Jump to content

Unlock a local user account - Windows 10

Recommended Posts


I'm trying to put together a script (if possible) to unlock a local user account on Windows 10 machines.  We have desktops in our company that are offsite at client sites that use local logins vs our domain.  We have a generic user account they are supposed to use to get into the machine, but sometimes people mistype it or whatever, and the account gets locked.  To work around this, we have a backup local account that has admin rights that we provide a manager at the site so they can fix the regular login.  Unfortunately, we've had some issues with people resetting things incorrectly and causing us to have the machine shipped in to be corrected.

What I'm hoping to put together is a script that they can double click while logged into the "admin" account that will unlock and reset the password to the regular account (we use a static non-expiring password for the local user account).


I found this from 2006, but it was for unlocking the Administrator account on a machine.  I tested this and it works great, but can't quite figure out how to get it to work with a different account.


Link to comment
Share on other sites

it looks like this is what you need to decode from that thread posted by @Jos

For $oUserAccount In $oUserAccounts
    If StringLeft($oUserAccount.SID, 9) = "S-1-5-21-" And _
        StringRight($oUserAccount.SID, 4) = "-500" Then

I believe that identifies the admin account, or at least it looks like it does. You justs have to find out how to detect the user account you want to unlock. I will dig around but don't hold your breath.


oop, found it! look up the identifier there so you can id the account you want to unlock with that script. it should work




For $oUserAccount In $oUserAccounts
    If StringLeft($oUserAccount.SID, 9) = "S-1-2-0-") Then 


so i would try this and thank @Jos if it works. I have not tested this. Just trying to help out.

$oMyError = ObjEvent("AutoIt.Error", "ComError")
; Get Admin UserID
$objWMIService = objGet( "winmgmts:{impersonationLevel=impersonate}!//"  & @ComputerName & "/root/cimv2")
$oUserAccounts = $objWMIService.ExecQuery("Select Name, SID from Win32_UserAccount WHERE Domain = '" & @ComputerName & "'")
For $oUserAccount In $oUserAccounts
    If StringLeft($oUserAccount.SID, 9) = "S-1-2-0") Then
; Check disabled
ConsoleWrite('Administrator account:' & $oUserAccount.Name & @lf )
Local $objNetwork = ObjCreate("Wscript.Network")
$objUser = ObjGet("WinNT://" & @ComputerName & "/" & $oUserAccount.Name & ",user")
If $objUser.AccountDisabled Then 
    ConsoleWrite("Admin account enabled" & @lf)
Func ComError()
    If IsObj($oMyError) Then
        $HexNumber = Hex($oMyError.number, 8)
        ConSoleWrite("Com Error:" & $HexNumber)
        ConSoleWrite("  ,Line:" & $oMyError.scriptline)
        ConSoleWrite("  ,LastDllErrc:" & $oMyError.lastdllerror)
        ConSoleWrite("  ,Desc:" & $oMyError.description)
        ConSoleWrite("  ,WinDesc:" & $oMyError.windescription)
    Return 0
EndFunc   ;==>ComError
Edited by Earthshine

My resources are limited. You must ask the right questions


Link to comment
Share on other sites

Just execute the NET USER command with the /ACTIVE:YES switch.  If you want to change the password at the same time, just add the new password to the command line.

Edited by TheXman
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...