Guy's Scripting Ezine 50 - pwdLastSet
Contents for Guy's Scripting Ezine 50 - pwdLastSet
This time last year, I never thought that we would get to 50 editions of my ezine. Next week I am planning to celebrate with an ebook of all 50 ezines, naturally it will be free. My only worry is making sure that all subscribers get a copy and that is why I set the default ezine to plain text this week. So if you don't like plain text then please edit your preferences.
Last week I could not help noticing that 5 emails in a row came from people whose first language was not English. I felt humble because I cannot speak, let alone write, in French, German, Spanish or Italian. My other feeling was how lucky I am to be raised in a country whose language has been adopted by much of the web.
One of the true joys of editing an ezine is opening the letters that people send in. Your readers' letters really compliment my rough and ready style with my, 'let's get started' mantra. On the one hand, I guess people feel nothing is too simple to write about, while on the other hand people are not shy to point out improvements to my scripts. Here are some examples that I would like to share with you.
Ulrich P has sent in a neat improvement for my Set Password Script. In fact, Ulrich's VBScript is the main feature this week's ezine.
Stephane has send me the URL of his site which creates custom ActiveX components. I would like to know more of this application of VBscript myself.
Mark P. emailed me with the worlds toughest 800 code error: 0x80041001 "Call failed". This wins the biscuit for the most obscure and least helpful of the code error messages. In fact the whole 080041xxx series are all pretty low on information. I will investigate and post any updates in my Code 800 section of the computerperformance.co.uk web site.
John G. Has finally found a way of mapping printers before users logon. This is his idea:
SolarWinds' Orion performance monitor will help you discover what's happening on your network. This utility will also guide you through troubleshooting; the dashboard will indicate whether the root cause is a broken link, faulty equipment or resource overload.
What I like best is the way NPM suggests solutions to network problems. Its also has the ability to monitor the health of individual VMware virtual machines. If you are interested in troubleshooting, and creating network maps, then I recommend that you try NPM now.
Suppose you want to force users to change their passwords at next logon. The secret is to employ pwdLastSet = 0 which triggers Active Directory to display the change password dialog box. One tactic could be that you could email new users with an 'easy' password, but then ensure they secure their user account by choosing a new password which is only known to themselves.
Note 1: The change password part of the script was featured in Ezine 23, I have now added an extra section which sets UserAccountControl values.
Note 2: In order to work properly, UserAccountControl = 544 must also have: pwdLastSet = 0. Do feel free to experiment with other UserAccountControl settings. If you find anything interesting do let me know.
Note 3: If you are troubleshooting your own script, check strContainer = "OU=Accounts, "
Note 4: Try the script without the following two lines. (I use an ' [apostrophe] to rem out the lines.)
objUser.Put "pwdLastSet", intPwdValue
Note 5: When you set pwdLastSet to zero it forces users to change their passwords at next logon.
Note 6: Admire the construction: For Each... next.
Note 7: The statement: If objUser.class="user" then.. is designed to filter out users from other objects such as computers. Did you spot the End if?
Note 8: Experiment with variations of the WScript.Echo command.
PwdLastSet is a useful addition to your changing password toolkit. What this command does is force users to change their password at next logon. Naturally, to get the user to change their password, you need to set a value of zero.
See More Active Directory VBScripts for Passwords