Local account creation

Discussion in 'Scripting' started by Jaco Niemand, Jul 27, 2008.

  1. Jaco Niemand

    Jaco Niemand Guest

    I am looking for a logon script to create a local user account on a computer
    and then to add that newly created account as a member of the local admins
    group. Can someone please point me in the right direction.

    Many thanks
     
    Jaco Niemand, Jul 27, 2008
    #1
    1. Advertisements

  2. You could do this:
    @echo off
    net user jaco SomePassword /add
    net localgroup administrators jaco /add

    The script will need to run under an administrator's credentials.
     
    Pegasus \(MVP\), Jul 27, 2008
    #2
    1. Advertisements

  3. Most users should not have permissions to create users or add them to the
    Administrators group. Such a script also exposes the password, but then if
    this works the user running the logon scripts already must have
    administrator privileges. However, the code would be similar to (not
    tested):
    ==========
    Option Explicit
    Dim objNetwork, strComputer, strUser
    Dim objUser, objAdmin, objComputer

    ' Determine name of local computer
    Set objNetwork = CreateObject("Wscript.Network")
    strComputer = objNetwork.ComputerName

    ' Bind to local computer object.
    Set objComputer = GetObject("WinNT://" & strComputer)

    ' Specify name of local user account to be created.
    strUser = "TestUser"

    ' Create local user. Trap error if it already exists,
    ' or the user lacks permissions.
    On Error Resume Next
    Set objUser = objComputer.Create("user", strUser)
    If (Err.Number <> 0) Then
    On Error GoTo 0
    Wscript.Quit
    End If
    On Error GoTo 0

    ' Save user object.
    objUser.SetInfo

    ' Enable the user account.
    objUser.AccountDisabled = False
    objUser.SetInfo

    ' Assign password.
    objUser.SetPassword "zxy321q"

    ' Expire password.
    objUser.PasswordExpired = 1
    objUser.SetInfo

    ' Bind to local Administrators group.
    Set objAdmin = GetObject("WinNT://" & strComputer & ",Administrators,group")

    ' Add user to group.
    If (objAdmin.IsMember(objUser.AdsPath) = False) Then
    objAdmin.Add(objUser.AdsPath)
    End If
    =========
    It would make more sense to create the user and make them a member of the
    local Adminstrators group yourself remotely. You should be able to do this
    if you are a member of the "Domain Admins" group. The same script could be
    used, except you would assign a value to the variable strComputer. You could
    run the script once for each computer, or read computer NetBIOS names from a
    text file. For example (not tested):
    ===========
    Option Explicit
    Dim strFile, objFSO, objFile
    Dim strUser, strComputer, objComputer
    Dim objUser, objAdmin

    Const ForReading = 1

    ' Open text file of computer names.
    strFile = "c:\scripts\computers.txt"
    Set objFSO = CreateObject("Scripting.FileSystemObject")
    Set objFile = objFSO.OpenTextFile(strFile, ForReading)

    ' Specify name of local user account to be created
    ' on each computer.
    strUser = "TestUser"

    ' Read the text file.
    Do Until objFile.AtEndOfStream
    strComputer = Trim(objFile.ReadLine)
    ' Skip blank lines.
    If (strComputer <> "") Then
    ' Bind to local computer object.
    ' Trap error if computer not avaiable.
    On Error Resume Next
    Set objComputer = GetObject("WinNT://" & strComputer)
    If (Err.Number = 0) Then
    ' Create local user. Trap error if it already exists.
    On Error Resume Next
    Set objUser = objComputer.Create("user", strUser)
    If (Err.Number = 0) Then
    On Error GoTo 0
    ' Save user object.
    objUser.SetInfo

    ' Enable the user account.
    objUser.AccountDisabled = False
    objUser.SetInfo

    ' Assign password.
    objUser.SetPassword "zxy321q"

    ' Expire password.
    objUser.PasswordExpired = 1
    objUser.SetInfo

    ' Bind to local Administrators group.
    Set objAdmin = GetObject("WinNT://" & strComputer _
    & ",Administrators,group")

    ' Add user to group.
    If (objAdmin.IsMember(objUser.AdsPath) = False) Then
    objAdmin.Add(objUser.AdsPath)
    End If
    Else
    On Error GoTo 0
    Wscript.Echo "Unable to create user on " & strComputer
    End If
    Else
    On Error GoTo 0
    Wscript.Echo "Computer " & strComputer & " not available.
    End If
    End If
    Loop

    ' Clean up.
    objFile.Close
     
    Richard Mueller [MVP], Jul 27, 2008
    #3
  4. Jaco Niemand

    Jaco Niemand Guest

    Thanks for the information - I will give it a go. What I want to do is to
    use the script in a startup GPO so that there a generic local admin account
    on all computers for the helpdesk staff to logon to and perform
    troubleshooting/etc.

    thanks
     
    Jaco Niemand, Aug 6, 2008
    #4
  5. Thanks Richard, I too was looking for something like this.

    Like Jaco, I'm looking to standardise local accounts through a script, as a
    post-scripted-install task.

    While this script works fine for my 2003 environment, I am recieving errors
    with the oUser areas in windows 2008.

    Can you provide advice on the best method to do this with Windows 2008?

    Thank you.
     
    Michael Van Ryan, Aug 13, 2008
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.