开机密码强度设置

2024-11-17 17:47:41
推荐回答(2个)
回答1:

楼上说的是WINDOWS登录密码.

一.首先开机按住del健进入CMOS画面

不同的CMOS它的设置画面也不同。

二.Set Supervisor Password(设置超级用户密码)

在 Set Supervisor Password中,主要是设置超级用户密码。超级用户密码设置是针对系统启动及进入CMOS Setup时做的密码保护,密码最多包含八个数字或符号,且有大小写之分。设置该项必须先在“Advanced BIOS Features”选项的“Security Option”设置中选“Setup”。设置密码请在主菜单中选择“Set Supervisor Password”,并按下“Enter”键,菜单中间即出现一个方框让你输入密码 。密码输入完毕后请按下“Enter”键,BIOS会要求再输入一次,以确定刚才输入的密码,若两次密码吻合,便将它记录下来。如果你想取消密码,只需在输入新密码时,直接按“Enter”键,这时BIOS会显示“PASSWORD DISABLED”,也就是关闭密码功能,那么下次开机时,就不会再被要求输入密码了。

三. Set User Password(设置用户密码)

在 Set User Password中,主要是设置用户密码。用户密码设置是针对系统启动时做的密码保护,密码最多包含八个数字或符号,且有大小写之分。设置该项必须先在“Advanced BIOS Features”选项的“Security Option”设置中选“System”。设置密码请在主菜单中选择“Set User Password”,并按下“Enter”键,菜单中间即出现一个方框让你输入密码 。密码输入完毕后请按下“Enter”键,BIOS会要求再输入一次,以确定刚才输入的密码,若两次密码吻合,便将它记录下来。如果你想取消密码,只需在输入新密码时,直接按“Enter”键,这时BIOS会显示“PASSWORD DISABLED”,也就是关闭密码功能,那么下次开机时,就不会再被要求输入密码了。

四.Save & Exit Setup(存储并退出设置程序)

在 Save & Exit Setup中,存储所有设置结果并离开设置程序,此时BIOS会征订开机,以便使用新的设置值,按“F10”键也可运行本选项。请在主菜单中选择“ Save & Exit Setup ”,并按下“Enter”键,会出现:“ Save to CMOS and EXIT (Y/N)?”的菜单,询问是否 存储并退出设置程序 ,请按“Y”或“Enter”键,即可 储存所有设置结果到RTC中的CMOS SRAM并离开CMOS Setup Utility。如果不想退出,则按“N”或Esc”均可返回到主菜单中。

回答2:

换个密码,新建power用户隶属power users组,新建通用帐户st,密码为空。任务简单,感受颇多,这可是在工作组的环境中,很多AD中快捷的方法用不上,唉,不过还是简单总结出来,留为后用。
工作组:

1、批处理:
(1)
@ECHO OFF
net accounts /maxpwage:unlimited
net user administrator password:XXXXXX
net user st /add
net user power password:116527 /add
net localgroup "power users" power /add

net accounts /maxpwage:unlimited

提示:用2000resource kit 自带的adduser.exe这个命令:
(没找到啊,到网上查了一下:xiaobai的隐藏帐户添加器也是这个名字,可惜没有下载到)

/p: 设定所创建帐号的选项,与(lced)合用
l 用户第一次登录不需更改密码
c 用户不能更改密码
e 密码永不过期 (与l合用)
d 帐户禁用

(2)VBS

strComputer = "."
Dim user2
Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_UserAccount")

For Each user1 In colItems
user2 = user1.Name
Set objUser = GetObject("WinNT://" & strComputer & "/" & user2 )
If Not objUser.UserFlags AND ADS_UF_DONT_EXPIRE_PASSWD Then

objPasswordNoExpire = objUser.UserFlags XOR ADS_UF_DONT_EXPIRE_PASSWD
objUser.Put "userFlags", objPasswordNoExpire

objUser.SetInfo

End If

Next

AD中:
2、脚本
在建立一个帐户时自动添加入密码永不过期,szname是用户帐户
Set oDomain = GetObject("LDAP://RootDSE")
szDomain = oDomain.Get("defaultNamingContext")
szPath = "LDAP://CN=Users," & szDomain
Set oParent = GetObject(szPath)
Set oUser = oParent.Create("user", "CN=" & szName)
oUser.Put "samAccountName", szName
oUser.Put "userAccountControl", "66048"

(2)批量修改AD帐户中的所有用户属性
(http://www.winmag.com.cn/forum/itemdisplay.asp?boardid=5&id=545834)

--------------------------------------------------------------------------------

用这个脚本修改用户属性,比如密码永不过期,索要修改的属性为useraccountcontrol
属性值为 65536,如果要修改密码,由于其不是账户的属性,需要修改

'Retrieve information from the user
strDN = InputBox("Enter the DN to the container you want to be the root of the search.

(Ex. OU= test,DC=Domain,DC=Com)", "Enter DN:")
strAttrib = InputBox("Enter the attribute you wish edit. (Ex. profilePath, or

homeDirectory)", "Enter Attribute")
strExQuery = InputBox("Enter additional query parameters.", "Enter Query Parameters")
strNewvalue = InputBox("Enter new value for the attribute.", "Enter New value")

'Create instance of the ADO object to perform AD searches
Set con = CreateObject("ADODB.Connection")
con.Provider = "ADsDSOObject"
con.Open "Active Directory Provider"

'Set Query syntax
Set Command = CreateObject("ADODB.Command")
Set Command.ActiveConnection = con
Command.CommandText = "<;(&(objectCategory=person)"&strExQuery&");AdsPath">LDAP://"&strDN&">;(&(objectCategory=person)"&strExQuery&");AdsPath,

cn; subTree"

Set rs = Command.Execute

'Edit attribs of the returned objects
While Not rs.EOF
Set User = GetObject(rs.Fields("AdsPath").value)
Set regEx = New RegExp
regEx.Pattern = "%username%"
regEx.Global = True
regEx.IgnoreCase = True
If strNewvalue = "" Then
User.PutEx ADS_PROPERTY_CLEAR, strAttrib, vbNull
Else
User.Put strAttrib, regEx.Replace(strNewvalue, User.sAMAccountName)
End If
User.SetInfo
rs.MoveNext
Wend

===============================

如何获取密码永不过期的所有用户的列表?

On Error Resume Next

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection

objCommand.Properties("Page Size") = 1000

objCommand.CommandText = _
";" & _
"(&(objectCategory=User)(userAccountControl:1.2.840.113556.1.4.803:=65536));" & _
"Name;Subtree"
Set objRecordSet = objCommand.Execute

objRecordSet.MoveFirst
Do Until objRecordSet.EOF
Wscript.Echo objRecordSet.Fields("Name").Value
objRecordSet.MoveNext
Loop

=========================================
批量更改AD用户帐号密码永不过期

参考文章:http://www.microsoft.com/china/technet/community/scriptcenter/resources/hey1202.mspx
我曾经使用这个脚本统一设置密码不过期。可以参考下。

On Error Resume Next

Const ADS_SCOPE_SUBTREE = 2

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection

objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

objCommand.CommandText = _
"SELECT Name,ADsPath FROM 'LDAP://ou=it,dc=ipcoreinc,dc=com' WHERE objectCategory='user' "
Set objRecordSet = objCommand.Execute

objRecordSet.MoveFirst
Do Until objRecordSet.EOF
strADpath = objRecordSet.Fields("ADsPath").Value
Set objPath = GetObject(strADPath)
intUAC = objPath.Get("userAccountControl")
If ADS_UF_DONT_EXPIRE_PASSWD AND intUAC Then
Wscript.echo objRecordSet.Fields("name").Value&":Already enabled"
Else
objPath.Put "userAccountControl", intUAC XOR ADS_UF_DONT_EXPIRE_PASSWD
objPath.SetInfo
WScript.Echo objRecordSet.Fields("name").Value&":Password never expires is now enabled"
End If
objRecordSet.MoveNext
Loop