rtangaccurate
asked on
Need a batch file to create local admin account and place that account is the Administrators group.
Would like this batch created in notepad, and then to rename with the extension .bat, so that it will become a batch file. Need it to do the following:
1. Create local admin account, and place in the Administrator group.
2. Password must be set to never expire.
3. Need a description added to the account as "Local Admin"
4. Need to prompt the local admin to change password, upon initial login with the default password.
1. Create local admin account, and place in the Administrator group.
2. Password must be set to never expire.
3. Need a description added to the account as "Local Admin"
4. Need to prompt the local admin to change password, upon initial login with the default password.
ASKER
i ran the script but it did not work. so lets just have it run without prompting to change password, but rather set the password to never expire. please write the batch script and attach it back to me.
set the admin to be Randy Wang
Password, set to P@ssw0rd
set the description to be Local Admin
Giving you max point for doing this. Please attach notepad file back. Thank you.
set the admin to be Randy Wang
Password, set to P@ssw0rd
set the description to be Local Admin
Giving you max point for doing this. Please attach notepad file back. Thank you.
@echo off
setlocal
set NewAdmin=RandyWang
set NewPassword=P@ssw0rd
set NewComment=Local Admin
echo Creating user account '%NewAdmin%' ...
net.exe user "%NewAdmin%" "%NewPassword%" /add /comment:"%NewComment%"
echo Adding '%NewAdmin%' to local administrators ...
net.exe localgroup Administrators "%NewAdmin%" /add
REM *** If the "wmic.exe" line is executed, it will disable the "Must change password" option ("/logonpasswordchg:YES" in "net user /add"), because these two are mutually exclusive.
echo Setting password of '%NewAdmin%' to never expire ...
wmic.exe useraccount WHERE "Name='%NewAdmin%'" SET PasswordExpires=FALSEASKER
This is great! I like the fact that it leaves existing accounts "As-is", and does not overwrite them. How can I push this out to all servers in my environment through GPO? Or can I push it out to all my servers without using GPO?
You can use a GPO startup script (http://technet.microsoft.com/en-us/library/cc779329(v=ws.10).aspx), which means the account will only be available once the server has rebooted), or use psexec (http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx). Create a list "Computernames.txt" (with a test computer in it first, and the server names if everything works OK) and use tis script (adjust "C:\Temp" and "NewUser.cmd" to whatever you're using):
@echo off
setlocal
for /f %%a in ('type "C:\Temp\Computernames.txt"') do (
echo Processing %%a ...
copy "C:\Temp\NewUser.cmd" "\\%%a\Admin$"
psexec.exe \\%%a "C:\Windows\NewUser.cmd"
del "\\%%a\Admin$\NewUser.cmd"
)ASKER
Can you modify the batch file to include Randy Wang under "Full Name"? I wont bother you anymore, after this. I will give the points you deserve. Thanks again.
@echo off
setlocal
set NewAdmin=RandyWang
set NewPassword=P@ssw0rd
set NewComment=Local Admin
set NewFullName=Randy Wang
echo Creating user account '%NewAdmin%' ...
net.exe user "%NewAdmin%" "%NewPassword%" /add /comment:"%NewComment%" /fullname:"%NewFullName%"
echo Adding '%NewAdmin%' to local administrators ...
net.exe localgroup Administrators "%NewAdmin%" /add
REM *** If the "wmic.exe" line is executed, it will disable the "Must change password" option ("/logonpasswordchg:YES" in "net user /add"), because these two are mutually exclusive.
echo Setting password of '%NewAdmin%' to never expire ...
wmic.exe useraccount WHERE "Name='%NewAdmin%'" SET PasswordExpires=FALSEASKER
It did not add the Full Name.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Open in new window