Question

Hi,

Quick question regarding writing a Powershell script and creating a windows non-admin user account, is this how you do it? Wanna know if I'm on the right track please and thanks!

$Username = "AnnieSue"

$Password = "78Annie"

$group = "Users"

$adsi = [ADSI]"WinNT://$env:COMPUTERNAME"

$existing = $adsi.Children | where {$_.SchemaClassName -eq 'user' -and $_.Name -eq $Username }

if ($existing -eq $null) {

   Write-Host "Creating new local user $Username."

   & NET USER $Username $Password /add /y /expires:never

   Write-Host "Adding local user $Username to $group."

   & NET LOCALGROUP $group $Username /add

}

else {

   Write-Host "Setting password for existing local user $Username."

   $existing.SetPassword($Password)

}

Write-Host "Ensuring password for $Username never expires."

& WMIC USERACCOUNT WHERE "Name='$Username'" SET PasswordExpires=FALSE

Answer 1

PS C:\> $Password = Read-Host -AsSecureString
PS C:\> New-LocalUser "AnnieSue" -Password $Password -FullName "Annie Sue" -Description "Adding new local non-admin user." -PasswordNeverExpires $true
Name    Enabled  Description
----    -------  -----------
AnnieSue  True     Adding new local non-admin user.

I think you can do this in easy way, just read password in secured manner by $Password = Read-Host -AsSecureString. This command will read password in the form of asterisk.

After that directly create user using New-LocalUser command as shown above in code snippet.

Below are all the options available with New-LocalUser command:-

New-LocalUser [-AccountExpires <DateTime>] [-AccountNeverExpires] [-Description <String>] [-Disabled] [-FullName <String>] [-Name] <String> -Password <SecureString> [-PasswordNeverExpires] [-UserMayNotChangePassword] [-WhatIf] [-Confirm] [<CommonParameters>]