Find Users Who Are Allowed To Have No Password Using PowerShell

4 years ago

source link: https://thomasrayner.ca/find-users-who-are-allowed-to-have-no-password-using-powershell/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

Find Users Who Are Allowed To Have No Password Using PowerShell

You can use the UserAccountControl property of an Active Directory user object to enable and disable all kinds of neat functionality: https://support.microsoft.com/en-ca/kb/305144. One of the things you can enable is for a user to have no password (bit in the 32 position).

While this only impacts users who connect to the console, and it doesn’t mean that a user doesn’t have a password (just that they might), it’s pretty bad to leave that enabled for any users you’ve got.

Here’s an easy one-liner to get a list of users with this problem.

get-aduser -filter "useraccountcontrol -band 32" -properties useraccountcontrol

This shows you all the users in your domain whose password not required flag is set.

Here’s an easy way to fix it indiscriminately! Pipe the last command into…

 | foreach-object { Set-ADAccountControl $_.samaccountname -PasswordNotRequired $false }

Written on March 22, 2017

Recommend

techcommunity.microsoft.com 4 years ago
Cache

How to get any site collection users with their roles using PnP PowerShell?

news.softpedia.com 3 years ago
Cache

Windows 11 Users Will Be Allowed to Easily Downgrade to Windows 10 for 10 Days

Downgrades will be possible with a clean install afterwards Windows 11 is coming later this year, and as announced already, it will be offered as a free upgrade for certain eligible Windows 10 devic...