ultimate useraccounts.cmd from cmdlines.txt

[JoeMSFN]

You get to read my story before I give you the code that solved all of this.

Long long ago, when Vista was just another code named rumor and I didn't have an account on this site, I used a .cmd file in cmdlines.txt to create a default user account. All was good with my unattended universe.

Then I stumbled upon the OOBE trick.

I used to use the OOBEINFO.INI file with nothing more than

[UserInfo]
Identity000="DefaultUser"

I had developed more skills and integrated graphics drivers and this was good for a very long time.

Then I had a problem with a laptop that the graphics driver was installed, but OOBEINFO was skipped and I was greeted with 640x480 login prompt for the Administrator account. (I set a password in the winnt.sif file for the administrator). No autologon joy for me.

Since I wanted as much of a one size fits instALL, I abandoned the OOBE effort and went back to the old way (useraccounts.cmd from cmdlines.txt).

Then something caught my attention, my default user accounts (under manage) didn't have "Password never expires" checked. But new accounts created via the control panel did. I also wasn't comfortable with the "machine wide" /maxpwage:unlimited switch, since still no check in the box. After some (some meaning copious amounts) of searching I found out that there was no command line .cmd file suitable way of doing it, I could only do it via .VBS or other higher level scripting. Discouraged, but not giving up I also found out that .VBS can be run way early on in the XP setup, even before a real user logs in!!! And I had found a nice script runnable from my useraccounts.cmd file. Yeah!!!!

All was good with my XP Pro installing world!

The new PCs I've been building have all been getting XP pro. Good thing to since businesses use pro and I think MS has a greater lifecycle for that.

So a little side effect from unattended Home went unnoticed since I hadn't done a Home install since I had switched from OOBEINFO to cmdlines.txt to create the default account.

But lately I've had a run on XP Home re-installs (HD crash, spyware/virus invections, etc) so I decided to update my Home source with all the updates and other loving attention I've lavished on my Pro source.

And I was greeted once again with the Welcome screen!!!!! (at least Administrator wasn't there)

I had a new friend by the name of Owner. Thinking my install source was somehow tainted with some junk I went on another Google quest and learned that Owner rains on many a would be unattended installers parade. There had to be a way around this mess.

Filled with courage from my previous successes and still wanting my one $OEM$ folder for everything, I set about to fix this. A little bit of .cmd coding and experimenting and I discovered that I could safely delete "Owner" and create my "DefaultUser" account. I once again had the warm fuzzy feeling of unattended goodness.

But being the person I am, I wanted to have the ability to have spaces in my "Default User" account. The thing is, I run useraccounts.cmd from cmdlines.txt and useraccounts.cmd takes the first parameter as the username to create (I like flexibility too.) Well I'll just quote the username parameter ... um... wait... I can't do that with cmdlines.txt.

I used to use %~1 (I like to remove quotes from parameters). After a little more searching I found that %* gives all arguments (except for the filename %0). Hurray!!! I have something that works in all situations. Or at least I think I do.

So for reading my little novella above, you are greatly rewarded with the code I use to accomplish all this.

1. Works regardless of graphic driver status (i.e. the OOBE problem avoided)
   
2. Makes sure "Password never expires" is checked in local users under manage computer. (just like the control panel does!)
   
3. You only get the default user you want in XP Home (as well as the others).
   
4. If you double click it, you don't accidentally clobber an account called "Owner" since it won't work without a Username passed to it!
   

For cmdlines.txt use

[COMMANDS]
".\T12setup.cmd"
"REGEDIT /S .\DefUserRegTweaks.reg"
".\RunOnceEx.cmd"
".\useraccounts.cmd UserName"

The useraccounts.cmd above is all that matters. I just showed a "complete" cmdlines.txt for perspective.

Now onto useraccounts.cmd

@echo off
setlocal
set uname=%*
title "useraccounts"
if not defined uname (goto :eof)
net user "Owner" /delete
net accounts /maxpwage:unlimited
net user "%uname%" /passwordreq:no /fullname:"%uname%" /add
net localgroup Administrators "%uname%" /add
start "Set Password Never Expires" /wait cscript "%~dp0useraccounts.vbs" "%uname%" //Nologo
REM REGEDIT /S autologon.reg
endlocal&EXIT

And now for the .vbs which deals with the "Password never expires" check boxing.

useraccounts.vbs

Dim ArgObj, var1
Set ArgObj = WScript.Arguments
'Originally PWNVREXP.vbs
'Takes a username from the command line and makes it so under
'My Computer-Manage-Local Users-User Properties-Password never expires is checked
WScript.echo "The current user is """& CreateObject("WScript.Shell").ExpandEnvironmentStrings("%USERNAME%")&""""
If ArgObj.Count < 1 Then
Set wshShell = CreateObject("WScript.Shell")
strUser = wshShell.ExpandEnvironmentStrings("%USERNAME%")
else
strUser=ArgObj(0)
end if
'wscript.echo "strUser="""&strUser&""""
strComputer = "."
Set User = Getobject("WinNT://" & strComputer & "/" & strUser)
Flags = User.Get("UserFlags")
'
User.put "Userflags", flags OR &H10000
user.setinfo
wscript.echo "Set ""Password never expires"" on account """&strUser&""""
Set User = nothing
set ArgObj=Nothing
set wshShell=Nothing
set StrUser=Nothing

Put the above three files in your $OEM$ folder and create your unattended from various guides that other MSFNers have found in this wonderful cyberworld.

Credits to me.... Adding the net user "Owner" /delete. Everything else I found. The useraccounts.cmd I found at the MSFN! (sans the username passed to it). And the VBS I stumbled upon somewhere. Don't remember where. And my bookmarks are way to numerous for me to search back and look. But I don't claim credit. I'm just sharing a full solution here.

I don't care about checking the existence of the "Owner" account before deleting it, since for Pro, the error it produces trying to delete the non-existent account isn't a show stopper.

The "Current Account Is" output from the .VBS is just my curiousity about what account is at that point. (didn't want to delete the currently logged on account). Turns out it %USERNAME% is all I get. I was hoping to see "default" or "system" oh well.

Enjoy!

Edited December 29, 2007 by JoeMSFN

[PC_LOAD_LETTER]

Ive used the vbscript method before (not sure if its the same one you have) and ive had mixed results so i replaced

start "Set Password Never Expires" /wait cscript "%~dp0useraccounts.vbs" "%uname%" //Nologo

with

netuser.exe "%uname%" /pwnexp:y

in my bat files.

with the attached file in the path (i cant remember where i got it so its easier to just attach it)

I also add the user to the 'Power Users' Group too so that once im done setting things up as them I can demote them by just removing administrator

netuser.exe