net user

[JohnOne]

net user at command prompt yields this info...

C:\Users\Name>net user Guest
User name                    Guest
Full Name
Comment                      Built-in account for guest access to the computer/domain
User's comment
Country/region code          000 (System Default)
Account active               No
Account expires              Never

Password last set            19/10/2015 03:12:25
Password expires             Never
Password changeable          19/10/2015 03:12:25
Password required            No
User may change password     No

Workstations allowed         All
Logon script
User profile
Home directory
Last logon                   Never

Logon hours allowed          All

Local Group Memberships      *Guests
Global Group memberships     *None
The command completed successfully.

I don't get that "Password changeable" gives "19/10/2015 03:12:25"

Also, what exactly is the "User profile", and why is "Home directory" empty (for all users)?

Anyone know anything about this? 

Edited October 19, 2015 by JohnOne

[iamtheky]

its minimum password age.  That is the date it becomes changeable.

 

[JohnOne]

Cheers, that makes sense, but is there even a way you can set a password to expire, or lock it so it cannot be changed?

[spudw2k]

https://support.microsoft.com/en-us/kb/251394

/expires:{date | never}
/passwordchg:{yes | no}

 

[spudw2k]

Also, what exactly is the "User profile", and why is "Home directory" empty (for all users)?

User profile allows specifying an alternate path for where the profile directory is stored if you want it changed from the default (useful for storing profiles on secondary partition or network share).
Home directory is an "auto drive map" essentially.  It allows for a user share drive to be defined and mapped when the user logs in.  It is common in enterprise environments to host a U: (or user drive) and a P: (public drive) share folders.  The U: drive is often defined when the user account is created.
 

[JohnOne]

https://support.microsoft.com/en-us/kb/251394

/expires:{date | never}
 

 

That is for the account to expire, Unless it can be used for both.

[spudw2k]

Ah yes, you are right.  That is for the account expiration.  I'm not sure of a way to set an explicit expiration date.  I think is just notes the last time the password was changed and compares it to the computer's security policy on maximum password age. 

Best I'm aware of is you can expire a password and then un-expire it.  When you unexpire the account it will set then expiration date based on the policy (x many days old).
See my post here for an example.  https://www.autoitscript.com/forum/topic/91933-tickle-expired-passwords/?do=findComment&comment=661395

If someone else knows of a more elegant way to se an account's password expiration I'd be interested to know.
 

[AdamUL]

Yes, you can set an account to have it where the user cannot change the password after it is set by an admin, and do other things.  Personally I like using the LocalAccount UDF, instead of net user for things like this.  

Here are a few examples.

#RequireAdmin
#include <LocalAccount.au3>

;Set password, and make it so will not expire.
_AccountSetPassword("UserName", "Password", "0")

;Set password, and make it expire tomorrow at 12:00 AM
_AccountSetPassword("UserName", "Password", "11/1/2015 12:00 AM")

;Use the user's current password, and set the password not to expire.  
_AccountEnableProperty("UserName", $ADS_UF_DONT_EXPIRE_PASSWD)

;Set the user's current password to be expired right now.
_AccountEnableProperty("UserName", $ADS_UF_PASSWORD_EXPIRED)

 

Adam

Edited May 5, 2016 by AdamUL

[spudw2k]

@‌AdamUL
Oooh, fancy!  I had not come across the .PasswordExpirationDate property before. It's always nice to learn new things.
Good stuff.

[AdamUL]

@spudw2k 

Glad you like it.  This is a nice UDF, and I have used for quite some time.  

All

I also, noticed that it is not mentored earlier, but Local Account Polices, if they are not set explicitly, are governed by Local Group Policy (gpedit.msc).  Local Computer Policy->Computer Configuration->Windows Settings->Security Settings->Account Policies.  You can then access Password Policy and Account Lockout Policy.  If you PC is part of a domain, the values will be the same as set in the domain, and are set by the Domain Administrator.  

 

Adam

 

[Denil]

But what's the code only to have the user local pc?

[AdamUL]

Do you mean creating a local user on a PC?  

 

Adam

[jguinch]

@Denil : look at the Local account UDF, it should help you : https://www.autoitscript.com/forum/topic/74118-local-account-udf/