PoshCode Archive  Artifact [abbc207299]

Artifact abbc20729911fd173074bcf309d0c7395931b41feae9447b490730f9df9ad4d8:

  • File Set-LocalUserAccount.ps1 — part of check-in [406033ff6b] at 2018-06-10 13:42:16 on branch trunk — Sets properties for a given user local username. (user: Andy Arismendi size: 2666)

# encoding: ascii
# api: powershell
# title: Set-LocalUserAccount
# description: Sets properties for a given user local username.
# version: 0.1
# type: function
# author: Andy Arismendi
# license: CC0
# function: Set-LocalUserAccount
# x-poshcode-id: 4514
# x-archived: 2016-04-12T16:14:32
# x-published: 2016-10-09T15:30:00
#
# Description, Full Name, Password
# Change password at next logon
# User cannot change password
# Password never expires
# Enable/Disable the account
# Unlock the account
# Reset all account flags
#
function Set-LocalUserAccount {
	param (
		[parameter(Mandatory=$true)]
		[string] $Username,
		[string] $Description,
		[string] $FullName,
		[string] $ComputerName = $env:COMPUTERNAME,
		[system.Security.SecureString] $Password,
		[switch] $PasswordChangeAtNextLogon,
		[switch] $CannotChangePassword,
		[switch] $PasswordNeverExpires,
		[switch] $Enable,
		[switch] $Disable,
		[switch] $UnLock,
		[switch] $ResetAllFlags
	)
	
	try {
		if ($Enable -and $Disable) {
			Write-Warning "Please use only -Enable or -Disable."; return
		}
		
		if ($Password) {
			$pass = [Runtime.InteropServices.marshal]::PtrToStringAuto([Runtime.InteropServices.marshal]::SecureStringToBSTR($Password))
		}
		
		$AccountOptions = @{
			ACCOUNTDISABLE = 2; LOCKOUT = 16; PASSWD_CANT_CHANGE = 64; NORMAL_ACCOUNT = 512; DONT_EXPIRE_PASSWD = 65536
		}
		
		$user = [ADSI] "WinNT://$ComputerName/$Username"
		
		if ($Description) {$user.Description = $Description}
		
		if ($FullName) {$user.FullName = $FullName}
		
		if ($pass) {
			$user.psbase.invoke("SetPassword", $pass)
			$user.psbase.CommitChanges()
		}
		
		if ($ResetAllFlags) {
			$user.UserFlags = $user.UserFlags.Value -band $AccountOptions.NORMAL_ACCOUNT
		} else {
				# Disables "User cannot change password" and "Password never expires"
			if ($PasswordChangeAtNextLogon) {
				
				$user.UserFlags = $AccountOptions.PASSWD_CANT_CHANGE -band $AccountOptions.DONT_EXPIRE_PASSWD
				$user.PasswordExpired = 1

			} else {
				if ($CannotChangePassword) {
					$user.PasswordExpired = 0
					$user.UserFlags = $user.UserFlags.Value -bor $AccountOptions.PASSWD_CANT_CHANGE
				} 
				if ($PasswordNeverExpires) {$user.UserFlags = $user.UserFlags.Value -bor $AccountOptions.DONT_EXPIRE_PASSWD}	
			}
			
			if ($Enable) {$user.InvokeSet("AccountDisabled", "False")}
			
			if ($Disable) {$user.InvokeSet("AccountDisabled", "True")}
			
			if ($UnLock) {$user.IsAccountLocked = $false}
		}
		$user.SetInfo()
	} catch {
		throw 'Failed to set local user account properties. The error was: "{0}".' -f $_
	}	
}