ITSCSteve Posted March 9, 2020 Share Posted March 9, 2020 Morning, I'm trying to put together a script (if possible) to unlock a local user account on Windows 10 machines. We have desktops in our company that are offsite at client sites that use local logins vs our domain. We have a generic user account they are supposed to use to get into the machine, but sometimes people mistype it or whatever, and the account gets locked. To work around this, we have a backup local account that has admin rights that we provide a manager at the site so they can fix the regular login. Unfortunately, we've had some issues with people resetting things incorrectly and causing us to have the machine shipped in to be corrected. What I'm hoping to put together is a script that they can double click while logged into the "admin" account that will unlock and reset the password to the regular account (we use a static non-expiring password for the local user account). I found this from 2006, but it was for unlocking the Administrator account on a machine. I tested this and it works great, but can't quite figure out how to get it to work with a different account. https://www.autoitscript.com/forum/topic/34868-unlocking-local-account/?tab=comments#comment-254957 Link to comment Share on other sites More sharing options...
Earthshine Posted March 9, 2020 Share Posted March 9, 2020 (edited) it looks like this is what you need to decode from that thread posted by @Jos For $oUserAccount In $oUserAccounts If StringLeft($oUserAccount.SID, 9) = "S-1-5-21-" And _ StringRight($oUserAccount.SID, 4) = "-500" Then ExitLoop Endif Next I believe that identifies the admin account, or at least it looks like it does. You justs have to find out how to detect the user account you want to unlock. I will dig around but don't hold your breath. oop, found it! look up the identifier there so you can id the account you want to unlock with that script. it should work https://support.microsoft.com/en-us/help/243330/well-known-security-identifiers-in-windows-operating-systems For $oUserAccount In $oUserAccounts If StringLeft($oUserAccount.SID, 9) = "S-1-2-0-") Then ExitLoop Endif Next so i would try this and thank @Jos if it works. I have not tested this. Just trying to help out. $oMyError = ObjEvent("AutoIt.Error", "ComError") ; Get Admin UserID $objWMIService = objGet( "winmgmts:{impersonationLevel=impersonate}!//" & @ComputerName & "/root/cimv2") $oUserAccounts = $objWMIService.ExecQuery("Select Name, SID from Win32_UserAccount WHERE Domain = '" & @ComputerName & "'") For $oUserAccount In $oUserAccounts If StringLeft($oUserAccount.SID, 9) = "S-1-2-0") Then ExitLoop Endif Next ; Check disabled ConsoleWrite('Administrator account:' & $oUserAccount.Name & @lf ) Local $objNetwork = ObjCreate("Wscript.Network") $objUser = ObjGet("WinNT://" & @ComputerName & "/" & $oUserAccount.Name & ",user") If $objUser.AccountDisabled Then $objUser.AccountDisabled=0 $objUser.SetInfo ConsoleWrite("Admin account enabled" & @lf) EndIf ; Func ComError() If IsObj($oMyError) Then $HexNumber = Hex($oMyError.number, 8) SetError($HexNumber) ConSoleWrite("Com Error:" & $HexNumber) ConSoleWrite(" ,Line:" & $oMyError.scriptline) ConSoleWrite(" ,LastDllErrc:" & $oMyError.lastdllerror) ConSoleWrite(" ,Desc:" & $oMyError.description) ConSoleWrite(" ,WinDesc:" & $oMyError.windescription) ConSoleWrite(@CRLF) Else SetError(1) EndIf Return 0 EndFunc ;==>ComError Edited March 9, 2020 by Earthshine My resources are limited. You must ask the right questions Link to comment Share on other sites More sharing options...
TheXman Posted March 9, 2020 Share Posted March 9, 2020 (edited) Just execute the NET USER command with the /ACTIVE:YES switch. If you want to change the password at the same time, just add the new password to the command line. Edited March 9, 2020 by TheXman Earthshine 1 CryptoNG UDF: Cryptography API: Next Gen jq UDF: Powerful and Flexible JSON Processor | jqPlayground: An Interactive JSON Processor Xml2Json UDF: Transform XML to JSON | HttpApi UDF: HTTP Server API | Roku Remote: Example Script About Me How To Ask Good Questions On Technical And Scientific Forums (Detailed) | How to Ask Good Technical Questions (Brief) "Any fool can know. The point is to understand." -Albert Einstein "If you think you're a big fish, it's probably because you only swim in small ponds." ~TheXman Link to comment Share on other sites More sharing options...
ITSCSteve Posted March 9, 2020 Author Share Posted March 9, 2020 Thank you @Jos for the original code and @Earthshine for the help with my specific issue. I really appreciate it. Earthshine 1 Link to comment Share on other sites More sharing options...
Earthshine Posted March 9, 2020 Share Posted March 9, 2020 also @TheXman suggestion is very good as an alternative. can be easily scripted TheXman 1 My resources are limited. You must ask the right questions Link to comment Share on other sites More sharing options...
AdamUL Posted March 9, 2020 Share Posted March 9, 2020 You could also use the Local Account UDF. Example below. #RequireAdmin #include <LocalAccount.au3> Global $sUserName = "Admin" _AccountDisableProperty($sUserName, $ADS_UF_LOCKOUT) If @error Then ConsoleWrite(@error & @CRLF) Adam TheXman and Earthshine 2 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now