New User - Local User Account - User cannot change pw

Hellow, Experts,

I am trying to figure out the syntax for creating a new local user with a pre-scripted pw and and the property to not allow pw to expire nor allowing user to change pw.

I have attached a picture of the properties I want.

Here is the code I have:

New-LocalUser "UserX" -Password $Password -PasswordNeverExpires:$true "missing here the part about user cannot change pw"
new-user.png
sj77Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jason CrawfordTransport NinjaCommented:
How are you defining the $password variable?
0
sj77Author Commented:
$password = Read-Host -AsSecureString

However, if there is a more efficient way to do this script in one line that would be ideal.
0
Jason CrawfordTransport NinjaCommented:
$pass = 'Password1'
New-LocalUser 'UserX' -Password ($pass | ConvertTo-SecureString -AsPlainText -Force) -UserMayNotChangePassword

Open in new window

0
Defend Against the Q2 Top Security Threats

Were you aware that overall malware worldwide was down a surprising 42% from Q1'18? Every quarter, the WatchGuard Threat Lab releases an Internet Security Report that analyzes the top threat trends impacting companies worldwide. Learn more by viewing our on-demand webinar today!

sj77Author Commented:
That did not seem to work in regard to the check mark on the property value "User may not change password" in the picture shown below. Everything else worked fine.
0
Jason CrawfordTransport NinjaCommented:
What does this output look like?

Get-LocalUser UserX | Select-Object UserMayChangePassword

Open in new window

0
sj77Author Commented:
I changed it up because I need the property to not allow user to change password. I got this output attached.
2nd.png
0
Jason CrawfordTransport NinjaCommented:
That shouldn't be if you ran the command I provided...weird.  Are you sure you included the -UserMayNotChangePassword switch?
0
Shaun VermaakTechnical Specialist IVCommented:
You can always use a Set-ADUser after creation
Set-ADUser -Identity $User -CannotChangePassword $True -PasswordNeverExpires $True

Open in new window

0
Jason CrawfordTransport NinjaCommented:
It's a local Windows user not an AD user.
0
sj77Author Commented:
Right it is a local user and not an AD user.

The goal is to create local users (5 at time) and each line indicating a new user.

For example, in cmd you can do:

net user StationName "Password" /add UserPasswordExpire: False UserCannotChangePassword:false

I am able to create 5 lines creating 5 different users. I want the same to apply here but in powershell.
0
Jason CrawfordTransport NinjaCommented:
Here is one way:

$pass = 'Password1'
'User1','User2','User3','User4','User5' | ForEach-Object {
    New-LocalUser $_ -Password ($pass | ConvertTo-SecureString -AsPlainText -Force) -UserMayNotChangePassword
}

Open in new window

0
Shaun VermaakTechnical Specialist IVCommented:
Checked the source code and this has it
https://gallery.technet.microsoft.com/scriptcenter/Local-Account-Management-a777191b

Edit: I see this is now native to PowerShell
0
sj77Author Commented:
Jason,

What if each user has a different password that we wanted to set? How is that best handled?
0
Jason CrawfordTransport NinjaCommented:
It would depend on what the passwords looked like.  If it was just something like Password1,Password2, etc you could just assign it to a variable and add a number in a do loop but I'm sure you have stricter requirements than that.  I think a .csv file is going to be the best option here.

Import-Csv .\users.csv | ForEach-Object {
    New-LocalUser $_.name -Password ($_.password | ConvertTo-SecureString -AsPlainText -Force) -UserMayNotChangePassword
}

Open in new window

Sample .csv file attached.
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sj77Author Commented:
This indeed helped out.

Thanks, Jason!
0
sj77Author Commented:
what would example template of csv look like for the above?
0
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
In the CSV file, you need (at least) two columns Name and Password, and content as obvious.
0
sj77Author Commented:
so name, password, UserCannotChangePW, PasswordDoesNotExpire.   ? or are the last two passed as properties when the new user is created.
0
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
The script is only using Name and Password. UserMayNotChangePassword is set by the script unconditionally, PasswordDoesNotExpire would have to be added to the script if desired. I would keep both out of the CSV file (and set them hard-coded in the script).
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Powershell

From novice to tech pro — start learning today.