I need to create a new local user account, and then add them to the local Administrators group. Can this be done in PowerShell?
EDIT:
# Create new local Admin user for script purposes
$Computer = [ADSI]"WinNT://$Env:COMPUTERNAME,Computer"
$LocalAdmin = $Computer.Create("User", "LocalAdmin")
$LocalAdmin.SetPassword("Password01")
$LocalAdmin.SetInfo()
$LocalAdmin.FullName = "Local Admin by Powershell"
$LocalAdmin.SetInfo()
$LocalAdmin.UserFlags = 64 + 65536 # ADS_UF_PASSWD_CANT_CHANGE + ADS_UF_DONT_EXPIRE_PASSWD
$LocalAdmin.SetInfo()
I have this, but was wondering if there is anything more PowerShell-esque.
Another alternative is the old school NET USER commands:
NET USER username "password" /ADD
OK - you can't set all the options but it's a lot less convoluted for simple user creation & easy to script up in Powershell.
NET LOCALGROUP "group" "user" /add to set group membership.
As of PowerShell 5.1 there cmdlet New-LocalUser which could create local user account.
Example of usage:
Create a user account
New-LocalUser -Name "User02" -Description "Description of this account." -NoPassword
or Create a user account that has a password
$Password = Read-Host -AsSecureString
New-LocalUser "User03" -Password $Password -FullName "Third User" -Description "Description of this account."
or Create a user account that is connected to a Microsoft account
New-LocalUser -Name "MicrosoftAccount\usr name#Outlook.com" -Description "Description of this account."
Try using Carbon's Install-User and Add-GroupMember functions:
Install-User -Username "User" -Description "LocalAdmin" -FullName "Local Admin by Powershell" -Password "Password01"
Add-GroupMember -Name 'Administrators' -Member 'User'
Disclaimer: I am the creator/maintainer of the Carbon project.
As of 2014, here is a statement from a Microsoft representative (the Scripting Guy):
As much as we might hate to admit it, there are still no Windows
PowerShell cmdlets from Microsoft that permit creating local user
accounts or local user groups. We finally have a Desired State
Configuration (DSC ) provider that can do this—but to date, no
cmdlets.
Import-Csv C:\test.csv |
Foreach-Object {
NET USER $ _.username $ _.password /ADD
NET LOCALGROUP "group" $_.username /ADD
}
edit csv as username,password
and change "group" for your groupname
:) worked on 2012 R2
$sec_pass = ConvertTo-SecureString -String "SomePasword" -AsPlainText -Force
New-LocalUser -Name username -FullName username -PasswordNeverExpires -Password $sec_pass
Add-LocalGroupMember -Group Administrators -Member username
Related
What is the best way to add a user in a hybrid on-prem/o365 deployment with a mailbox? If I go into Exchange Admin Center on either the on-prem or o365 and add a recipient it replicates it out to the other EAC as well as adding the user to active directory on prem. Looking thru the powershell documentation it looks like the New-Mailbox command should do that but I cant get it to work. Here is what I have so far.
Connect-ExchangeOnline -Credential $credential -ShowProgress $true
Connect-AzureAD -Credential $credential
Connect-MsolService -Credential $credential
New-Mailbox -MicrosoftOnlineServicesID $uName"#mydomain.com" -Name "$fName $lName" -Password $secureString -ResetPasswordOnNextLogon $true
This creates the mailbox/user in o365 portal but not in on/off-prem EAC or active directory.
Steps:
First Create user and Assign a License
"New-ADUser -Name "user" -Accountpassword (Read-Host -AsSecureString "AccountPassword") -Enabled $true"
Enable remote Mailbox
"Enable-RemoteMailbox user -RemoteRoutingAddress user#domain.mail.onmicrosoft.com"
I'd like to write a PowerShell script which will update Teams members from input list/object. However if I run Connect-MicrosoftTeams command (to authenticate/connect to cloud service) for the first time I am asked to pick an account to use for login. This is an issue since I would like this script to be run as scheduled job. Is there a way how to avoid this when running Connect-MicrosoftTeams command ? Commands I am using:
$credential = Get-Credential
Connect-MicrosoftTeams -Credential $credential
I tried to use "-AccountId "email#address.com" but that didn't help. Of course later I will change Get-Credential to username and encrypted password
EDIT
If I run Connect-MicrosoftTeams -Credential $credential on other computer, where I've never been logged in with my account, instead of "Pick an account" window, I get credential window for username and password:
As commented, this is certainly a dissapointment, but Single-Sign-On cannot be enabled in Microsoft Teams.
See the discussion here
This should achieve what you're trying to do.
Credits to: https://www.jaapbrasser.com/quickly-and-securely-storing-your-credentials-powershell/
Save Credentials
$Credential = Get-Credential
$Credential | Export-CliXml -Path "<File path/name to save credentials"
Connect using saved credentials through MS Teams PowerShell
$Credential = Import-CliXml -Path "<path of exported credential>"
Connect-MicrosoftTeams -AccountId "<email>" -Credential $Credential
For that I always use this from Jaap Brasser:
https://www.jaapbrasser.com/quickly-and-securely-storing-your-credentials-powershell/
At the end I used other module 'AzureAD' and command 'Add-AzureADGroupMember':
# 'password' | ConvertTo-SecureString -AsPlainText -Force | ConvertFrom-SecureString $Password = "01000000d08c9..." | ConvertTo-SecureString
$Credentials = (New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "user#domain.com", $Password)
Connect-AzureAD -Credential $Credentials
$AZ_USER=Get-AzureADUser -Filter "UserPrincipalName eq 'user#domain.com'"
$AZ_GROUP=Get-AzureADGroup -Filter "DisplayName eq 'teams_name'"
Add-AzureADGroupMember -ObjectId $AZ_GROUP.ObjectId -RefObjectId $AZ_USER.ObjectId
then I have to wait couple hours until Active Directory and Teams got synchronized and users were added to AD groups / Teams teams. It's not ideal, but it works with saved credentials and with no user interaction.
The PowerShell script below works fine when I run it manually in a machine, but it won't run when deployed using Intune. It simply shows an error.
I have deployed this script using Intune with these settings -
(1) Run this script using the logged on credentials: No. (2)
Enforce script signature check: No. (3)
Run script in 64 bit PowerShell Host: No
Tested the script in a Windows 10 computer by starting CMD as admin, it works fine. Creates the local account if it does not exists, if it exists it changes the password.
PS> PowerShell -Ex ByPass scriptname.ps1
I am not able to find any event log (under DeviceManagement-Enterprise-Diagnostics-Provider) or error under MDMDiagnostics logs in the Intune enrolled Windows 10 computer.
$ExpectedLocalUser = "SUPERMAN"
$Password = ConvertTo-SecureString "P#ssw0rd" -AsPlainText -Force
Function Create_LocalAdmin
{
New-LocalUser $ExpectedLocalUser -Password $Password -FullName "Local Admin" -Description "Local Administrator account."
Add-LocalGroupMember -Group "Administrators" -Member $ExpectedLocalUser
Set-LocalUser -Name $ExpectedLocalUser -PasswordNeverExpires:$true
}
Try
{
## Catch if not found
$LocaAdminUser = Get-LocalUser -Name $ExpectedLocalUser -ErrorAction Stop
## If an account is found update the password
Set-LocalUser -Name $ExpectedLocalUser -Password $Password -PasswordNeverExpires:$true
}
Catch
{
Create_LocalAdmin
}
#mathias-r-jessen Suggestion worked. Changed to start PS in 64 bit host, and it worked.
I am trying to create an local account that automatically signs in when Windows loads. However, when signing in for the first time, the account is prompted to set a password. However, this account does not have a password set because of the -NoPassword flag. This computer is not joined to any domains.
I tried setting the -PasswordNeverExpires flag, but upon checking in lusrmgr.msc, the "User must set password on logon" box is still checked.
New-LocalUser "testmode" -NoPassword -FullName "test user" -Description "test sign-in account" -AccountNeverExpires
Add-LocalGroupMember -Group "Users" -Member "testmode"
Automatically sign the account in without prompting to set a password
Try this please:
Here you are first creating the user, then piping to set the properties of said user.
New-LocalUser -Name "testmode" -NoPassword -AccountNeverExpires -UserMayNotChangePassword -FullName "test user" -Description "test sign-in account" | Set-LocalUser -PasswordNeverExpires $true
It should yield this:
I am trying to write a Powershell script to create a new Windows user an then log into that new account. I can create the new account like so:
New-LocalUser -Name $username -Description 'SomeAccountName' -Password 'SomePassword' -PasswordNeverExpires -UserMayNotChangePassword
But I am unsure if I am then able to log into the new account from the same script. Is this possible? And if so, how could I go about doing so?