Create a Local User on XP by Command Line

Author:
phil
Created:
Tuesday, June 01st, 2010
Last Updated:
Tuesday, June 01st, 2010

Disclaimer: Accessing the information on this page means you agree to the Sites Terms of Service


I recently had the need to create a local user account on an XP Pro machine that would need local administrative permissions for performing scheduled tasks on a machine. I wanted an automated approach to the setup so I set out and decided to make a little batch file that would utilize the various command line options of Windows XP. I don't really have anything to compare it to, such as a .vbs script so I can't say whether it's crude or polished, but it gets the job done and that's all I really care about.

I am going to assume you know how to create a batch file at this point, but if you don't, create a new text document and rename it to either .bat or .cmd (I recommend .cmd in Win2000 or higher)

The code:

@echo off
cls
echo Creating Local Account: username
pushd %~dp0
echo.
net user username password /ADD /FULLNAME:"User Name" /COMMENT:"Created by Phil, for running scheduled tasks" /ACTIVE:YES /PASSWORDCHG:NO /EXPIRES:NEVER
net localgroup "Administrators" username /add
wmic useraccount where "name='username'" set PasswordExpires=False
popd

A realworld example of this would be:

@echo off
cls
echo Creating Local Account: billybob
pushd %~dp0
echo.
net user billybob B!L1yb0B /ADD /FULLNAME:"Billy Bob" /COMMENT:"Created by Billy Bob, for doing important things" /ACTIVE:YES /PASSWORDCHG:NO /EXPIRES:NEVER
net localgroup "Administrators" billybob /add
wmic useraccount where "name='billybob'" set PasswordExpires=False
popd

The only things you should really need to change in the above example are the username billybob and the password B!L1yb0B

Speaking of password, you will notice that the password is plain text! This is a major security problem and I don't know how or really care about a scripted workaround. I just make sure the file resides in an area that won't be snooped by unwanted roving eyes...

You might notice a few things that aren't necessarily needed such as the pushd & popd... I run most of my scripts from a network share and I find it easier when the remote location is mapped vs. going through UNC paths. It just seems like I run into less problems if I use it in general. If you are wondering, the %~dp0 maps the drive to the current folder the script resides in, meaning you can move the script to a different folder and not have to manually change the script to match the new UNC path.

Also, the "/COMMENT:" option has a limit on the number of characters you can use. (I forget what it is... 255?) I recommend going through the steps to create a user the normal "GUI" way, and enter the user's "description" in the field, then when it stops typing, copy the the text and paste it into the command line /COMMENT: area.

For a little more information on the wmic useraccount command, check out my Password Never Expires on Local Account XP Command Line blog

Post Comment

Comments

@echo off
cls
echo Creating Local Account: %1
pushd %~dp0
echo.
net user %1 %2 /ADD /FULLNAME:"%1" /COMMENT:"Created by Phil, for running scheduled tasks" /ACTIVE:YES /PASSWORDCHG:NO /EXPIRES:NEVER
net localgroup "Administrators" %1 /add
wmic useraccount where "name='%1'" set PasswordExpires=False
popd

And saved it as Makelocaluser.bat

With this change there will be no password stored in the file
So when in command-prompt I type in:
makelocaluser test testing123
Then it will make a account with test as name and testing123 as password

Thanks for sharing! I don't know enough about programming to really make things whistle, but I can see what you've done for this instance and it is definitely more secure. : )