Windows CLI: Net User

gjacobse

@gjacobse said in Windows CLI: Net User:

@dashrender @scottalanmiller

Yea,.. been trying some of that too... with about as much success.

I.e.: None

Dashrender

Are you using a admin level command prompt or powershell shell?

gjacobse

@dashrender said in Windows CLI: Net User:

Are you using a admin level command prompt or powershell shell?

Neither-

Command line via ScreenConnect

Dashrender

@gjacobse said in Windows CLI: Net User:

@dashrender said in Windows CLI: Net User:

Are you using a admin level command prompt or powershell shell?

Neither-

Command line via ScreenConnect

Well considering that ScreenConnect is an admin tool - I would HOPE that it is running those commands at an admin village level, but really have no clue.

Are you initiating PowerShell when you try to run a PS script?

JaredBusch

@dashrender said in Windows CLI: Net User:

@gjacobse said in Windows CLI: Net User:

@dashrender said in Windows CLI: Net User:

Are you using a admin level command prompt or powershell shell?

Neither-

Command line via ScreenConnect

Well considering that ScreenConnect is an admin tool - I would HOPE that it is running those commands at an admin village level, but really have no clue.

Yes it runs in the context of the service which has admin rights by default.

Mike Davis

I haven't tried it, but it seems like running powershell through screenconnect command line would be problematic at best. I'm not even sure how you would change the execution policy to let you call scripts.

Mike Davis

@gjacobse said in Windows CLI: Net User:

But when I try to sign with this account I am unable to do so, even though the command completed successfully.

Usually the next thing I do after creating a local user like that is add it to the right local group.

Then when logging in, make sure you're using .\testNTGuser
so that it's not looking for a domain account with that name.

gjacobse

@mike-davis said in Windows CLI: Net User:

I haven't tried it, but it seems like running powershell through screenconnect command line would be problematic at best. I'm not even sure how you would change the execution policy to let you call scripts.

Running the command via SC CLI seemed to work perfectly. Just can't sign on.

gjacobse

@mike-davis said in Windows CLI: Net User:

@gjacobse said in Windows CLI: Net User:

But when I try to sign with this account I am unable to do so, even though the command completed successfully.

Usually the next thing I do after creating a local user like that is add it to the right local group.

Then when logging in, make sure you're using .\testNTGuser
so that it's not looking for a domain account with that name.

Right,.. has to be added to the Admin group, and yes the .\ added for local access.

Dashrender

@gjacobse said in Windows CLI: Net User:

@mike-davis said in Windows CLI: Net User:

I haven't tried it, but it seems like running powershell through screenconnect command line would be problematic at best. I'm not even sure how you would change the execution policy to let you call scripts.

Running the command via SC CLI seemed to work perfectly. Just can't sign on.

Have you tried running the same command from a normal command prompt on the system?
Could this be a UAC thing? i.e. the command is run in the system context, but like being logged in as a local admin, launching a command prompt is not the same as right click, run as admin command prompt.

black3dynamite

Try enabling the account.
net user testNTGtest /active:yes

gjacobse

Thanks for bring this back up - been tied up with testing it,.. succeeding, and getting into other things.

It ~may~ have been the password I used. I reset it to a more simple one, and it worked fine as

net user testNTGtest s0m3p@s$ /add /passwordreq:yes  /fullname:"userTest"

wrx7m

I am currently using this script (and deploying via GPO startup script) to create a local admin account that will, shortly thereafter, be administered by LAPS -

net user "Company Admin" passwordgoeshere /add /passwordreq:yes /fullname:"Company Admin"
net localgroup Administrators "Company Admin" /add

dbeato

@gjacobse It is the password you are using, you need to put passwords with special characters in command prompt with ' ' such as:\

net user testNTGtest 's0m3p@s$' /add /passwordreq:yes /fullname:"userTest"