Check for Passwords that Never Expire

by Len Parov.
Share
|
Homepage | Submit your article | Contact | TOS
More articles on microsoft os family  

You are here: Categories » Computers and technology » Microsoft OS family

Here's a handy script that makes it simple to find user accounts with nonexpiring passwords.

User accounts set to never expire are sometimes used for permanent employees of a company, while temporary employees are assigned accounts that expire after a specified period of time. Ever wish you could quickly and simply find out which user accounts have their passwords set to never expire, along with the dates the flags were set? Here is a sample script that accomplishes this and more.

This script prompts for the desired domain, checks all user accounts in the domain to see if their passwords are set to never expire, and reports the date the flags were set. It then writes the output to a CSV file called PWDNeverExpired.csv, creating this file in the same directory where the script itself is located. If the password is not set to expire, the script instead records a No and the date the password will expire.

The Code

To use the script, type it into Notepad (with Word Wrap turned off) and save it with a .vbs extension as PWDNeverExpired.vbs:

' Set WshShell
Set WshShell = WScript.CreateObject("WScript.Shell")
strVer = "Ver 1.0 "
Set FileSystem = WScript.CreateObject("Scripting.FileSystemObject")
Set oFile = FileSystem.CreateTextFile("PWDNeverExpired.csv", true)
 
' Pull Environment variables for domain/user
strDomain = WshShell.ExpandEnvironmentStrings("%USERDOMAIN%")
strUserName = WshShell.ExpandEnvironmentStrings("%USERNAME%")
strOS = WshShell.ExpandEnvironmentStrings("%OS%")
 
strMessage = strMessage & "Hit Cancel or enter a blank to quit" 
strTitle = "Domain to Search"
'get resource domain name, domain default
UserDomain = InputBox(strMessage, strTitle, strDomain)
strMessage = ""
strTitle = ""
 
'strMessage = "Please enter the USER Login ID" & vbCrLf & vbCrLf & _
'"Default is: " & strUserName & vbCrLf & vbCrLf
'strMessage = strMessage & "Hit Cancel or enter a blank to quit"
'strTitle = "USER Login ID"
'get resource domain name, domain default via input box
'objUserName = InputBox(strMessage, strTitle, strUserName)
 
' Display Just a minute!
strMessage = "This may take a few seconds. . ."
WshShell.Popup strMessage,2,"One moment please. . . "
strMessage = ""
 
Set ObjDomain = GetObject("WinNT://" & UserDomain)
ObjDomain.Filter = Array("User")
For Each ObjUser In ObjDomain
 
'Attempt to bind to the user
'Set objUser = GetObject("WinNT://"& UserDomain &"/"& objUser.Name, user)
Set UserName = GetObject("WinNT://" & UserDomain & "/" & ObjUser.Name & _ ",User")
 
' Is password set to NEVER expire?
objPwdExpires = UserName.Get("UserFlags")
If (objPwdExpires And &H10000) <> 0 Then
objPwdExpiresTrue = "Yes"
strPwdExpires = "Date Set: "
msgPwdExpires = "Password Set to Never Expire: "
Else objPwdExpiresTrue = "No"
strPwdExpires = "Password Expires: "
msgPwdExpires = "Password Set to Never Expire: "
End If
oFile.WriteLine (UserName.fullname & "," & UserName.name & "," 
& _ msgPwdExpires & objPwdExpiresTrue & "," & strPwdExpires & _
objUser.PasswordExpirationDate)
'Wscript.Echo "Full Name: " & UserName.fullname & vbCrlf &_
'"Account Name: " & UserName.name & vbCrlf &_
'msgPwdExpires & objPwdExpiresTrue & vbCrlf &_
'strPwdExpires & objUser.PasswordExpirationDate & vbCrlf
Set UserName = Nothing
Next
Wscript.Echo "Done Cheking Accounts"

Running the Hack

To run this hack, simply create a shortcut to the script and double-click on the shortcut. Results a sample CSV output file for the script, viewed in Excel.

Share
Leave a comment or ask a question
Total comments: 0

Microsoft OS family Disclaimer

  • The e-articles directory is not responsible for any and all copyright infringements by writers and authors. If you suspect the information contained by this page for any copyright infringements, please contact us to investigate the issue
Find and Replace Registry Keys from a Command Line - Using the Regfind utility, you can easily search the Registry for a value, regardless of the key, and replace it. Regfind (from the Windows 2000 Server Resource Kit) can be an invalua (more...)
How to Execute a Command on Each Computer in a Domain - This handy script lets you easily run any command on a specified subset of computers in your domain. Running the same command on multiple computers in your domain can be tedious indeed, (more...)
Top Five Tools in Windows 2000 - Here's one IT professional's take on five third-party tools for Windows 2000 every system administrator should have. There can be no doubt that with every release of Microsoft's opera (more...)
Designing Active Directory for Exchange Server 2007 - Active Directory (AD) is a necessary and fundamental component of any Exchange 2007 implementation. That said, organizations do not necessarily need to panic about setting up Active Directory in (more...)
Delegate Control of an OU to a User - Rather than use the Delegation of Control Wizard, use this script to delegate authority over an organizational unit (OU) to a particular user. By delegating administrative responsibilit (more...)
Automatically Windows Log On After Booting - It's sometimes convenient to configure machines to log on automatically when booted. Here are three ways to do this. In all versions of Windows that are based on Windows NT (including W (more...)
Bit Mapped Graphics - Windows marked the transition of the primary operating mode of PC display systems. From character-based displays, Windows ushered in the age of the bit-mapped display. Bit-mapped graphics (more...)
The Evolution of Microsoft Windows ~ Windows XP 64 bit Editions - The CPU story is not over, however. The need for processors capable of handling far more than 4GB of memory has led to development of two competing 64-bit architectures. Intel developed and pro (more...)
MS DOS Alternatives - IBM and several other PC manufacturers all sold customized versions of Microsoft's MS-DOS, and that there was a competitor called DR-DOS. Gary Kildall, whom we left several pages ago sp (more...)
DOS Extenders - A few powerful DOS programs broke the normal DOS rules and were able to leap into protected mode and take advantage of its vast addressing range. They are able to stretch into extended memory us (more...)
 
free content
    Copyright © 2006 - 2012 e-articles.info.
The texts, articles and tutorials in the directory are property of their respective owners and authors.