3

tried creating users with powershel.This worked fine for local machine. But how to create a local user account in a remote machine using remote powershell?

The script localwindows.ps1 is 

$comp = [adsi]'WinNT://machinename,computer';
$user = $comp.Create('User', 'account4');
$user.SetPassword('change,password.10');
$user.SetInfo();

I tried the same thing through C# : 

            PSCredential credential = new PSCredential(userName, securePassword);
            WSManConnectionInfo connectionInfo = new WSManConnectionInfo(false, "machinename", 5985, "/wsman", shellUri, credential);
            using (Runspace runspace = RunspaceFactory.CreateRunspace(connectionInfo))
            {

                runspace.Open();
                 String file = "C:\\localwindows.ps1";
                 Pipeline pipeline = runspace.CreatePipeline();
                 pipeline.Commands.AddScript(System.IO.File.ReadAllText(file));                    
                 pipeline.Commands.Add("Out-String");

                 // execute the script 
                 Collection<PSObject> results = pipeline.Invoke();
              }

This also works fine locally .But for remote computer its throwing exception "create :Access is denied ".

Improve this question
3
  • can you add your PowerShell script in the case Commented Nov 26, 2013 at 8:08
  • I have edited the content with the powershell script. Commented Nov 26, 2013 at 9:21
  • gallery.technet.microsoft.com/scriptcenter/… Commented Oct 8, 2014 at 17:43

6 Answers 6

Reset to default
2

I was able to create a local user account in a remote computer using the following command : 

Invoke-Command -ComputerName machineName -filepath c:\script.ps1 -credential  $getcredential

The script is 

$comp = [adsi]'WinNT://localhost,computer';
$user = $comp.Create('User', 'account11');
$user.SetPassword('change,password.10');
$user.SetInfo();
$user
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Use the ADSI WinNT provider:

$username = "foo"
$password = "bar"
$computer = "hostname"

$prov = [adsi]"WinNT://$computer"
$user = $prov.Create("User", $username)
$user.SetPassword($password)
$user.SetInfo()
Improve this answer

4 Comments

I used the above method for connecting to localhost.But while trying to create it in a remote machine its throwing the exception: 'Exception calling "setinfo" with "0" argument(s): "Access is denied. " At line:1 char:12 + $HD.setinfo <<<< () + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvokeTI'
Make sure your account is authorized for remote access to that host, that remote management is enabled (winrm qc) and that the Windows Firewall on the remote host allows access.
How to pass the credential of an account which has permission in the remote host?
Try New-Object System.DirectoryServices.DirectoryEntry("WinNT://$computer", $adminuser, $adminpass) instead of [adsi]"WinNT://$computer".
0

The powershell script invoke-Command executes any powershell script on a remote computer. You didn't say just how you use powershell to create the user, but as an example you write:

invoke-command -computername myserver {[ADSI]$server="WinNT://localhost";$HD=$server.Create("User","HD");$HD.SetPassword("H3lpD3>K");$HD.SetInfo()}

You can also execute your local powershell script remotely by using the -filepath parameter:

Invoke-Command -ComputerName MyRemoteServer -filepath c:\Scripts\DaScript.ps1

To enable remote commands you will have to enable winrm on the remote computer. you can do this by running

winrm quickconfig

On the remote computer.

Improve this answer

6 Comments

I tried in the following way[ADSI]$server="WinNT://localhost" $HelpDesk=$server.Create("User","HelpDesk") $HelpDesk.SetPassword("H3lpD3>K") $HelpDesk.SetInfo()
I tried in the following way : [ADSI]$server="WinNT://localhost" $HelpDesk=$server.Create("User","HelpDesk") $HelpDesk.SetPassword("H3lpD3>K") $HelpDesk.SetInfo() But while giving the following I am getting error: [ADSI]$server="WinNT://$servername" $HD=$server.Create("User","HD") $HD.SetPassword("H3lpD3>K") $HD.SetInfo()
I am getting the error :'Exception calling "setinfo" with "0" argument(s): "Access is denied. " At line:1 char:12 + $HD.setinfo <<<< () + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvokeTI' Here the servername is the name of the remote computer to connect to.
I've updated my answer with your code, and tested it to work fine on my network. It looks like you have some access issues. Make sure you run your Powershell window as administrator and that you have run the winrm quickconfig on the remote server.
Localhost works fine for me. I started the powershell as administrator. Also I ran 'winrm quickconfig' on the remote machine.But I am getting the error "Exception calling "SetInfo" with "0" argument(s): "Unspecified error " At line:1 char:12 + $HD.SetInfo <<<< () + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvokeTI"
|
0

If you have a PowerShell script to create a local user account locally on a server, then just simply use PSExec to run it on remote machines with administrative account

Improve this answer

8 Comments

I tried executing the sript on the remote computer usinf the following command - C:\localwindows.ps1 PSexec.exe \\%comp% -c -f -u Domain\username %ScriptPath% But I am still getting the error Exception calling "SetInfo" with "0" argument(s): "Access is denied. " At C:\localwindows.ps1:4 char:14 + $user.SetInfo <<<< (); + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvokeTI
OK i will take a look at this when I get to work. In the meantime, try checking the windows log on the remote machine and see if anything is logged. Also confirm if the domain account used is both a member of the domain admin group and local administrators group on the target machines
The account I used was of a user(local Administrators role) on the domain. I tried with Computer\Adminisrator to create account on a remote machine, but that also threw excepton: "Access is denied. "
OK I forgot to mention here, when you try to run psexec, open the command prompt as administrator and also disable UAC on both machines. UAC sometimes could be a pain... You can create a chat for this so this post does not get too long. Also what OS are you trying this on
I tried to create local account from a windows 7 machine in another windows 7 machine. The user in the local machine doesnot have administrative role in the remote windows 7 machine. I tried creating a local user account from windows 7 to windows 2008 r2, it worked fine since the user in windows 7 had privilege on the remote machine.
|
0

Invoke-Command works but you can also use Enter-PSSession -Computer to submit commands locally on a remote machine. The following will prompt the user for the username and add them to the local Administrators group with no password:

$user = read-host 'What is the name of the local user you would like to add?'
net user /add $user
net localgroup Administrators /add $user
Improve this answer

Comments

0

I don't know if the question is still relevant, but I have tried this out and found what needs to be fixed. When you create the directory entry object, use the following code

$objOu = New-Object System.DirectoryServices.DirectoryEntry("WinNT://$computer", $admin, $adminPass, "Secure")

The rest is the same.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.