Sign in to follow this  
Followers 0

Create Local User Accounts

21 posts in this topic

#1 ·  Posted

I have a VBS script to create a Local User and adds them to the Administrator Group. I am trying to convert that script to AutoIt. I will eventually make a GUI and make it look nice. I can't get it to work though.

Here is what I have so far.

#include <GUIConstants.au3>

; RETRIEVE Computer Name
Dim $objNetwork, $strComputerName
$objNetwork = ObjCreate("WScript.Network")
$strComputer = $objNetwork.ComputerName

$strUserName = ("testuser")
$strFullName = ("Test User")
$strPassword = ("password")
$strGroup = ("administrator")

; Code To add User
$objSystem = ObjGet("WinNT://" & $strComputer)
$objUser = $objSystem.Create("user", $strUserName)
$objUser.FullName = $strFullName
$objUser.SetPassword ($strPassword)
$objUser.SetInfo

; Code to add User to Group
$objGroup = ObjGet("WinNT://" & $strComputer & "/" & $strGroup)
$objGroup.Add("WinNT://" (& $strComputer & "/" & $strUserName))
Exit

I can't seem to get it to work properly and add the user

Share this post


Link to post
Share on other sites



#2 ·  Posted

I know that you can add a user like this localy

$username = InputBox( "Input", "User Name: " )
$password = InputBox( "Input", "Password: " )
Run(@ComSpec & " /c " & 'Net User ' & $username & " " & $password & " /add", "", @SW_HIDE)
Run(@ComSpec & " /c " & "Net Localgroup Administrators " & $username & " /add", "", @SW_HIDE)

But I don't know if you are trying to do this remotely or not....

Maybe this helps, maybe not, either way free bump :)

Share this post


Link to post
Share on other sites

#3 ·  Posted

$objSystem = ObjGet("WinNT://localhost")
$objUser = $objSystem.Create("user", $strUserName)
$objUser.FullName = "Test User"
$objUser.SetPassword ("password")
$objUser.SetInfo
$objGroup = ObjGet("WinNT://localhost/Administrators")
$objGroup.Add("WinNT://"&$strUserName)

Share this post


Link to post
Share on other sites

#4 ·  Posted

All right so I am doing all right with adding the user and adding the user to certain groups.

Now I am wondering if I can check addition options when creating a user. The following options are available when creating a user account via Computer Management and would like to incorporate these in my script.

Options Are:

  • User must change password at next logon
  • User cannot change password
  • Password never expires
  • Account is disabled
I'm sure there is a way to do this I just have no clue how to code it.

Any ideas?

Share this post


Link to post
Share on other sites

#6 ·  Posted

How would I go about checking to see if a user account already exists?

I'd like to do this check so I can give an error message back if the user account I am trying to add already exists

Share this post


Link to post
Share on other sites

#7 ·  Posted

something to study :)

; Init objects
Const $ADS_UF_DONT_EXPIRE_PASSWD = 0X10000
Const $ADS_UF_PASSWD_CANT_CHANGE = 0X40
$UserName = 'Fred'
$Password = 'Wilma123'
$oMyError = ObjEvent("AutoIt.Error","MyErrFunc"); Install a custom error handler 
$strComputer = @ComputerName
; Check if account exists .. if not create it 
$objUser = ObjGet("WinNT://" & $strComputer & "/" & $UserName)
If @Error then 
    $colAccounts = ObjGet("WinNT://" & $strComputer & "")
    $objUser = $colAccounts.Create("user", $UserName)
    $objUser.SetPassword ($Password)
    $objUser.Put ("Fullname", "Test User")
    $objUser.Put ("Description", "Test User description")
    $objUser.SetInfo
EndIf
;
; Read current settings and Bitor to ensure the "Don't expire password swith is on" 
$oldFlags = $objUser.Get("UserFlags")
$newFlags = BitOR($oldFlags,$ADS_UF_DONT_EXPIRE_PASSWD)
$objUser.Put ("UserFlags", $newFlags) ;expire the password
$objUser.SetInfo
msgBox(262144,'Debug line ~' & @ScriptLineNumber,'Selection:' & @lf & ' dont Password Expired');### Debug MSGBOX
;
; Read current settings and Xor to ensure the "Don't expire password swith is off" 
$oldFlags = $objUser.Get("UserFlags")
$newFlags = BitXOR($oldFlags,$ADS_UF_DONT_EXPIRE_PASSWD)
$objUser.Put ("UserFlags", $newFlags) ;expire the password
$objUser.SetInfo
; Set the Password expire now
$objUser.Put ("PasswordExpired", 1) ;expire the password
$objUser.SetInfo
msgBox(262144,'Debug line ~' & @ScriptLineNumber,'Selection:' & @lf & 'PasswordExpired');### Debug MSGBOX
;
; Disable User ACcount
$objUser.AccountDisabled=1
$objUser.SetInfo
;
;Add User to group 
;$objGroup = ObjGet("WinNT://" & $strComputer & "/Administrators,group")
;$objGroup.Add($objUser.ADsPath)
;
;
; This is my custom error handler 

;~ $OldUser = "Fred"
;~ $NewUser = "Fredrenamed"
;~ $oUser = ObjGet("WinNT://" & @ComputerName & "/" _
;~               & $OldUser & ",user")
;~ $oComputer = ObjGet("WinNT://" & @ComputerName)
;~                                                                  MsgBox(262144,'Debug line ~25','Selection:' & @lf & '$oComputer' & @lf & @lf & 'Return:' & @lf & $oComputer & @lf & @lf & '@Error:' & @lf & @Error);### Debug MSGBOX
;~; rename user
;~ $oNewUser = $oComputer.MoveHere($oUser.ADsPath, $NewUser)


Func MyErrFunc() 
   $HexNumber=hex($oMyError.number,8) 
   Msgbox(0,"","We intercepted a COM Error !" & @CRLF & _
                "Number is: " & $HexNumber & @CRLF & _
                "Linenbr is: " & $oMyError.scriptline  & @CRLF & _
                "Description is: " & $oMyError.description  & @CRLF & _
                "Windescription is: " & $oMyError.windescription ) 

   SetError(1); something to check for when this function returns 
Endfunc

Visit the SciTE4AutoIt3 Download page for the latest versions                                                                 Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

#8 ·  Posted

@all

My 2 cents

This returns all the Users. If one exists you could check upon this returned list and EXIT.

#include <Array.au3>

Dim $strDomain

Do
    $strDomain = inputbox( "Please enter a domainname", "Input" )
until $strDomain <> ""

ListUsers( $strDomain )

Func ListUsers( $strDomain )
    $objComputer = ObjGet("WinNT://" & $strDomain )
    $objComputer.Filter = _ArrayCreate( "User" )
    For $objUser In $objComputer
        Consolewrite( "Name: " & $objUser.Name & @CRLF)
        Consolewrite( "Fullname: " & $objUser.Fullname & @CRLF)
        Consolewrite( "Description: " & $objUser.Description & @CRLF)
        Consolewrite( "AccountDisabled: " & $objUser.AccountDisabled & @CRLF)
        Consolewrite( "IsAccountLocked: " & $objUser.IsAccountLocked & @CRLF)
        Consolewrite( "Profile: " & $objUser.Profile & @CRLF)
        Consolewrite( "LoginScript: " & $objUser.LoginScript & @CRLF)
        Consolewrite( "HomeDirectory: " & $objUser.HomeDirectory & @CRLF)
        Consolewrite( @CRLF)    
    Next
EndFunc

regards,

ptrex

Share this post


Link to post
Share on other sites

#9 ·  Posted

What I have so far will find the existing User if it is typed into the GUI, and shoot back the Msgbox. Except after it still continues and tries to add the user instead of returning until the user is not found.

Here is what I have.

;Check to see if User Already Exists 
$strComputer = @ComputerName
    $objComputer = ObjGet("WinNT://" & $strComputer)
    $objComputer.Filter = _ArrayCreate( "User" )
    For $objUser In $objComputer
        If $objUser.Name = GuiCtrlRead($username) Then
            MsgBox(0,"Error", "Found You")
        ContinueLoop
        EndIf
        Next

What am I doing wrong?

Share this post


Link to post
Share on other sites

#10 ·  Posted

Anyone???

Share this post


Link to post
Share on other sites

#11 ·  Posted

Anyone???

my last posted script has a simple way to test the existence of the userid... have you tried ?

Jos


Visit the SciTE4AutoIt3 Download page for the latest versions                                                                 Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

#12 ·  Posted

Dude the answer was in the script above:

; Check if account exists .. if not create it
$objUser = ObjGet("WinNT://" & $strComputer & "/" & $UserName)
If @Error then
    $colAccounts = ObjGet("WinNT://" & $strComputer & "")
    $objUser = $colAccounts.Create("user", $UserName)
    $objUser.SetPassword ($Password)
    $objUser.Put ("Fullname", "Test User")
    $objUser.Put ("Description", "Test User description")
    $objUser.SetInfo
EndIf

Share this post


Link to post
Share on other sites

#13 ·  Posted

;Add User to group

;$objGroup = ObjGet("WinNT://" & $strComputer & "/Administrators,group")

;$objGroup.Add($objUser.ADsPath)

How do I know what groups exist on the local machine?

For example, administrators at other locales written differently

Share this post


Link to post
Share on other sites

#14 ·  Posted

@ynbIpb

Maybe this can help.

#include <Array.au3>

$strComputer = "."
$colGroups = ObjGet("WinNT://" & $strComputer & "")
$colGroups.Filter = _ArrayCreate("group")

For $objGroup In $colGroups
    For $objUser in $objGroup.Members
        ;If $objUser.name = "UserName" Then
        If $objGroup.Name = "Administrators" Then
            ConsoleWrite("Local Group " & $objGroup.Name & " Local User " & $objUser.name & @CRLF) 
        EndIf
    Next
Next

rgds

ptrex

Share this post


Link to post
Share on other sites

#15 ·  Posted

How do I know what groups exist on the local machine?

For example, administrators at other locales written differently

Microsoft has a KB article that lists the SIDs for all of the standard accounts/groups.

Read KB 243330.

The SID for the Administrators group is S-1-5-32-544 and always will be regardless of the name.

Share this post


Link to post
Share on other sites

#16 ·  Posted

Ok I am trying to modify this script for my own needs. I am not able to query WinNT://. so therefore cannot get any usable data from it

What I am trying to do is to determine if there are at least one administrator account which is not disabled.

First I need to loop through $objGroup.Members and get administrators and add them to an array

Secondly I need to loop through $objComputer using the administrator as a loop and then determining if the account is disabled or enabled.

If at least one admin account is enabled I can return a good value otherwise return a bad value.

I am having difficulty getting whether the account is enabled of not since the for loop is not working properly. I am new to arrays and probably am doing it wrong.

please help! :)

#include <Array.au3>
Dim $Array[1]

$strComputer = "."
$colGroups = ObjGet("WinNT://" & $strComputer & "")
$colGroups.Filter = _ArrayCreate("group")
For $objGroup In $colGroups
    For $objUser in $objGroup.Members
        ;If $objUser.name = "UserName" Then
        If $objGroup.Name = "Administrators" Then
            ;ConsoleWrite("Local Group " & $objGroup.Name & " Local User " & $objUser.name & @CRLF)
   _ArrayAdd($Array, $objUser.name)
        EndIf
    Next
Next

;Msgbox(0,"",Ubound($Array)-1)
$Array[0] = Ubound($Array)-1
;Msgbox(0,"",$Array[0])
;_ArrayDisplay($Array)

;~ For $i = 1 to $Array[0]
;~  ConsoleWrite($Array[$i] & @LF)
;~ Next


Dim $2Array[1]
Dim $strDomain
;Do
;   $strDomain = inputbox( "Please enter a domainname", "Input" )
;until $strDomain <> ""
$strDomain = "localhost"
ListUsers( $strDomain )
Func ListUsers( $strDomain )
    $objComputer = ObjGet("WinNT://" & $strDomain )
    $objComputer.Filter = _ArrayCreate( "User" )

    For $objUser In $objComputer
  For $i = 1 to $Array[0]
   ;ConsoleWrite($Array[$i] & @LF)
   If $objUser.Name = $Array[$i] Then
     Consolewrite( "Name: " & $objUser.Name & " AccountDisabled: " & $objUser.AccountDisabled & @CRLF)
     ;_ArrayAdd($2Array, $objUser.name & $objUser.AccountDisabled)
   EndIf
  Next
        ;Consolewrite( "Name: " & $objUser.Name & @CRLF)
        ;Consolewrite( "Fullname: " & $objUser.Fullname & @CRLF)
        ;Consolewrite( "Description: " & $objUser.Description & @CRLF)
        ;Consolewrite( "AccountDisabled: " & $objUser.AccountDisabled & @CRLF)
        ;Consolewrite( "IsAccountLocked: " & $objUser.IsAccountLocked & @CRLF)
        ;Consolewrite( "Profile: " & $objUser.Profile & @CRLF)
        ;Consolewrite( "LoginScript: " & $objUser.LoginScript & @CRLF)
        ;Consolewrite( "HomeDirectory: " & $objUser.HomeDirectory & @CRLF)
        ;Consolewrite( @CRLF)  
    Next
EndFunc

Share this post


Link to post
Share on other sites

#17 ·  Posted

Hey guys, dumb question...

Everytime i copy onme of these scripts into Primalscript(New VBScript), i get invalid character errors. Im sure im doing something stupid, but what is it?

Share this post


Link to post
Share on other sites

#18 ·  Posted

Hi, Pennsta39, welcome to the forum. This is an AutoIt forum, and these are AutoIt scripts, not vbscripts. If you copy directly into PrimalScript you are going to have issues. They would need to be converted from AutoIt to vbscript (although why you would want to do that is beyond me). If you would like to use these scripts, you'll need to download and install AutoIt to use them natively.


Dealing with end users: "Every day I play hide-and-seek with Stupid. Usually it finds me."

My Scripts: SCCM UDFInclude Source with Compiled Script, Disk Maintenance for Windows XP, "Deal-A-Day" Sites, Windows Firewall UDF

Share this post


Link to post
Share on other sites

#19 ·  Posted

Thank you for the response J. I want to run a script to add a local user into the login scrpt of one of out Domain admin acounts, so that when i login to a computer with the Domain Admin account(which has local admin rights), a new local admin account is created. I surely do not want to have to download Autoit program on every computer(would i even need to do that, or just make the script with the program, and it would run on other computers?) Any additional advice on how to accomplish my goal is greatly appreciated!

Share this post


Link to post
Share on other sites

#20 ·  Posted

easy, run batch file at login script

net user admin password01 /add

net localgroup Administrators admin /add

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0