Expire Local Admin Account

February 7, 2017 at 10:13:11
Specs: Windows 7 Enterprise, N/A
I hope I'm posting in the correct forum. Is there a way (possibly via scripting) to set an expiration date on a Local Account on a Domain-Joined Client? This would be a temporary local account, and I'm trying to determine how to set an expiration date so that it will no longer work for the user after a period of time or a specified date.

Just to clarify, this is expiration for the account, not setting a password expiration.

Any assistance would be much appreciated... Thanks...


See More: Expire Local Admin Account

Report •

#1
February 7, 2017 at 13:29:54
Yep. Assuming you're going to run the script from the client machine and you have PowerShell available:
[adsi]"WinNT://./aLocalAccount,user" | 
 % { $_.InvokeSet('AccountExpirationDate', '2/7/2017'); $_.SetInfo() }

How To Ask Questions The Smart Way

message edited by Razor2.3


Report •

#2
February 8, 2017 at 03:53:21
Thank you for that. I've never used PowerShell. Do I just copy and paste the text to the "command line" in Powershell, replacing "user" with the account name?


Report •

#3
February 8, 2017 at 05:08:13
That's the straight forward way, yeah. You can also save it as a .ps1 file and try to convince PS to run it. You can also just convert it to VBScript, since I took the MSDN sample script and converted it into Power Shell.
With GetObject("WinNT://./aLocalAccount,user")
  .AccountExpirationDate = "2/7/2017"
  .SetInfo
End With

How To Ask Questions The Smart Way


Report •

Related Solutions

#4
February 8, 2017 at 06:29:10
I must be doing something wrong. I run the vbs, after changing the expiration date and the user to testing. Then I see Windows Script Host error:

Script: d:\disable.vbs
Line: 1
Char: 1
Error: 0x80005000
Code: 8000500
Source: (null)

I have no training on this, so consider me a newbie at this point. :)


Report •

#5
February 8, 2017 at 06:42:15
C:\>err 0x80005000
# for hex 0x80005000 / decimal -2147463168 :
  E_ADS_BAD_PATHNAME                                            adserr.h
# An invalid directory pathname was passed
# 1 matches found for "0x80005000"

There's a problem with the WinNT line, as if that wasn't obvious with the "Line: 1" part. Show us what you've got.

How To Ask Questions The Smart Way


Report •

#6
February 8, 2017 at 07:15:52
Here's the text

With GetObject("WinNT://./aLocalAccount,testing")
.AccountExpirationDate = "2/9/2017"
.SetInfo
End With

It's Windows 7, does that matter? No WinNT folder under the root of C


Report •

#7
February 8, 2017 at 07:21:50
"WinNT://./testing,user"
 ^       ^ ^       ^
 |       | |       |
 +-------+-+-------+- Interface
         +-+-------+- Server ('.' = local machine)
           +-------+- What you want
                   +- What it is

How To Ask Questions The Smart Way

message edited by Razor2.3


Report •

#8
February 8, 2017 at 07:48:26
Now I'm more confused. I appreciate your trying to help. I'm just not getting this.

Report •

#9
February 8, 2017 at 07:56:37
Well, it'll be difficult for you to work through it if you don't ask questions. This syntax dates back to at least the WinNT4 days, if that helps.

How To Ask Questions The Smart Way


Report •

Ask Question