Re: Local account creation

---

• From: "Jaco Niemand" <Jaco_Niemand@xxxxxxxxxxxxx>
• Date: Wed, 6 Aug 2008 15:19:27 +0100

---

Thanks for the information - I will give it a go. What I want to do is to use the script in a startup GPO so that there a generic local admin account on all computers for the helpdesk staff to logon to and perform troubleshooting/etc.

thanks

"Richard Mueller [MVP]" <rlmueller-nospam@xxxxxxxxxxxxxxxxxxxx> wrote in message news:eE2rnfD8IHA.2332@xxxxxxxxxxxxxxxxxxxxxxx

"Jaco Niemand" <Jaco_Niemand@xxxxxxxxxxxxx> wrote in message news:51B4207E-EF6F-46A3-AD4C-1502770732B0@xxxxxxxxxxxxxxxx

I am looking for a logon script to create a local user account on a computer and then to add that newly created account as a member of the local admins group. Can someone please point me in the right direction.

Most users should not have permissions to create users or add them to the Administrators group. Such a script also exposes the password, but then if this works the user running the logon scripts already must have administrator privileges. However, the code would be similar to (not tested):
==========
Option Explicit
Dim objNetwork, strComputer, strUser
Dim objUser, objAdmin, objComputer

' Determine name of local computer
Set objNetwork = CreateObject("Wscript.Network")
strComputer = objNetwork.ComputerName

' Bind to local computer object.
Set objComputer = GetObject("WinNT://" & strComputer)

' Specify name of local user account to be created.
strUser = "TestUser"

' Create local user. Trap error if it already exists,
' or the user lacks permissions.
On Error Resume Next
Set objUser = objComputer.Create("user", strUser)
If (Err.Number <> 0) Then
On Error GoTo 0
Wscript.Quit
End If
On Error GoTo 0

' Save user object.
objUser.SetInfo

' Enable the user account.
objUser.AccountDisabled = False
objUser.SetInfo

' Assign password.
objUser.SetPassword "zxy321q"

' Expire password.
objUser.PasswordExpired = 1
objUser.SetInfo

' Bind to local Administrators group.
Set objAdmin = GetObject("WinNT://" & strComputer & ",Administrators,group")

' Add user to group.
If (objAdmin.IsMember(objUser.AdsPath) = False) Then
objAdmin.Add(objUser.AdsPath)
End If
=========
It would make more sense to create the user and make them a member of the local Adminstrators group yourself remotely. You should be able to do this if you are a member of the "Domain Admins" group. The same script could be used, except you would assign a value to the variable strComputer. You could run the script once for each computer, or read computer NetBIOS names from a text file. For example (not tested):
===========
Option Explicit
Dim strFile, objFSO, objFile
Dim strUser, strComputer, objComputer
Dim objUser, objAdmin

Const ForReading = 1

' Open text file of computer names.
strFile = "c:\scripts\computers.txt"
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile(strFile, ForReading)

' Specify name of local user account to be created
' on each computer.
strUser = "TestUser"

' Read the text file.
Do Until objFile.AtEndOfStream
strComputer = Trim(objFile.ReadLine)
' Skip blank lines.
If (strComputer <> "") Then
' Bind to local computer object.
' Trap error if computer not avaiable.
On Error Resume Next
Set objComputer = GetObject("WinNT://" & strComputer)
If (Err.Number = 0) Then
' Create local user. Trap error if it already exists.
On Error Resume Next
Set objUser = objComputer.Create("user", strUser)
If (Err.Number = 0) Then
On Error GoTo 0
' Save user object.
objUser.SetInfo

' Enable the user account.
objUser.AccountDisabled = False
objUser.SetInfo

' Assign password.
objUser.SetPassword "zxy321q"

' Expire password.
objUser.PasswordExpired = 1
objUser.SetInfo

' Bind to local Administrators group.
Set objAdmin = GetObject("WinNT://" & strComputer _
& ",Administrators,group")

' Add user to group.
If (objAdmin.IsMember(objUser.AdsPath) = False) Then
objAdmin.Add(objUser.AdsPath)
End If
Else
On Error GoTo 0
Wscript.Echo "Unable to create user on " & strComputer
End If
Else
On Error GoTo 0
Wscript.Echo "Computer " & strComputer & " not available.
End If
End If
Loop

' Clean up.
objFile.Close

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

.

---

• Follow-Ups:
  • Re: Local account creation
    • From: Michael Van Ryan

• Prev by Date: secpol.msc
• Next by Date: How do I run a batch file when a server reboots?
• Previous by thread: secpol.msc
• Next by thread: Re: Local account creation
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: This script wont run on a workgroup server ... Set objService = objLocator.ConnectServer(strComputer, "Root\Default", ... strUser, strPassword) ... > I have this script that I use on domain member servers and it runs just fine. ... > strPassword = objExplorer.Document.Body.All.UserPassword.Value ... (microsoft.public.scripting.wsh) Re: Local account creation ... While this script works fine for my 2003 environment, ... use the script in a startup GPO so that there a generic local admin account ... Dim objNetwork, strComputer, strUser ... (microsoft.public.windows.server.scripting) Re: Alternet credential to my script but it is not using credentials ... Both computers must have the WMI service. ... Below is the script in its entirety. ... (strComputer, strNamespace, strUser, strPassword) ... (microsoft.public.windows.server.scripting) Re: To prohibit users sharing the logins ... > The logon script, could we have a line to check if this login is currently ... The general idea is to create (throu logon script) folders on the server ... If Not filesys.FolderExists(LogShare & strUser) Then ... strComputer & ". ... (microsoft.public.windows.server.scripting) Re: Add Domain User to Local Power Users group. ... > As the current user account only have ordinary user rights, ... > script will not be able to add the account to a group. ... strComputer = objNet.ComputerName)? ... (microsoft.public.scripting.vbscript)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)