Proneax Posted May 22, 2004 Share Posted May 22, 2004 I wanted a way to have more control over the user setup process. The problem is when you set up a system for more than one user, you either have to include each user's password on the cd or make sure everyone changes their password.To get around this, you can use a utility called "cusrmgr".Unfortunately, it's only available with the win2kpro resource kit.Luckily, you can download the file here.The way I use this utility is to use the "net user" command to give each user a generic password, such as 'newpass' then I use the following command switch to force each user to change thier password at the next (first) login:cusrmgr -u [Username] +s MustChangePasswordso my batch file looks like this for each user:net user test newpassword /addnet localgroup "Power Users" test /addnet accounts /maxpwage:unlimitedcusrmgr -u test +s MustChangePasswordthat, coupled with setting the binary value 'MinPwdLen' to the desired value in[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\]provides a pretty good setup.what do you think? Link to comment Share on other sites More sharing options...
GreenMachine Posted May 22, 2004 Share Posted May 22, 2004 Welcome to MSFN, Proneax!Funny you should mention it: I did just the same two days ago. Works fine for me. The CUSRMGR has a lot of possibilites, including ticking some of those boxes for which we had previously used various workarounds.You got me thinking about 'MinPwdLen', and I found this utility that should be able to do it from the command line.My UserSetup script also changes the default location for the Documents, Music, Pictures, Desktop and Favorites directories to a non-system disk, creates those directories and sets the permissions, and generates a few other things (like setting up the whole PC, and grabbing me a beer).What I did not get to work, was to have Outlook use the existing outlook.pst file, but that is another matter ...AccountPolicy_v0.2.zip Link to comment Share on other sites More sharing options...
Proneax Posted May 23, 2004 Author Share Posted May 23, 2004 Looking around, I just saw that you can use :/minpwlen[:length]on the end of the "net accounts" line to do the same thing.When you set up the profiles on a separate disk, do you just use:net user [...] /profilepath[:path]is that sufficient or do you do more? Link to comment Share on other sites More sharing options...
GreenMachine Posted May 23, 2004 Share Posted May 23, 2004 Geez, last time I trust a rookie! I thought that you could not use the NET command for that, as you were injecting the registry. No, I do not move the profiles: I would do that in WINNT.SIF over the boards in that case. Most of the stuff in the profile, e.g. "Documents and Settings", I don't want to backup, nor save after a reformat. I change the path to those directories in the registry to D:\DATA\%USERNAME%\SpecialFolder. I also map D:\DATA\%USERNAME% to the H(OME): drive.Attached is a modified version of my script. I have edited it to be suitable for posting, and not tested it. Watch out for typos ... I run this from RunOnceEx, after reboot, thus I need to load the Default user's registry hive. I'm still playing with it, but my version does work fine at the moment. I just need it to do a tad bit more ...MAKEUSER.CMD Link to comment Share on other sites More sharing options...
Proneax Posted June 1, 2004 Author Share Posted June 1, 2004 let me also add that if you have a username that is the same as the computer name, you can't use the net command to add that user to a user group.It will say something like 'user does not exist' error 3317. Link to comment Share on other sites More sharing options...
sleepnmojo Posted June 1, 2004 Share Posted June 1, 2004 A useful tool i have found on this board is "netuser" (no space). It allows you to change usernames, and set the must change password. Link to comment Share on other sites More sharing options...
GreenMachine Posted June 1, 2004 Share Posted June 1, 2004 NetUser V1.01 16/12/97 (c) Siemens AG, ATD OIusage: netuser <username> <settings><settings>: /name:<newname> set a new name /pwnexp:{y|n} set 'password never expires'Not that I mean to cotradict you ... but NETUSER does NOT tick the MustChangePassword box, just the PasswordNeverExpires box. CUSRMGR is the only one I found that does. Link to comment Share on other sites More sharing options...
sleepnmojo Posted June 1, 2004 Share Posted June 1, 2004 Not that I mean to cotradict you ... but NETUSER does NOT tick the MustChangePassword box, just the PasswordNeverExpires box. CUSRMGR is the only one I found that does.nice catch, must have been a brain fart on my end. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now