Simon
Thu Nov 03 08:57:02 CST 2005
Marty
Thanks for the info, I'll go and surf!
Just one supplementary... I can see how the net accounts will assist me in
password aging and the other items I mentioned, but there are other items in
the local/domain security settings that I need to change - particularly the
"allow users with no password to logon remotely" (I'm not sure it's actually
called that but it's something similar). I suspect that the net accounts
won't work for this?
Regards
Simon
"Marty List" <usenet@optimumx.com> wrote in message
news:OWUTpnH4FHA.2352@TK2MSFTNGP12.phx.gbl...
>
> "Simon Verona" <nomail@nomail.zzz> wrote in message
> news:efD8kBF4FHA.4076@TK2MSFTNGP15.phx.gbl...
>> Hope this is the right group for this question.
>>
>> I have an automated installation script that configures servers for our
>> software installation (which does things like create shares, create
>> windows user accouts etc etc) - these are run on Windows 2003 server. The
>> script is actually a "dos" batch file (xxx.bat).
>>
>> Currently, on Windows 2003 there are three things that I would like to be
>> able to add to the scripting, which I think I will need to use a xxx.vbs
>> vbscript file to do. The items I want to be able to script are as
>> follows:
>>
>> 1. Undisable the guest account
>> 2. Change the permissions on a share - specifically add the guest account
>> and allow all users and all guests to have full access to the share.
>> 3. Change the security on a folder as per the share.
>> 4. Change some of the local/domain security policies - particularly ones
>> that control password aging, minimum password length etc.
>>
>> Can anybody point me in the right direction for any/all of the above?
>>
>> Thanks in advance
>> Simon
>
>
> Hi Simon,
>
> Here's some suggestions:
>
>> 1. Undisable the guest account
> (a.k.a. enable the guest account :)
>
http://www.microsoft.com/technet/scriptcenter/scripts/ds/local/users/lousvb07.mspx
>
>
>> 2. Change the permissions on a share
>
http://msdn.microsoft.com/library/en-us/wmisdk/wmi/setshareinfo_method_in_class_win32_share.asp
>
http://www.google.com/search?q=%22rmtshare.exe%22+site%3Amicrosoft.com
>
http://www.google.com/search?q=%22setacl.exe%22
>
>
>> 3. Change the security on a folder as per the share.
>
http://msdn.microsoft.com/library/en-us/wmisdk/wmi/changesecuritypermissions_method_in_class_win32_directory.asp
>
http://www.google.com/search?q=ADsSecurity+site%3Amicrosoft%2Ecom
>
http://www.google.com/search?q=cacls+site%3Amicrosoft%2Ecom
>
>
>> 4. Change some of the local/domain security policies
> MSH C:\> net.exe help accounts
> The syntax of this command is:
>
>
> NET ACCOUNTS
> [/FORCELOGOFF:{minutes | NO}] [/MINPWLEN:length]
> [/MAXPWAGE:{days | UNLIMITED}] [/MINPWAGE:days]
> [/UNIQUEPW:number] [/DOMAIN]
>
>
> NET ACCOUNTS updates the user accounts database and modifies password
> and logon requirements for all accounts.
> When used without options, NET ACCOUNTS displays the current settings for
> password, logon limitations, and domain information.
>
> Two conditions are required in order for options used with
> NET ACCOUNTS to take effect:
>
> _ The password and logon requirements are only effective if user
> accounts have been set up (use User Manager or the NET USER command).
>
> _ The Net Logon service must be running on all servers in the domain
> that verify logon. Net Logon is started automatically when Windows
> starts.
>
> /FORCELOGOFF:{minutes | NO} Sets the number of minutes a user has
> before being forced to log off when the
> account expires or valid logon hours expire.
> NO, the default, prevents forced logoff.
> /MINPWLEN:length Sets the minimum number of characters for
> a password. The range is 0-14 characters;
> the default is 6 characters.
> /MAXPWAGE:{days | UNLIMITED} Sets the maximum number of days that a
> password is valid. No limit is specified
> by using UNLIMITED. /MAXPWAGE can't be less
> than /MINPWAGE. The range is 1-999; the
> default is to leave the value unchanged.
> /MINPWAGE:days Sets the minimum number of days that must
> pass before a user can change a password.
> A value of 0 sets no minimum time. The range
> is 0-999; the default is 0 days. /MINPWAGE
> can't be more than /MAXPWAGE.
> /UNIQUEPW:number Requires that a user's passwords be unique
> through the specified number of password
> changes. The maximum value is 24.
> /DOMAIN Performs the operation on a domain
> controller of the current domain. Otherwise,
> the operation is performed on the local
> computer.
>
> NET HELP command | MORE displays Help one screen at a time.
>
>
>
>