Reputation: 1
Adding Local Admin & Applying Password
I am new here and very new to PowerShell - I want to add a local admin user and also assign as password to that user in a txt file.
Below is my script, but it fails to set the password:
$Username = "steve"
$Password = Get-Content .\SecurePassword.txt | ConvertTo-SecureString
$group = "Administrators"
$adsi = [ADSI]"WinNT://$env:COMPUTERNAME"
$existing = $adsi.Children | where {$_.SchemaClassName -eq 'user' -and $_.Name -eq $Username }
if ($existing -eq $null) {
Write-Host "Creating new local user $Username."
& NET USER $Username $Password /add /y /expires:never
Write-Host "Adding local user $Username to $group."
& NET LOCALGROUP $group $Username /add
}
else {
Write-Host "Setting password for existing local user $Username."
$existing.SetPassword($Password)
}
Write-Host "Ensuring password for $Username never expires."
& WMIC USERACCOUNT WHERE "Name='$Username'" SET PasswordExpires=FALSE
This is the output:
PS C:\windows\System32> .\test.ps1
Creating new local user steve.
The command completed successfully.
Adding local user steve to Administrators.
The command completed successfully.
Ensuring password for steve never expires.
Updating property(s) of '\\DESKTOP-LVUFR6R\ROOT\CIMV2:Win32_UserAccount.Domain="DESKTOP-LVUFR6R",Name="steve"'
Property(s) update successful.
But it doesn't set the password.
Any help?
Upvotes: 0
Views: 995
Answers (2)
Reputation: 16096
Point of note:
Try not to reinvent the wheel. Use the built-in featureset and the MS powershellgallery.com modules. Since PowerShell v3 there is a module for local user and group management.
Find-Module -Name '*local*Management'
<#
Version Name Repository Description ------- ---- ---------- ----------- 3.0 LocalUserManagement PSGallery a module that performs various local u... 1.2.2 Saritasa.LocalManagement PSGallery Contains functions to control local co... 0.1.1 LocalAccountManagement PSGallery Manage local and remote user accounts ... 1.0 STRemoteLocalGroupManagement PSGallery Manage local group membership on remot...
#>
[LocalUserManagement 3.0][1]
Get-Command -Name '*local*user*'
<#
CommandType Name Version Source
----------- ---- ------- ------
Cmdlet Disable-LocalUser 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Enable-LocalUser 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Get-LocalUser 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet New-LocalUser 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Remove-LocalUser 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Rename-LocalUser 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Set-LocalUser 1.0.0.0 Microsoft.PowerShell.LocalAccounts
#>
Get-Command -Name '*local*group*'
<#
CommandType Name Version Source
----------- ---- ------- ------
Cmdlet Add-LocalGroupMember 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Get-LocalGroup 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Get-LocalGroupMember 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet New-LocalGroup 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Remove-LocalGroup 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Remove-LocalGroupMember 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Rename-LocalGroup 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Set-LocalGroup 1.0.0.0 Microsoft.PowerShell.LocalAccounts
#>
For what you are after, leverage Set-LocalUser
$Password = Read-Host -AsSecureString
$UserAccount = Get-LocalUser -Name "User02"
$UserAccount | Set-LocalUser -Password $Password
Since you say you are new, it's strongly advised that you spend some time getting ramped up, to limit/avoid, confusion, bad code, bad habits, errors, etc... Also never run code (especially destructive code, meaning stuff that changes your system/environment) you do not fully understand what it is doing, no matter where you get it from. If not, you can really cause major issues on your systems/environments.
Upvotes: 1
Reputation: 996
Based on the script's logic, your set password method is never reached because the condition was never met. Either remove the else{} block or move the set password method up to the if{} block and see if that works for you.
$Username = "steve"
$Password = Get-Content .\SecurePassword.txt | ConvertTo-SecureString
$group = "Administrators"
$adsi = [ADSI]"WinNT://$env:COMPUTERNAME"
$existing = $adsi.Children | where {$_.SchemaClassName -eq 'user' -and $_.Name -eq $Username }
if ($existing -eq $null) {
Write-Host "Creating new local user $Username."
& NET USER $Username $Password /add /y /expires:never
Write-Host "Adding local user $Username to $group."
& NET LOCALGROUP $group $Username /add
Write-Host "Setting password for existing local user $Username."
$existing.SetPassword($Password)
} else {
# do something else that you want handled
}
Write-Host "Ensuring password for $Username never expires."
& WMIC USERACCOUNT WHERE "Name='$Username'" SET PasswordExpires=FALSE
Upvotes: 0
Related Questions
- Powershell To Check Local Admin Credentials
- PowerShell : change local Administrator password
- How to add your username to administrator with PowerShell?
- How to store local administrator username and password in powershell script
- Invisible powershell script to create local admin account with secured password
- Create local user as part of Administrator group on Windows 10
- How to add user to local admin group in Powershell?
- Powershell Add Local User
- How can i change server administrator name and password
- How do I set the local administrators group in PowerShell?