Re: Local account creation

Thanks Richard, I too was looking for something like this.

Like Jaco, I'm looking to standardise local accounts through a script, as a
post-scripted-install task.

While this script works fine for my 2003 environment, I am recieving errors
with the oUser areas in windows 2008.

Can you provide advice on the best method to do this with Windows 2008?

Thank you.

"Jaco Niemand" wrote:

Thanks for the information - I will give it a go. What I want to do is to
use the script in a startup GPO so that there a generic local admin account
on all computers for the helpdesk staff to logon to and perform
troubleshooting/etc.

thanks

"Richard Mueller [MVP]" <rlmueller-nospam@xxxxxxxxxxxxxxxxxxxx> wrote in
message news:eE2rnfD8IHA.2332@xxxxxxxxxxxxxxxxxxxxxxx

"Jaco Niemand" <Jaco_Niemand@xxxxxxxxxxxxx> wrote in message
news:51B4207E-EF6F-46A3-AD4C-1502770732B0@xxxxxxxxxxxxxxxx
I am looking for a logon script to create a local user account on a
computer and then to add that newly created account as a member of the
local admins group. Can someone please point me in the right direction.

Most users should not have permissions to create users or add them to the
Administrators group. Such a script also exposes the password, but then if
this works the user running the logon scripts already must have
administrator privileges. However, the code would be similar to (not
tested):
==========
Option Explicit
Dim objNetwork, strComputer, strUser
Dim objUser, objAdmin, objComputer

' Determine name of local computer
Set objNetwork = CreateObject("Wscript.Network")
strComputer = objNetwork.ComputerName

' Bind to local computer object.
Set objComputer = GetObject("WinNT://" & strComputer)

' Specify name of local user account to be created.
strUser = "TestUser"

' Create local user. Trap error if it already exists,
' or the user lacks permissions.
On Error Resume Next
Set objUser = objComputer.Create("user", strUser)
If (Err.Number <> 0) Then
On Error GoTo 0
Wscript.Quit
End If
On Error GoTo 0

' Save user object.
objUser.SetInfo

' Enable the user account.
objUser.AccountDisabled = False
objUser.SetInfo

' Assign password.
objUser.SetPassword "zxy321q"

' Expire password.
objUser.PasswordExpired = 1
objUser.SetInfo

' Bind to local Administrators group.
Set objAdmin = GetObject("WinNT://" & strComputer &
",Administrators,group")

' Add user to group.
If (objAdmin.IsMember(objUser.AdsPath) = False) Then
objAdmin.Add(objUser.AdsPath)
End If
=========
It would make more sense to create the user and make them a member of the
local Adminstrators group yourself remotely. You should be able to do this
if you are a member of the "Domain Admins" group. The same script could be
used, except you would assign a value to the variable strComputer. You
could run the script once for each computer, or read computer NetBIOS
names from a text file. For example (not tested):
===========
Option Explicit
Dim strFile, objFSO, objFile
Dim strUser, strComputer, objComputer
Dim objUser, objAdmin

Const ForReading = 1

' Open text file of computer names.
strFile = "c:\scripts\computers.txt"
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile(strFile, ForReading)

' Specify name of local user account to be created
' on each computer.
strUser = "TestUser"

' Read the text file.
Do Until objFile.AtEndOfStream
strComputer = Trim(objFile.ReadLine)
' Skip blank lines.
If (strComputer <> "") Then
' Bind to local computer object.
' Trap error if computer not avaiable.
On Error Resume Next
Set objComputer = GetObject("WinNT://" & strComputer)
If (Err.Number = 0) Then
' Create local user. Trap error if it already exists.
On Error Resume Next
Set objUser = objComputer.Create("user", strUser)
If (Err.Number = 0) Then
On Error GoTo 0
' Save user object.
objUser.SetInfo

' Enable the user account.
objUser.AccountDisabled = False
objUser.SetInfo

' Assign password.
objUser.SetPassword "zxy321q"

' Expire password.
objUser.PasswordExpired = 1
objUser.SetInfo

' Bind to local Administrators group.
Set objAdmin = GetObject("WinNT://" & strComputer _
& ",Administrators,group")

' Add user to group.
If (objAdmin.IsMember(objUser.AdsPath) = False) Then
objAdmin.Add(objUser.AdsPath)
End If
Else
On Error GoTo 0
Wscript.Echo "Unable to create user on " & strComputer
End If
Else
On Error GoTo 0
Wscript.Echo "Computer " & strComputer & " not available.
End If
End If
Loop

' Clean up.
objFile.Close

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--


.

Relevant Pages

  • Re: Local account creation
    ... What I want to do is to use the script in a startup GPO so that there a generic local admin account on all computers for the helpdesk staff to logon to and perform troubleshooting/etc. ... Dim objNetwork, strComputer, strUser ... ' Specify name of local user account to be created. ...
    (microsoft.public.windows.server.scripting)
  • Re: Local account creation
    ... Dim objNetwork, strComputer, strUser ... ' Specify name of local user account to be created. ... On Error GoTo 0 ...
    (microsoft.public.windows.server.scripting)
  • RE: This script wont run on a workgroup server
    ... Set objService = objLocator.ConnectServer(strComputer, "Root\Default", ... strUser, strPassword) ... > I have this script that I use on domain member servers and it runs just fine. ... > strPassword = objExplorer.Document.Body.All.UserPassword.Value ...
    (microsoft.public.scripting.wsh)
  • Re: create account
    ... i have created a script to create an account by manuely inserting the ... strUser = newuser. ... manuelly inserting the strmember,& strOuList2. ... the account to be created and the template account to use, ...
    (microsoft.public.scripting.vbscript)
  • Re: Alternet credential to my script but it is not using credentials
    ... Both computers must have the WMI service. ... Below is the script in its entirety. ... (strComputer, strNamespace, strUser, strPassword) ...
    (microsoft.public.windows.server.scripting)