Solved

Need a batch file to create local admin account and place that account is the Administrators group.

Posted on 2013-06-18
9
6,271 Views
1 Endorsement
Last Modified: 2013-06-24
Would like this batch created in notepad, and then to rename with the extension .bat, so that it will become a batch file. Need it to do the following:

1. Create local admin account, and place in the Administrator group.
2. Password must be set to never expire.
3. Need a description added to the account as "Local Admin"
4. Need to prompt the local admin to change password, upon initial login with the default password.
1
Comment
Question by:rtangaccurate
  • 5
  • 4
9 Comments
 
LVL 82

Expert Comment

by:oBdA
Comment Utility
Not fully possible, sorry. "Must change password at logon" and "Password never expires" are mutually exclusive. You can either force the new admin to change his password on the logon and then set the "Password never expires" option himself, or set the "Password never expires" option in the script and tell the new admin to change his password after logon.
@echo off
setlocal
set NewAdmin=LocalAdmin
set NewPassword=Password123
set NewComment=Local Admin
net.exe user "%NewAdmin%" "%NewPassword%" /add /comment:"%NewComment%" /logonpasswordchg:YES
net.exe localgroup Administrators "%NewAdmin%" /add
REM *** If the next line is executed, it will disable the "Must change password" option ("/logonpasswordchg:YES"), because these two are mutually exclusive.
REM wmic.exe useraccount WHERE "Name='LocalAdmin'" SET PasswordExpires=FALSE

Open in new window

0
 

Author Comment

by:rtangaccurate
Comment Utility
i ran the script but it did not work. so lets just have it run without prompting to change password, but rather set the password to never expire. please write the batch script and attach it back to me.

set the admin to be Randy Wang
Password, set to P@ssw0rd
set the description to be Local Admin

Giving you max point for doing this. Please attach notepad file back. Thank you.
0
 
LVL 82

Expert Comment

by:oBdA
Comment Utility
@echo off
setlocal
set NewAdmin=RandyWang
set NewPassword=P@ssw0rd
set NewComment=Local Admin
echo Creating user account '%NewAdmin%' ...
net.exe user "%NewAdmin%" "%NewPassword%" /add /comment:"%NewComment%"
echo Adding '%NewAdmin%' to local administrators ...
net.exe localgroup Administrators "%NewAdmin%" /add
REM *** If the "wmic.exe" line is executed, it will disable the "Must change password" option ("/logonpasswordchg:YES" in "net user /add"), because these two are mutually exclusive.
echo Setting password of '%NewAdmin%' to never expire ...
wmic.exe useraccount WHERE "Name='%NewAdmin%'" SET PasswordExpires=FALSE

Open in new window

0
 

Author Comment

by:rtangaccurate
Comment Utility
This is great! I like the fact that it leaves existing accounts "As-is", and does not overwrite them. How can I push this out to all servers in my environment through GPO? Or can I push it out to all my servers without using GPO?
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 82

Expert Comment

by:oBdA
Comment Utility
You can use a GPO startup script (http://technet.microsoft.com/en-us/library/cc779329(v=ws.10).aspx), which means the account will only be available once the server has rebooted), or use psexec (http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx). Create a list "Computernames.txt" (with a test computer in it first, and the server names if everything works OK) and use tis script (adjust "C:\Temp" and "NewUser.cmd" to whatever you're using):
@echo off
setlocal
for /f %%a in ('type "C:\Temp\Computernames.txt"') do (
	echo Processing %%a ...
	copy "C:\Temp\NewUser.cmd" "\\%%a\Admin$"
	psexec.exe \\%%a "C:\Windows\NewUser.cmd"
	del "\\%%a\Admin$\NewUser.cmd"
)

Open in new window

0
 

Author Comment

by:rtangaccurate
Comment Utility
Can you modify the batch file to include Randy Wang under "Full Name"? I wont bother you anymore, after this. I will give the points you deserve. Thanks again.
0
 
LVL 82

Expert Comment

by:oBdA
Comment Utility
@echo off
setlocal
set NewAdmin=RandyWang
set NewPassword=P@ssw0rd
set NewComment=Local Admin
set NewFullName=Randy Wang
echo Creating user account '%NewAdmin%' ...
net.exe user "%NewAdmin%" "%NewPassword%" /add /comment:"%NewComment%" /fullname:"%NewFullName%"
echo Adding '%NewAdmin%' to local administrators ...
net.exe localgroup Administrators "%NewAdmin%" /add
REM *** If the "wmic.exe" line is executed, it will disable the "Must change password" option ("/logonpasswordchg:YES" in "net user /add"), because these two are mutually exclusive.
echo Setting password of '%NewAdmin%' to never expire ...
wmic.exe useraccount WHERE "Name='%NewAdmin%'" SET PasswordExpires=FALSE

Open in new window

0
 

Author Comment

by:rtangaccurate
Comment Utility
It did not add the Full Name.
0
 
LVL 82

Accepted Solution

by:
oBdA earned 500 total points
Comment Utility
Which error(s) did show up?
Note that the script will not add the full name to an existing account, it will just set the full name when a new account is created. To add the full name to an existing account, all you need is
@echo off
setlocal
set NewAdmin=RandyWang
set NewFullName=Randy Wang
echo Adding full name 'NewFullName' to user account '%NewAdmin%' ...
net.exe user "%NewAdmin%" /fullname:"%NewFullName%" 

Open in new window

0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

Suggested Solutions

This article was inspired by a question here at Experts Exchange (http://www.experts-exchange.com/Software/Photos_Graphics/Images_and_Photos/Q_28629170.html). The requirements stated in that question are (1) reduce the file size of a large number of…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now