VBS to create disable an existing user name userA then creates a new user account, set the password for it and finally promotes the new user to be local administrator

Hi,

We are looking for VBS script that will do the following VBS to disable an existing local account named USERA then creates a new local user account and sets a specific password to it and finally promotes the user to be local administrator.

The script will be run through Configuration Manager to our laptops and servers.
llaravaAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

RobSampsonCommented:
Hi, here is a script (slightly changed) that I used to do the same thing in my environment.  This will against the local computer only, which should be fine if it's run by CM.

Note that it uses PSExec to verify the credentials of the newly created user before disabling the old one.

You will need to change
strUsername = "newuseraccount"
strPassword = "newuserpassword"
strPSExec = "\\server\share\psexec.exe"
Set objUser = GetObject("WinNT://" & strComputer & "/USERA")

Regards,

Rob.

Option Explicit
Dim strUserCreated, strPasswordSet, strAddedToGroup, strAdminDisabled
Dim strUsername, strPassword, arrComputers, strComputer, colAccounts, objUser
Dim objWMIService, colComputer, objComputer, objAdminGroup
Dim objFSO, strPSExec, strCommand, objShell, intReturn, strVerified
Dim strLogFile, objFile, objLog
Dim objNetwork

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objShell = CreateObject("WScript.Shell")
Set objNetwork = CreateObject("WScript.Network")
strComputer = objNetwork.ComputerName

' Set up log file
strLogFile = Replace(WScript.ScriptFullName, WScript.ScriptName, "") & "LocalAdminChangeLog_" & strComputer & "_" & Year(Date) & Right("0" & Month(Date), 2) & Right("0" & Day(Date), 2) & Right("0" & Hour(Time), 2) & Right("0" & Minute(Time), 2) & Right("0" & Second(Time), 2) & ".csv"
Set objLog = objFSO.CreateTextFile(strLogFile, True)
objLog.WriteLine """Computer"",""New User Created"",""Password Set"",""Added to Admins"",""Verified"",""Admin Disabled"""

' Specify new user credentials
strUsername = "newuseraccount"
strPassword = "newuserpassword"

' Create the new local user account if it doesn't exist
On Error Resume Next
Err.Clear
Set objUser = GetObject("WinNT://" & strComputer & "/" & strUsername & ",user")
If Err.Number = -2147022675 Then
	Err.Clear
	On Error GoTo 0
	Set colAccounts = GetObject("WinNT://" & strComputer & "")
	Set objUser = colAccounts.Create("user", strUsername)
	strUserCreated = "Yes"
Else
	On Error GoTo 0
	strUserCreated = "Already exists"
End If

' Set the password for the new / existing user account
On Error Resume Next
objUser.SetPassword strPassword
objUser.SetInfo
If Err.Number = 0 Then
	strPasswordSet = "Yes"
Else
	strPasswordSet  "Error " & Err.Number & ": " & Err.Description
End If
Err.Clear
On Error GoTo 0

' Add the user to the local Administrators group
Set objAdminGroup = GetObject("WinNT://" & strComputer & "/Administrators")
If objAdminGroup.IsMember(objUser.ADsPath) = False Then
	On Error Resume Next
	objAdminGroup.Add(objUser.ADsPath)
	If Err.Number = 0 Then
		strAddedToGroup = "Yes"
	Else
		strAddedToGroup  "Error " & Err.Number & ": " & Err.Description
	End If
Else
	strAddedToGroup = "Already a member"
End If
Err.Clear
On Error GoTo 0

' Verify that the credentials are correct
strPSExec = "\\server\share\psexec.exe"
strCommand = objFSO.GetFile(strPSExec).ShortPath & " -accepteula -u " & strComputer & "\" & strUsername & " -p " & strPassword & " \\" & strComputer & " cmd /c"
intReturn = objShell.Run(strCommand, 0, True)
' intReturn = 1326 means invalid username or password
strVerified = "OK"
If intReturn <> 0 Then strVerified = "Error " & intReturn

' Disable the old account if the new account was successful
strAdminDisabled = "New account not verified"
If strPasswordSet = "Yes" And strVerified = "OK" Then
	Set objUser = GetObject("WinNT://" & strComputer & "/USERA")
	objUser.AccountDisabled = True
	On Error Resume Next
	objUser.SetInfo
	If Err.Number = 0 Then
		strAdminDisabled = "Yes"
	Else
		strAdminDisabled = "Error " & Err.Number & ": " & Err.Description
	End If
	Err.Clear
	On Error GoTo 0
Else
	strAdminDisabled = "Not disabled because new account was not verified"
End If

objLog.WriteLine """" & strComputer & """,""" & strUserCreated & """,""" & strPasswordSet & """,""" & strAddedToGroup & """,""" & strVerified & """,""" & strAdminDisabled & """"

objLog.Close

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VB Script

From novice to tech pro — start learning today.