I recently had the need to create a local user account on an XP Pro machine that would need local administrative permissions for performing scheduled tasks on a machine. I wanted an automated approach to the setup so I set out and decided to make a little batch file that would utilize the various command line options of Windows XP. I don't really have anything to compare it to, such as a .vbs script so I can't say whether it's crude or polished, but it gets the job done and that's all I really care about.
I am going to assume you know how to create a batch file at this point, but if you don't, create a new text document and rename it to either .bat or .cmd (I recommend .cmd in Win2000 or higher)
@echo off cls echo Creating Local Account: username pushd %~dp0 echo. net user username password /ADD /FULLNAME:"User Name" /COMMENT:"Created by Phil, for running scheduled tasks" /ACTIVE:YES /PASSWORDCHG:NO /EXPIRES:NEVER net localgroup "Administrators" username /add wmic useraccount where "name='username'" set PasswordExpires=False popd
A realworld example of this would be:
@echo off cls echo Creating Local Account: billybob pushd %~dp0 echo. net user billybob B!L1yb0B /ADD /FULLNAME:"Billy Bob" /COMMENT:"Created by Billy Bob, for doing important things" /ACTIVE:YES /PASSWORDCHG:NO /EXPIRES:NEVER net localgroup "Administrators" billybob /add wmic useraccount where "name='billybob'" set PasswordExpires=False popd
The only things you should really need to change in the above example are the username billybob and the password B!L1yb0B
Speaking of password, you will notice that the password is plain text! This is a major security problem and I don't know how or really care about a scripted workaround. I just make sure the file resides in an area that won't be snooped by unwanted roving eyes...
You might notice a few things that aren't necessarily needed such as the pushd & popd... I run most of my scripts from a network share and I find it easier when the remote location is mapped vs. going through UNC paths. It just seems like I run into less problems if I use it in general. If you are wondering, the %~dp0 maps the drive to the current folder the script resides in, meaning you can move the script to a different folder and not have to manually change the script to match the new UNC path.
Also, the "/COMMENT:" option has a limit on the number of characters you can use. (I forget what it is... 255?) I recommend going through the steps to create a user the normal "GUI" way, and enter the user's "description" in the field, then when it stops typing, copy the the text and paste it into the command line /COMMENT: area.
For a little more information on the wmic useraccount command, check out my Password Never Expires on Local Account XP Command Line blog