption             Property      string Caption {get;set;}                                        
Description         Property      string Description {get;set;}                                    
Disabled            Property      bool Disabled {get;set;}                                         
Domain              Property      string Domain {get;set;}                                         
FullName            Property      string FullName {get;set;}                                       
InstallDate         Property      string InstallDate {get;set;}                                    
LocalAccount        Property      bool LocalAccount {get;set;}                                     
Lockout             Property      bool Lockout {get;set;}                                          
Name                Property      string Name {get;set;}                                           
PasswordChangeable  Property      bool PasswordChangeable {get;set;}                               
PasswordExpires     Property      bool PasswordExpires {get;set;}                                  
PasswordRequired    Property      bool PasswordRequired {get;set;}                                 
SID                 Property      string SID {get;set;}                                            
SIDType             Property      byte SIDType {get;set;}                                          
Status              Property      string Status {get;set;} 

Example:

try
{
    $user = "User"
    $userpass = "Pass"
    $localuser = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" -Filter "LocalAccount='$True'" | where {$_.Name -eq $user}
    if($localuser)
    {
        Write-Host "$user was already created"
    }else{
        & net user "$user" "$userpass" /ADD
        $localuser = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" -Filter "LocalAccount='$True'" | where {$_.Name -eq $user}
        if($localuser)
        {
            & net localgroup administrators $user /add
            $localuser.PasswordExpires = $false
            $localuser.Put()
        }else{
            throw "User Creation failed"
        }
    }
}catch{
    throw $error[0]
    exit 1
}finally{
    $userpass = ""
}
Happy Hunting with automating