Solved

Need a batch file to create local admin account and place that account is the Administrators group.

Posted on 2013-06-18
9
6,704 Views
1 Endorsement
Last Modified: 2013-06-24
Would like this batch created in notepad, and then to rename with the extension .bat, so that it will become a batch file. Need it to do the following:

1. Create local admin account, and place in the Administrator group.
2. Password must be set to never expire.
3. Need a description added to the account as "Local Admin"
4. Need to prompt the local admin to change password, upon initial login with the default password.
1
Comment
Question by:rtangaccurate
  • 5
  • 4
9 Comments
 
LVL 83

Expert Comment

by:oBdA
ID: 39258494
Not fully possible, sorry. "Must change password at logon" and "Password never expires" are mutually exclusive. You can either force the new admin to change his password on the logon and then set the "Password never expires" option himself, or set the "Password never expires" option in the script and tell the new admin to change his password after logon.
@echo off
setlocal
set NewAdmin=LocalAdmin
set NewPassword=Password123
set NewComment=Local Admin
net.exe user "%NewAdmin%" "%NewPassword%" /add /comment:"%NewComment%" /logonpasswordchg:YES
net.exe localgroup Administrators "%NewAdmin%" /add
REM *** If the next line is executed, it will disable the "Must change password" option ("/logonpasswordchg:YES"), because these two are mutually exclusive.
REM wmic.exe useraccount WHERE "Name='LocalAdmin'" SET PasswordExpires=FALSE

Open in new window

0
 

Author Comment

by:rtangaccurate
ID: 39261460
i ran the script but it did not work. so lets just have it run without prompting to change password, but rather set the password to never expire. please write the batch script and attach it back to me.

set the admin to be Randy Wang
Password, set to P@ssw0rd
set the description to be Local Admin

Giving you max point for doing this. Please attach notepad file back. Thank you.
0
 
LVL 83

Expert Comment

by:oBdA
ID: 39261555
@echo off
setlocal
set NewAdmin=RandyWang
set NewPassword=P@ssw0rd
set NewComment=Local Admin
echo Creating user account '%NewAdmin%' ...
net.exe user "%NewAdmin%" "%NewPassword%" /add /comment:"%NewComment%"
echo Adding '%NewAdmin%' to local administrators ...
net.exe localgroup Administrators "%NewAdmin%" /add
REM *** If the "wmic.exe" line is executed, it will disable the "Must change password" option ("/logonpasswordchg:YES" in "net user /add"), because these two are mutually exclusive.
echo Setting password of '%NewAdmin%' to never expire ...
wmic.exe useraccount WHERE "Name='%NewAdmin%'" SET PasswordExpires=FALSE

Open in new window

0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 

Author Comment

by:rtangaccurate
ID: 39264730
This is great! I like the fact that it leaves existing accounts "As-is", and does not overwrite them. How can I push this out to all servers in my environment through GPO? Or can I push it out to all my servers without using GPO?
0
 
LVL 83

Expert Comment

by:oBdA
ID: 39265352
You can use a GPO startup script (http://technet.microsoft.com/en-us/library/cc779329(v=ws.10).aspx), which means the account will only be available once the server has rebooted), or use psexec (http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx). Create a list "Computernames.txt" (with a test computer in it first, and the server names if everything works OK) and use tis script (adjust "C:\Temp" and "NewUser.cmd" to whatever you're using):
@echo off
setlocal
for /f %%a in ('type "C:\Temp\Computernames.txt"') do (
	echo Processing %%a ...
	copy "C:\Temp\NewUser.cmd" "\\%%a\Admin$"
	psexec.exe \\%%a "C:\Windows\NewUser.cmd"
	del "\\%%a\Admin$\NewUser.cmd"
)

Open in new window

0
 

Author Comment

by:rtangaccurate
ID: 39267033
Can you modify the batch file to include Randy Wang under "Full Name"? I wont bother you anymore, after this. I will give the points you deserve. Thanks again.
0
 
LVL 83

Expert Comment

by:oBdA
ID: 39267225
@echo off
setlocal
set NewAdmin=RandyWang
set NewPassword=P@ssw0rd
set NewComment=Local Admin
set NewFullName=Randy Wang
echo Creating user account '%NewAdmin%' ...
net.exe user "%NewAdmin%" "%NewPassword%" /add /comment:"%NewComment%" /fullname:"%NewFullName%"
echo Adding '%NewAdmin%' to local administrators ...
net.exe localgroup Administrators "%NewAdmin%" /add
REM *** If the "wmic.exe" line is executed, it will disable the "Must change password" option ("/logonpasswordchg:YES" in "net user /add"), because these two are mutually exclusive.
echo Setting password of '%NewAdmin%' to never expire ...
wmic.exe useraccount WHERE "Name='%NewAdmin%'" SET PasswordExpires=FALSE

Open in new window

0
 

Author Comment

by:rtangaccurate
ID: 39267284
It did not add the Full Name.
0
 
LVL 83

Accepted Solution

by:
oBdA earned 500 total points
ID: 39267889
Which error(s) did show up?
Note that the script will not add the full name to an existing account, it will just set the full name when a new account is created. To add the full name to an existing account, all you need is
@echo off
setlocal
set NewAdmin=RandyWang
set NewFullName=Randy Wang
echo Adding full name 'NewFullName' to user account '%NewAdmin%' ...
net.exe user "%NewAdmin%" /fullname:"%NewFullName%" 

Open in new window

0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I have published numerous articles here at Experts Exchange that present programs/scripts written in a language called AutoHotkey. Each of those articles has a brief paragraph describing where to download the product and how to install it. I have al…
Learn about cloud computing and its benefits for small business owners.
Learn the basics of while and for loops in Python.  while loops are used for testing while, or until, a condition is met: The structure of a while loop is as follows:     while <condition>:         do something         repeate: The break statement m…
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now