Enhanced User Setup

[Proneax]

I wanted a way to have more control over the user setup process. The problem is when you set up a system for more than one user, you either have to include each user's password on the cd or make sure everyone changes their password.

To get around this, you can use a utility called "cusrmgr".

Unfortunately, it's only available with the win2kpro resource kit.

Luckily, you can download the file here.

The way I use this utility is to use the "net user" command to give each user a generic password, such as 'newpass' then I use the following command switch to force each user to change thier password at the next (first) login:

cusrmgr -u [Username] +s MustChangePassword

so my batch file looks like this for each user:

net user test newpassword /add
net localgroup "Power Users" test /add
net accounts /maxpwage:unlimited
cusrmgr -u test +s MustChangePassword

that, coupled with setting the binary value 'MinPwdLen' to the desired value in

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\]

provides a pretty good setup.

what do you think?

[GreenMachine]

Welcome to MSFN, Proneax!

Funny you should mention it: I did just the same two days ago. Works fine for me. The CUSRMGR has a lot of possibilites, including ticking some of those boxes for which we had previously used various workarounds.

You got me thinking about 'MinPwdLen', and I found this utility that should be able to do it from the command line.

My UserSetup script also changes the default location for the Documents, Music, Pictures, Desktop and Favorites directories to a non-system disk, creates those directories and sets the permissions, and generates a few other things (like setting up the whole PC, and grabbing me a beer).

What I did not get to work, was to have Outlook use the existing outlook.pst file, but that is another matter ...

AccountPolicy_v0.2.zip

[Proneax]

Looking around, I just saw that you can use :

/minpwlen[:length]

on the end of the "net accounts" line to do the same thing.

When you set up the profiles on a separate disk, do you just use:

net user [...] /profilepath[:path]

is that sufficient or do you do more?

[GreenMachine]

Geez, last time I trust a rookie! I thought that you could not use the NET command for that, as you were injecting the registry.

No, I do not move the profiles: I would do that in WINNT.SIF over the boards in that case. Most of the stuff in the profile, e.g. "Documents and Settings", I don't want to backup, nor save after a reformat. I change the path to those directories in the registry to D:\DATA\%USERNAME%\SpecialFolder. I also map D:\DATA\%USERNAME% to the H(OME): drive.

Attached is a modified version of my script. I have edited it to be suitable for posting, and not tested it. Watch out for typos ... I run this from RunOnceEx, after reboot, thus I need to load the Default user's registry hive. I'm still playing with it, but my version does work fine at the moment. I just need it to do a tad bit more ...

MAKEUSER.CMD

[Proneax]

let me also add that if you have a username that is the same as the computer name, you can't use the net command to add that user to a user group.

It will say something like 'user does not exist' error 3317.

[sleepnmojo]

A useful tool i have found on this board is "netuser" (no space). It allows you to change usernames, and set the must change password.

[GreenMachine]

NetUser V1.01  16/12/97  (c) Siemens AG, ATD OI

usage:  netuser <username> <settings>

<settings>:
  /name:<newname>      set a new name
  /pwnexp:{y|n}        set 'password never expires'

Not that I mean to cotradict you ... but NETUSER does NOT tick the MustChangePassword box, just the PasswordNeverExpires box. CUSRMGR is the only one I found that does.

[sleepnmojo]

Not that I mean to cotradict you ... but NETUSER does NOT tick the MustChangePassword box, just the PasswordNeverExpires box. CUSRMGR is the only one I found that does.

nice catch, must have been a brain fart on my end.