7

I am working on Windows 10 Assigned Access for Desktop for version 1607.

Mission: I need to get Assigned Access to work with Powershell.

Steps done: I create a new LocalUser account with New-LocalUser and I enable the account with Enable-LocalUser. To check if the account is added, I run Get-LocalUser and see that the account is created (see attachment).

Issue: To double check I go to the PC settings for Accounts-Family & other people, but I cannot see the new local user account "KioskTest".

I have restarted the computer but the account is not added to "Family & Other people".

I have spent some time on this and I would really appreciate your help, How can I make sure that the added Local user "KioskTest" is shown in the PC Accounts settings-Family & other people, when using Powershell?

I can Set-AssignedAccess, when I do Get-AssignedAccess I can see that it is there. Trouble is, I cannot login to the local user account because I cannot find the account in the settings for the PC.

It's like powershell has "hidden" the local user account from my client computer!!!

ADDED information + updated images: After some trial and error I found out the following:

  • Using NET USER username password/ADD --works perfectly! I can find the user account and login as a customer would. The account is part of the LocalGroupMember
  • The local user account created with New-LocalUser with Powershell does NOT appear in the PC account settings BUT if you click on set assigned access in the Family & other people the system finds the local user account (see attachment). However you cannot login to the account as it seemingly does not have a group membership! Not great for testing :(

See attachment: Powershell Get-AssignedAccess PC Account settings Family & other people

Improve this question
2
  • What happens when you use PowerShell to set assigned access? Here's the TechNet article on Set-AssignedAccess Commented Sep 21, 2016 at 13:53
  • Sure thing, I can Set-AssignedAccess! But most important, how can I login to the local user account to test Assigned Access as the account is not showing up in the PC accounts settings Family & other people? Commented Sep 21, 2016 at 15:03

5 Answers 5

Reset to default
5

In my case it was a group membership issue. I have created some users with powershell new-localuser, but they did not show up in any GUI and I was unable to log on. The users were only visible in powershell with get-localuser and lusmgr. In settings, control panel 'user accounts' and login screen they did not show up.

I just had to add the new users to the local 'users' group. Once this was done, the new users were visible in all settings and available for login.

I was unaware of that local security policy (local policy/user rights assignment/allow log on locally) restricting login to 'Guest,Administrators,Users,Backup Operators'.

Either add the users to one of these groups or add them to the local security policy.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Add-LocalGroupMember -Group "users" -Member "MyUser"
1

This isn't really a PowerShell issue and might be better suited for SuperUser. But I would guess that this is an issue with group membership. Unfortunately get-localuser doesn't give membership. So something like this would be the PowerShell way to check which user objects belong to which local groups. 

Get-Localgroup | % { "`n$($_.name)`n"; get-localgroupmember $_}

Then check through which groups other user objects are a member of and add the KioskTest account to that group using this:

Add-LocalGroupMember -Group "ExampleGroup" -Member "KioskTest"
Improve this answer

1 Comment

I tried a couple of different ways of adding the local account and it seems to boil down to the lacking of membership through new-localuser. It's the best guess so far :-) I will talk to the program manager for Assigned Access and see what we can figure out! Thanks for taking the time to help, I really appreciate it!
0

To validate user is created or not, the below simple command helps. You may try it.

  1. In case user is created you will get below output Command- net user TestUser2 Output- User name TestUser2

  2. When user is not present Command- net user TestUser output- The user name could not be found.

Improve this answer

Comments

0

I had the same issue. The problem was that when specifying the group I didn´t take into account that before the name of the group needs to go domain or in my case, name of the virtual machine. Therefore the command will look like this: ... -Group "DomainName\ExampleGroup" ...

You can check the existing groups on your machine by typing lusrmgr in Window´s run window.

Improve this answer

Comments

0

Try using Switch-User -UserName "KioskTest". It didn't find the cmdlet for me, but that might be because I wasn't running PS elevated and I was on 5.1. It might just be for 7.x+. Download PS 7 for Windows at aka.ms/PSWindows.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.