Jump to content
ITSCSteve

Unlock a local user account - Windows 10

Recommended Posts

Morning,

I'm trying to put together a script (if possible) to unlock a local user account on Windows 10 machines.  We have desktops in our company that are offsite at client sites that use local logins vs our domain.  We have a generic user account they are supposed to use to get into the machine, but sometimes people mistype it or whatever, and the account gets locked.  To work around this, we have a backup local account that has admin rights that we provide a manager at the site so they can fix the regular login.  Unfortunately, we've had some issues with people resetting things incorrectly and causing us to have the machine shipped in to be corrected.

What I'm hoping to put together is a script that they can double click while logged into the "admin" account that will unlock and reset the password to the regular account (we use a static non-expiring password for the local user account).

 

I found this from 2006, but it was for unlocking the Administrator account on a machine.  I tested this and it works great, but can't quite figure out how to get it to work with a different account.

https://www.autoitscript.com/forum/topic/34868-unlocking-local-account/?tab=comments#comment-254957

Share this post


Link to post
Share on other sites
Posted (edited)

it looks like this is what you need to decode from that thread posted by @Jos

For $oUserAccount In $oUserAccounts
    If StringLeft($oUserAccount.SID, 9) = "S-1-5-21-" And _
        StringRight($oUserAccount.SID, 4) = "-500" Then
        ExitLoop
    Endif
Next

I believe that identifies the admin account, or at least it looks like it does. You justs have to find out how to detect the user account you want to unlock. I will dig around but don't hold your breath.

 

oop, found it! look up the identifier there so you can id the account you want to unlock with that script. it should work

https://support.microsoft.com/en-us/help/243330/well-known-security-identifiers-in-windows-operating-systems

 

 

For $oUserAccount In $oUserAccounts
    If StringLeft($oUserAccount.SID, 9) = "S-1-2-0-") Then 
        ExitLoop
    Endif
Next

 

so i would try this and thank @Jos if it works. I have not tested this. Just trying to help out.

$oMyError = ObjEvent("AutoIt.Error", "ComError")
; Get Admin UserID
$objWMIService = objGet( "winmgmts:{impersonationLevel=impersonate}!//"  & @ComputerName & "/root/cimv2")
$oUserAccounts = $objWMIService.ExecQuery("Select Name, SID from Win32_UserAccount WHERE Domain = '" & @ComputerName & "'")
For $oUserAccount In $oUserAccounts
    If StringLeft($oUserAccount.SID, 9) = "S-1-2-0") Then
        ExitLoop
    Endif
Next
; Check disabled
ConsoleWrite('Administrator account:' & $oUserAccount.Name & @lf )
Local $objNetwork = ObjCreate("Wscript.Network")
$objUser = ObjGet("WinNT://" & @ComputerName & "/" & $oUserAccount.Name & ",user")
If $objUser.AccountDisabled Then 
    $objUser.AccountDisabled=0
    $objUser.SetInfo
    ConsoleWrite("Admin account enabled" & @lf)
EndIf
;
Func ComError()
    If IsObj($oMyError) Then
        $HexNumber = Hex($oMyError.number, 8)
        SetError($HexNumber)
        ConSoleWrite("Com Error:" & $HexNumber)
        ConSoleWrite("  ,Line:" & $oMyError.scriptline)
        ConSoleWrite("  ,LastDllErrc:" & $oMyError.lastdllerror)
        ConSoleWrite("  ,Desc:" & $oMyError.description)
        ConSoleWrite("  ,WinDesc:" & $oMyError.windescription)
        ConSoleWrite(@CRLF)
    Else
        SetError(1)
    EndIf
    Return 0
EndFunc   ;==>ComError
Edited by Earthshine

My resources are limited. You must ask the right questions

 

Share this post


Link to post
Share on other sites
Posted (edited)

Just execute the NET USER command with the /ACTIVE:YES switch.  If you want to change the password at the same time, just add the new password to the command line.

Edited by TheXman

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...