New User - Local User Account - User cannot change pw

Hellow, Experts,

I am trying to figure out the syntax for creating a new local user with a pre-scripted pw and and the property to not allow pw to expire nor allowing user to change pw.

I have attached a picture of the properties I want.

Here is the code I have:

New-LocalUser "UserX" -Password $Password -PasswordNeverExpires:$true "missing here the part about user cannot change pw"
new-user.png
sj77Asked:
Who is Participating?
 
Jason CrawfordConnect With a Mentor Transport NinjaCommented:
It would depend on what the passwords looked like.  If it was just something like Password1,Password2, etc you could just assign it to a variable and add a number in a do loop but I'm sure you have stricter requirements than that.  I think a .csv file is going to be the best option here.

Import-Csv .\users.csv | ForEach-Object {
    New-LocalUser $_.name -Password ($_.password | ConvertTo-SecureString -AsPlainText -Force) -UserMayNotChangePassword
}

Open in new window

Sample .csv file attached.
1
 
Jason CrawfordTransport NinjaCommented:
How are you defining the $password variable?
0
 
sj77Author Commented:
$password = Read-Host -AsSecureString

However, if there is a more efficient way to do this script in one line that would be ideal.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
Jason CrawfordTransport NinjaCommented:
$pass = 'Password1'
New-LocalUser 'UserX' -Password ($pass | ConvertTo-SecureString -AsPlainText -Force) -UserMayNotChangePassword

Open in new window

0
 
sj77Author Commented:
That did not seem to work in regard to the check mark on the property value "User may not change password" in the picture shown below. Everything else worked fine.
0
 
Jason CrawfordTransport NinjaCommented:
What does this output look like?

Get-LocalUser UserX | Select-Object UserMayChangePassword

Open in new window

0
 
sj77Author Commented:
I changed it up because I need the property to not allow user to change password. I got this output attached.
2nd.png
0
 
Jason CrawfordTransport NinjaCommented:
That shouldn't be if you ran the command I provided...weird.  Are you sure you included the -UserMayNotChangePassword switch?
0
 
Shaun VermaakTechnical Specialist/DeveloperCommented:
You can always use a Set-ADUser after creation
Set-ADUser -Identity $User -CannotChangePassword $True -PasswordNeverExpires $True

Open in new window

0
 
Jason CrawfordTransport NinjaCommented:
It's a local Windows user not an AD user.
0
 
sj77Author Commented:
Right it is a local user and not an AD user.

The goal is to create local users (5 at time) and each line indicating a new user.

For example, in cmd you can do:

net user StationName "Password" /add UserPasswordExpire: False UserCannotChangePassword:false

I am able to create 5 lines creating 5 different users. I want the same to apply here but in powershell.
0
 
Jason CrawfordTransport NinjaCommented:
Here is one way:

$pass = 'Password1'
'User1','User2','User3','User4','User5' | ForEach-Object {
    New-LocalUser $_ -Password ($pass | ConvertTo-SecureString -AsPlainText -Force) -UserMayNotChangePassword
}

Open in new window

0
 
Shaun VermaakTechnical Specialist/DeveloperCommented:
Checked the source code and this has it
https://gallery.technet.microsoft.com/scriptcenter/Local-Account-Management-a777191b

Edit: I see this is now native to PowerShell
0
 
sj77Author Commented:
Jason,

What if each user has a different password that we wanted to set? How is that best handled?
0
 
sj77Author Commented:
This indeed helped out.

Thanks, Jason!
0
 
sj77Author Commented:
what would example template of csv look like for the above?
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
In the CSV file, you need (at least) two columns Name and Password, and content as obvious.
0
 
sj77Author Commented:
so name, password, UserCannotChangePW, PasswordDoesNotExpire.   ? or are the last two passed as properties when the new user is created.
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
The script is only using Name and Password. UserMayNotChangePassword is set by the script unconditionally, PasswordDoesNotExpire would have to be added to the script if desired. I would keep both out of the CSV file (and set them hard-coded in the script).
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.