View all Worklets
Windows

Force Password Reset on Logon

Compels local user accounts to reset password at logon.

Worklet Details

Introduction to the PowerShell Based Force Password Reset on Logon Worklet

The Force Password Reset on Logon Worklet is a PowerShell based Windows security tool designed to improve password management and overall account security. Utilizing PowerShell, this Worklet enables system administrators to force local user accounts on their network to change their passwords upon their next successful logon.

This helps ensure that users maintain strong passwords and reduces the risk of unauthorized access to sensitive data.

Why would you use the Force Password Reset on Logon Worklet?

Organizations often face difficulties in managing password policies. In some cases, users might not adhere to best practices when it comes to creating strong and secure passwords. The Force Password Reset on Logon Worklet provides an efficient solution for administrators who want to take control of users' password security by enforcing a mandatory password change at the next logon session.

This ensures all active directory users are required to update their passwords periodically, enhancing overall security.

Components of the Force Password Reset on Logon Worklet

The evaluation script determines whether there's a need for action, while the remediation script is responsible for carrying out any necessary changes.

Both scripts utilize PowerShell commands and various functions such as Get-CimInstance and net user, which help target local user accounts and set appropriate password policies.

How does the Force Password Reset on Logon Worklet work?

Upon execution, the Worklet captures a list of all local user accounts using Get-CimInstance command. It then iterates through each account using a loop and sets specific parameters that require users to change their passwords at their next logins.

By leveraging WMIC (Windows Management Instrumentation Command) utility and the Net User command, it enables password expiration settings for all targeted accounts while setting the "LogonPasswordChg" attribute as 'yes.'

This process ensures that all users must change their passwords upon successful logon, thus enhancing security measures.

What is the expected outcome when you use the Force Password Reset on Logon Worklet?

When implemented correctly, the Force Password Reset on Logon Worklet will prompt all local user accounts to reset their passwords upon successful login. The Worklet can be configured as a recurring policy within an organization's network, ensuring that password management and overall account security remain robust over time.

However, be mindful of setting this Worklet as a recurring policy since it can cause inconvenience for users by forcing them to reset their passwords too frequently.

View in app

Consider Worklets your easy button

What's a Worklet?

A Worklet is an automation script, written in Bash or PowerShell, designed for seamless execution on endpoints – at scale – within the Automox platform. Worklet automation scripts perform configuration, remediation, and the installation or removal of applications and settings across Windows, macOS, and Linux.

do more with worklets