Hey, Scripting Guy! How Can I Create the Same User Account and Password on Multiple Computers?
Hey, Scripting Guy! We have an application that runs on our local computers. It is a rather old application, and of course it is mission critical. Because this application is not Active Directory integrated, it means that I need to create a local user account on every computer that is going to run this particular application. All computers that run this application have the same user account created on them with the same password. I wish I could write a script that would create these accounts for me. Do you have any ideas?
We are hard at work on the 2009 Summer Scripting Games. We have been going back through literally thousands and thousands of old e-mails from the 2008 Winter Scripting Games. Our goal from this project is twofold. First we are trying to familiarize ourselves with all the things that went on last year so that we have a better feel for the way things were done and which things we can improve upon. Secondly, we have a poor old laptop that is sucking fumes in the resource department. When we open Office Outlook with all that e-mail, Outlook was consuming nearly half a gigabyte of memory. There was not much left in the way of resources. We am hoping by cleaning out the scripter inbox to reduce the memory footprint of my mission critical application—Office Outlook.
This week we will be looking at scripting Windows PowerShell as it applies to local account management. This is an area that comes up from time to time and for which there are not an awful lot of resources from which to choose. We have these tasks in the Script Center Script Repository pretty well hidden away in the Other Directory Services category. There are some great scripts in the Community-Submitted Scripts Center. Local account management has been a favorite topic of the “Hey, Scripting Guy!” articles over the years, and as a result we have a good selection of articles grouped together in the “Hey, Scripting Guy!” archive. The most extensive reference you will find is the MSDN coverage of the WinNT ADSI provider.
We decided to write the CreateLocalUser.ps1 script to create a local user account. You can find one that does a similar thing using VBScript.
$computer = [ADSI]"WinNT://$env:ComputerName" $user = $computer.Create("User", "MyTestUser") $user.setpassword("MyPassword") $user.put("description","My description") $user.SetInfo()
When we are talking about performing local account management, we are using the Computer Management tool seen in the following image. This tool can be found in the Administrative Tools section on your computer, but we prefer to launch it by typing compmgmt.msc in the Start/Run box. On Windows Vista you must start the tool with administrative rights.
Though it is true that a local user can be created by right-clicking Users and clicking New User to display the dialog box seen in the following image, the ability to create a local user from a script adds a useful tool that can be readily used to ease part of the management burden.
We do not even need to write a script if we do not want to do so. I can create a new local user account in one line of code from the Windows PowerShell console:PS C:\> (([adsi]"WinNT://.").Create("User","MyTestUser")).SetInfo()
We can also create a new local group in one line of code:PS C:\> (([adsi]"WinNT://.").Create("Group","MyTestGroup")).SetInfo()
The two lines of code are nearly identical. In fact, we used the up arrow to recall the previous command and changed the type of object to create and the name of the object. Let’s take a closer look at the syntax of the command. We start out with the [adsi] type accelerator. We then give it the ADSI provider we wish to use. In most examples, we use the LDAP provider because we are working with Active Directory. But because we are working with local user accounts, we need to use the WinNT provider.
The WinNT provider must be typed exactly like this: capital W, lower case in, and capital NT. All the ADSI providers are case sensitive. Remembering this can save you a lot of frustration later on if you are a sloppy typist.
The create user command that creates a local user named MyTestUser is seen in Table 1.
|Table 1 Local ADSI command to create a user|
ADSI type accelerator
Type of object
Now that we have some of the preliminaries out of the way, let’s take a detailed look at the CreateLocalUser.ps1 script. We begin by using the [adsi] type accelerator. We feed the [adsi] type accelerator the ADSI provider we wish to use. We are using the WinNT provider because we are working with local user accounts. We do not need to tell the command the name of the computer if we do not wish to do so. We could use a period as we did earlier in the command line examples. I chose to include the computer name by reading it from the environmental PSDrive. We store the object that is returned in the $computer variable:
$computer = [ADSI]"WinNT://$env:ComputerName"
Now we need to use the Create method so that we can create a new user. The Create method takes two arguments. The first argument is the type of object to create, and the second is the name we will give to the newly created object. We store the returned object in the $user variable as shown here:
$user = $computer.Create("User", "MyTestUser")
It is now time to specify the password for the user object. To do this, we use the setpassword method and give it the password for the user:
We next decide to populate the description attribute. To do this, we use the put method. The put method accepts two arguments: the first is the attribute to modify and the second is the value to put into that attribute. This is illustrated here:
Finally we call the SetInfo method just like we do when working with ADSI and Active Directory. The SetInfo method commits the changes back to the directory. This is seen here:
Well, ZT, that is about all there is to creating a local user account. We saw two methods for performing this feat; however, they use the same technique. Join us tomorrow as Local Account Management Week continues. Until then, peace.
Ed Wilson and Craig Liebendorfer, Scripting Guys