'## debut script### OUComputers = "OU=Autologon-Computers,DC=ldap389,DC=info" OUUsers = "OU=Users-Autologon,DC=ldap389,DC=info" DomainFQDN = "ldap389.info" DomainName = "ldap389" DNGroup = "CN=GroupAutologon,OU=Groups,DC=ldap389,DC=info" ProfileServerPath = "\\ServerName\Profiles" Const ForReading = 1 Const ADS_PROPERTY_APPEND = 3 Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000 Const ADS_ACETYPE_ACCESS_DENIED_OBJECT = &H6 Const ADS_ACEFLAG_OBJECT_TYPE_PRESENT = &H1 Const CHANGE_PASSWORD_GUID = "{ab721a53-1e2f-11d0-9819-00aa0040529b}" Const ADS_RIGHT_DS_CONTROL_ACCESS = &H100 Set fso = CreateObject("Scripting.FileSystemObject") sCurPath = fso.GetAbsolutePathName(".") Input = sCurPath&"\input.txt" Output = sCurPath&"\output.txt" Set df1 = fso.OpenTextFile(Input,ForReading,True) Set FLog = fso.CreateTextFile(Output) Do while Not df1.AtEndOfStream varLigne = df1.readline() 'Create service account to use for autologon Login = "s-"&varLigne Set objOU = GetObject("LDAP://"&OUUsers) Set objUser = objOU.Create("User", "cn="&Login) objUser.Put "sAMAccountName", ""&Login objUser.Put "UserPrincipalName", ""& Login &"@"&DomainFQDN objUser.Put "sn", ""&Login objUser.Put "givenname", ""&Login objUser.Put "description", "Autologon account: "&varLigne objUser.Put "Profilepath", ProfileServerPath&"\"&Login objUser.SetInfo 'Generate password, use function of your choice, you can use http://www.tek-tips.com/faqs.cfm?fid=5340 by Mark D. MacLachlan pwd = generatePassword(15) objuser.SetPassword ""& pwd objUser.AccountDisabled=False objUser.SetInfo 'Set password never expires intUAC = objUser.Get("userAccountControl") If ADS_UF_DONT_EXPIRE_PASSWD AND intUAC Then Wscript.Echo "Already enabled" Else objUser.Put "userAccountControl", intUAC XOR _ ADS_UF_DONT_EXPIRE_PASSWD objUser.SetInfo End If ' Set user cannot change password Set objSD = objUser.Get("ntSecurityDescriptor") Set objDACL = objSD.DiscretionaryAcl arrTrustees = array("nt authorityself", "EVERYONE") For Each strTrustee in arrTrustees Set objACE = CreateObject("AccessControlEntry") objACE.Trustee = strTrustee objACE.AceFlags = 0 objACE.AceType = ADS_ACETYPE_ACCESS_DENIED_OBJECT objACE.Flags = ADS_ACEFLAG_OBJECT_TYPE_PRESENT objACE.ObjectType = CHANGE_PASSWORD_GUID objACE.AccessMask = ADS_RIGHT_DS_CONTROL_ACCESS objDACL.AddAce objACE Next objSD.DiscretionaryAcl = objDACL objUser.Put "nTSecurityDescriptor", objSD objUser. SetInfo 'Generate command to run autogon.exe on workstation Flog.writeline("autologon.exe "&Login&" "&DomainName&" "&pwd) 'Add user created to the group DNGroup Set objGroup1 = GetObject("LDAP://"&DNGroup) objGroup1.PutEx ADS_PROPERTY_APPEND, "member", Array("cn="&Login&","&OUUsers) objGroup1.SetInfo 'Create computer account Set objOU2 = GetObject("LDAP://"&OUComputers) Set objCpu = objOU2.Create("Computer", "cn="&varLigne) objCpu.Put "sAMAccountName", varLigne & "$" objCpu.Put "userAccountControl", 4096 objCpu.Put "description", "Autologon workstation" objCpu.Setinfo Loop df1.close msgbox "OK" WScript.Quit Function generatePassword(PASSWORD_LENGTH) '...................... End Function '## fin script###