• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 165
  • Last Modified:

VBS to create disable an existing user name userA then creates a new user account, set the password for it and finally promotes the new user to be local administrator

Hi,

We are looking for VBS script that will do the following VBS to disable an existing local account named USERA then creates a new local user account and sets a specific password to it and finally promotes the user to be local administrator.

The script will be run through Configuration Manager to our laptops and servers.
0
llarava
Asked:
llarava
1 Solution
 
RobSampsonCommented:
Hi, here is a script (slightly changed) that I used to do the same thing in my environment.  This will against the local computer only, which should be fine if it's run by CM.

Note that it uses PSExec to verify the credentials of the newly created user before disabling the old one.

You will need to change
strUsername = "newuseraccount"
strPassword = "newuserpassword"
strPSExec = "\\server\share\psexec.exe"
Set objUser = GetObject("WinNT://" & strComputer & "/USERA")

Regards,

Rob.

Option Explicit
Dim strUserCreated, strPasswordSet, strAddedToGroup, strAdminDisabled
Dim strUsername, strPassword, arrComputers, strComputer, colAccounts, objUser
Dim objWMIService, colComputer, objComputer, objAdminGroup
Dim objFSO, strPSExec, strCommand, objShell, intReturn, strVerified
Dim strLogFile, objFile, objLog
Dim objNetwork

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objShell = CreateObject("WScript.Shell")
Set objNetwork = CreateObject("WScript.Network")
strComputer = objNetwork.ComputerName

' Set up log file
strLogFile = Replace(WScript.ScriptFullName, WScript.ScriptName, "") & "LocalAdminChangeLog_" & strComputer & "_" & Year(Date) & Right("0" & Month(Date), 2) & Right("0" & Day(Date), 2) & Right("0" & Hour(Time), 2) & Right("0" & Minute(Time), 2) & Right("0" & Second(Time), 2) & ".csv"
Set objLog = objFSO.CreateTextFile(strLogFile, True)
objLog.WriteLine """Computer"",""New User Created"",""Password Set"",""Added to Admins"",""Verified"",""Admin Disabled"""

' Specify new user credentials
strUsername = "newuseraccount"
strPassword = "newuserpassword"

' Create the new local user account if it doesn't exist
On Error Resume Next
Err.Clear
Set objUser = GetObject("WinNT://" & strComputer & "/" & strUsername & ",user")
If Err.Number = -2147022675 Then
	Err.Clear
	On Error GoTo 0
	Set colAccounts = GetObject("WinNT://" & strComputer & "")
	Set objUser = colAccounts.Create("user", strUsername)
	strUserCreated = "Yes"
Else
	On Error GoTo 0
	strUserCreated = "Already exists"
End If

' Set the password for the new / existing user account
On Error Resume Next
objUser.SetPassword strPassword
objUser.SetInfo
If Err.Number = 0 Then
	strPasswordSet = "Yes"
Else
	strPasswordSet  "Error " & Err.Number & ": " & Err.Description
End If
Err.Clear
On Error GoTo 0

' Add the user to the local Administrators group
Set objAdminGroup = GetObject("WinNT://" & strComputer & "/Administrators")
If objAdminGroup.IsMember(objUser.ADsPath) = False Then
	On Error Resume Next
	objAdminGroup.Add(objUser.ADsPath)
	If Err.Number = 0 Then
		strAddedToGroup = "Yes"
	Else
		strAddedToGroup  "Error " & Err.Number & ": " & Err.Description
	End If
Else
	strAddedToGroup = "Already a member"
End If
Err.Clear
On Error GoTo 0

' Verify that the credentials are correct
strPSExec = "\\server\share\psexec.exe"
strCommand = objFSO.GetFile(strPSExec).ShortPath & " -accepteula -u " & strComputer & "\" & strUsername & " -p " & strPassword & " \\" & strComputer & " cmd /c"
intReturn = objShell.Run(strCommand, 0, True)
' intReturn = 1326 means invalid username or password
strVerified = "OK"
If intReturn <> 0 Then strVerified = "Error " & intReturn

' Disable the old account if the new account was successful
strAdminDisabled = "New account not verified"
If strPasswordSet = "Yes" And strVerified = "OK" Then
	Set objUser = GetObject("WinNT://" & strComputer & "/USERA")
	objUser.AccountDisabled = True
	On Error Resume Next
	objUser.SetInfo
	If Err.Number = 0 Then
		strAdminDisabled = "Yes"
	Else
		strAdminDisabled = "Error " & Err.Number & ": " & Err.Description
	End If
	Err.Clear
	On Error GoTo 0
Else
	strAdminDisabled = "Not disabled because new account was not verified"
End If

objLog.WriteLine """" & strComputer & """,""" & strUserCreated & """,""" & strPasswordSet & """,""" & strAddedToGroup & """,""" & strVerified & """,""" & strAdminDisabled & """"

objLog.Close

Open in new window

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now