Solved

Need a batch file to create local admin account and place that account is the Administrators group.

Posted on 2013-06-18
9
6,499 Views
1 Endorsement
Last Modified: 2013-06-24
Would like this batch created in notepad, and then to rename with the extension .bat, so that it will become a batch file. Need it to do the following:

1. Create local admin account, and place in the Administrator group.
2. Password must be set to never expire.
3. Need a description added to the account as "Local Admin"
4. Need to prompt the local admin to change password, upon initial login with the default password.
1
Comment
Question by:rtangaccurate
  • 5
  • 4
9 Comments
 
LVL 83

Expert Comment

by:oBdA
ID: 39258494
Not fully possible, sorry. "Must change password at logon" and "Password never expires" are mutually exclusive. You can either force the new admin to change his password on the logon and then set the "Password never expires" option himself, or set the "Password never expires" option in the script and tell the new admin to change his password after logon.
@echo off
setlocal
set NewAdmin=LocalAdmin
set NewPassword=Password123
set NewComment=Local Admin
net.exe user "%NewAdmin%" "%NewPassword%" /add /comment:"%NewComment%" /logonpasswordchg:YES
net.exe localgroup Administrators "%NewAdmin%" /add
REM *** If the next line is executed, it will disable the "Must change password" option ("/logonpasswordchg:YES"), because these two are mutually exclusive.
REM wmic.exe useraccount WHERE "Name='LocalAdmin'" SET PasswordExpires=FALSE

Open in new window

0
 

Author Comment

by:rtangaccurate
ID: 39261460
i ran the script but it did not work. so lets just have it run without prompting to change password, but rather set the password to never expire. please write the batch script and attach it back to me.

set the admin to be Randy Wang
Password, set to P@ssw0rd
set the description to be Local Admin

Giving you max point for doing this. Please attach notepad file back. Thank you.
0
 
LVL 83

Expert Comment

by:oBdA
ID: 39261555
@echo off
setlocal
set NewAdmin=RandyWang
set NewPassword=P@ssw0rd
set NewComment=Local Admin
echo Creating user account '%NewAdmin%' ...
net.exe user "%NewAdmin%" "%NewPassword%" /add /comment:"%NewComment%"
echo Adding '%NewAdmin%' to local administrators ...
net.exe localgroup Administrators "%NewAdmin%" /add
REM *** If the "wmic.exe" line is executed, it will disable the "Must change password" option ("/logonpasswordchg:YES" in "net user /add"), because these two are mutually exclusive.
echo Setting password of '%NewAdmin%' to never expire ...
wmic.exe useraccount WHERE "Name='%NewAdmin%'" SET PasswordExpires=FALSE

Open in new window

0
 

Author Comment

by:rtangaccurate
ID: 39264730
This is great! I like the fact that it leaves existing accounts "As-is", and does not overwrite them. How can I push this out to all servers in my environment through GPO? Or can I push it out to all my servers without using GPO?
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 83

Expert Comment

by:oBdA
ID: 39265352
You can use a GPO startup script (http://technet.microsoft.com/en-us/library/cc779329(v=ws.10).aspx), which means the account will only be available once the server has rebooted), or use psexec (http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx). Create a list "Computernames.txt" (with a test computer in it first, and the server names if everything works OK) and use tis script (adjust "C:\Temp" and "NewUser.cmd" to whatever you're using):
@echo off
setlocal
for /f %%a in ('type "C:\Temp\Computernames.txt"') do (
	echo Processing %%a ...
	copy "C:\Temp\NewUser.cmd" "\\%%a\Admin$"
	psexec.exe \\%%a "C:\Windows\NewUser.cmd"
	del "\\%%a\Admin$\NewUser.cmd"
)

Open in new window

0
 

Author Comment

by:rtangaccurate
ID: 39267033
Can you modify the batch file to include Randy Wang under "Full Name"? I wont bother you anymore, after this. I will give the points you deserve. Thanks again.
0
 
LVL 83

Expert Comment

by:oBdA
ID: 39267225
@echo off
setlocal
set NewAdmin=RandyWang
set NewPassword=P@ssw0rd
set NewComment=Local Admin
set NewFullName=Randy Wang
echo Creating user account '%NewAdmin%' ...
net.exe user "%NewAdmin%" "%NewPassword%" /add /comment:"%NewComment%" /fullname:"%NewFullName%"
echo Adding '%NewAdmin%' to local administrators ...
net.exe localgroup Administrators "%NewAdmin%" /add
REM *** If the "wmic.exe" line is executed, it will disable the "Must change password" option ("/logonpasswordchg:YES" in "net user /add"), because these two are mutually exclusive.
echo Setting password of '%NewAdmin%' to never expire ...
wmic.exe useraccount WHERE "Name='%NewAdmin%'" SET PasswordExpires=FALSE

Open in new window

0
 

Author Comment

by:rtangaccurate
ID: 39267284
It did not add the Full Name.
0
 
LVL 83

Accepted Solution

by:
oBdA earned 500 total points
ID: 39267889
Which error(s) did show up?
Note that the script will not add the full name to an existing account, it will just set the full name when a new account is created. To add the full name to an existing account, all you need is
@echo off
setlocal
set NewAdmin=RandyWang
set NewFullName=Randy Wang
echo Adding full name 'NewFullName' to user account '%NewAdmin%' ...
net.exe user "%NewAdmin%" /fullname:"%NewFullName%" 

Open in new window

0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article was inspired by a question here at Experts Exchange (http://www.experts-exchange.com/Software/Photos_Graphics/Images_and_Photos/Q_28629170.html). The requirements stated in that question are (1) reduce the file size of a large number of…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Learn the basics of lists in Python. Lists, as their name suggests, are a means for ordering and storing values. : Lists are declared using brackets; for example: t = [1, 2, 3]: Lists may contain a mix of data types; for example: t = ['string', 1, T…
Learn the basics of if, else, and elif statements in Python 2.7. Use "if" statements to test a specified condition.: The structure of an if statement is as follows: (CODE) Use "else" statements to allow the execution of an alternative, if the …

943 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now