Re: Local account creation

Tech-Archive recommends: Speed Up your PC by fixing your registry

---

• From: "Richard Mueller [MVP]" <rlmueller-nospam@xxxxxxxxxxxxxxxxxxxx>
• Date: Sun, 27 Jul 2008 17:26:46 -0500

---

"Jaco Niemand" <Jaco_Niemand@xxxxxxxxxxxxx> wrote in message
news:51B4207E-EF6F-46A3-AD4C-1502770732B0@xxxxxxxxxxxxxxxx

I am looking for a logon script to create a local user account on a
computer and then to add that newly created account as a member of the
local admins group. Can someone please point me in the right direction.

Most users should not have permissions to create users or add them to the
Administrators group. Such a script also exposes the password, but then if
this works the user running the logon scripts already must have
administrator privileges. However, the code would be similar to (not
tested):
==========
Option Explicit
Dim objNetwork, strComputer, strUser
Dim objUser, objAdmin, objComputer

' Determine name of local computer
Set objNetwork = CreateObject("Wscript.Network")
strComputer = objNetwork.ComputerName

' Bind to local computer object.
Set objComputer = GetObject("WinNT://" & strComputer)

' Specify name of local user account to be created.
strUser = "TestUser"

' Create local user. Trap error if it already exists,
' or the user lacks permissions.
On Error Resume Next
Set objUser = objComputer.Create("user", strUser)
If (Err.Number <> 0) Then
On Error GoTo 0
Wscript.Quit
End If
On Error GoTo 0

' Save user object.
objUser.SetInfo

' Enable the user account.
objUser.AccountDisabled = False
objUser.SetInfo

' Assign password.
objUser.SetPassword "zxy321q"

' Expire password.
objUser.PasswordExpired = 1
objUser.SetInfo

' Bind to local Administrators group.
Set objAdmin = GetObject("WinNT://" & strComputer & ",Administrators,group")

' Add user to group.
If (objAdmin.IsMember(objUser.AdsPath) = False) Then
objAdmin.Add(objUser.AdsPath)
End If
=========
It would make more sense to create the user and make them a member of the
local Adminstrators group yourself remotely. You should be able to do this
if you are a member of the "Domain Admins" group. The same script could be
used, except you would assign a value to the variable strComputer. You could
run the script once for each computer, or read computer NetBIOS names from a
text file. For example (not tested):
===========
Option Explicit
Dim strFile, objFSO, objFile
Dim strUser, strComputer, objComputer
Dim objUser, objAdmin

Const ForReading = 1

' Open text file of computer names.
strFile = "c:\scripts\computers.txt"
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile(strFile, ForReading)

' Specify name of local user account to be created
' on each computer.
strUser = "TestUser"

' Read the text file.
Do Until objFile.AtEndOfStream
strComputer = Trim(objFile.ReadLine)
' Skip blank lines.
If (strComputer <> "") Then
' Bind to local computer object.
' Trap error if computer not avaiable.
On Error Resume Next
Set objComputer = GetObject("WinNT://" & strComputer)
If (Err.Number = 0) Then
' Create local user. Trap error if it already exists.
On Error Resume Next
Set objUser = objComputer.Create("user", strUser)
If (Err.Number = 0) Then
On Error GoTo 0
' Save user object.
objUser.SetInfo

' Enable the user account.
objUser.AccountDisabled = False
objUser.SetInfo

' Assign password.
objUser.SetPassword "zxy321q"

' Expire password.
objUser.PasswordExpired = 1
objUser.SetInfo

' Bind to local Administrators group.
Set objAdmin = GetObject("WinNT://" & strComputer _
& ",Administrators,group")

' Add user to group.
If (objAdmin.IsMember(objUser.AdsPath) = False) Then
objAdmin.Add(objUser.AdsPath)
End If
Else
On Error GoTo 0
Wscript.Echo "Unable to create user on " & strComputer
End If
Else
On Error GoTo 0
Wscript.Echo "Computer " & strComputer & " not available.
End If
End If
Loop

' Clean up.
objFile.Close

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--


.

---

• References:
  • Local account creation
    • From: Jaco Niemand

• Prev by Date: Re: Local account creation
• Next by Date: Re: which scripting language???
• Previous by thread: Re: Local account creation
• Next by thread: Monitor Scheduled Job Status
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Local account creation ... While this script works fine for my 2003 environment, ... use the script in a startup GPO so that there a generic local admin account ... Dim objNetwork, strComputer, strUser ... (microsoft.public.windows.server.scripting) Re: Checking for local account lockout status ... account called "admin01" let's say. ... Check to see if the admin01 local account is disabled, ... Dim strComputer, objLocalUser ... On Error GoTo 0 ... (microsoft.public.scripting.vbscript) Re: Checking for local account lockout status ... account called "admin01" let's say. ... Check to see if the admin01 local account is disabled, ... Dim strComputer, objLocalUser ... On Error GoTo 0 ... (microsoft.public.scripting.vbscript) Re: Creating User Accounts ... Builtin Administrator or your own domain admin account, then use "Run as Administrator" option and try again. ... What will the "pre-Windows 2000 logon" name be? ... ' Create the new user object. ... On Error GoTo 0 ... (microsoft.public.windows.server.active_directory) Re: Creating User Accounts ... I am already logged in as a Domain Admins Member ... What account do you use to run the script? ... What will the "pre-Windows 2000 logon" name be? ... On Error GoTo 0 ... (microsoft.public.windows.server.active_directory)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.scripting  > 2008-07