Creating Local Users and Assigning Groups with VBScript

Ugh, I feel bad I haven’t posted in so long!  I really want to get this thing going and have people visit, which really hasn’t happened yet.  Today I am posting a script that adds a specific local user to the Administrators group, and if that user doesn’t exist, creates it, then attempts to add it to the administrators group again.  It also runs another script I wrote that we store on a central server to update the account’s password with whatever that month’s password is.  We change our passwords monthly as a security precaution.  So here is the script with actual account names changed from what I use.   Tomorrow I will post the script I use to set the password to our monthly default.
 
 
‘ ************************************************************************
‘ **
‘ **  AddLocalAdmin.vbs
‘ **    Written by Scott Heath
‘ **    Created on March 31, 2008
‘ **
‘ **  Description:
‘ **    Adds a new local account to local Administrators group.
‘ **
‘ ************************************************************************
On Error Resume Next
‘ ** Set Constants for error messages
‘ ************************************************************************
SuccessAdmGroupAdd     = "The TechAcct account was added to the Administrators group."
SuccessAdmGroupCurrent = "The TechAcct account is already a member of the Administrators group."
SuccessAcctCreation    = "The TechAcct account creation succeeded."
SuccessUserFlagsSet    = "The TechAcct account properties modification succeeded."
FailureAdmGroupAdd     = "The TechAcct account was not added to the Administrators group."
FailureAcctNotExist    = "The TechAcct account does not exist."
FailurePermissions     = "The account executing the script does not have the needed permissions."
FailureAcctCreation    = "The TechAcct account creation failed."
FailureUserFlagsSet    = "The TechAcct account properties modification failed."
‘ ** Set up File System Object and create log
‘ ************************************************************************
Set fso = CreateObject("Scripting.FileSystemObject")
If Not fso.FolderExists("c:\support\logs") Then
  If Not fso.FolderExists("c:\support") Then
    fso.CreateFolder("c:\support")
    fso.CreateFolder("c:\support\logs")
  Else
    fso.CreateFolder("c:\support\logs")
  End if
End If
set logfile = fso.opentextfile("c:\support\logs\acctupd.log", 8, True)
‘ ** Determine Store Number, if not determinable default
‘ ** to full computer name
‘ ************************************************************************
set net = CreateObject("WScript.Network")
compname = net.ComputerName
If Len(compname) = 12 Then
  storenum = Mid(compname, 3, 5)
ElseIf Len(compname) = 13 Then
  storenum = Mid(compname, 4, 5)
Else
  storenum = compname
End If
logfile.writeline(storenum & "," & date & " " & time & "," & "AddLocalAdmin.VBS – Adds local TechAcct account to local Administrators group.")
Call Add_User_To_AdminGroup
logfile.writeblanklines(1)
logfile.close
MsgBox("Done.")
‘ ** Subroutine to Add User to Administrators Group
‘ ************************************************************************
Sub Add_User_To_AdminGroup
  On Error Resume Next
  err.Clear
  set group = GetObject("WinNT://" & compname & "/Administrators")
  group.add("WinNT://" & compname & "/TechAcct")
  If err.Number = 0 Then
    logfile.writeline(storenum & "," & date & " " & time & "," & SuccessAdmGroupAdd)
  ElseIf err.Number = -2147023518 Then
    logfile.writeline(storenum & "," & date & " " & time & "," & SuccessAdmGroupCurrent)
  ElseIf err.Number = -2147023509 Then
    logfile.writeline(storenum & "," & date & " " & time & "," & FailureAcctNotExist)
    Call Create_User
  ElseIf err.Number = -2147024891 Then
    logfile.writeline(storenum & "," & date & " " & time & "," & FailurePermissions)
  Else
    logfile.writeline(storenum & "," & date & " " & time & "," & FailureAdmGroupAdd & "," & err.number)
  End If
End Sub
‘ ** Subroutine to Create TechAcct User
‘ ************************************************************************
Sub Create_User
  On Error Resume Next
  AcctCreated = False
  err.Clear
  Set computer = GetObject("WinNT://" & compname)
  Set TechAcct = computer.create("user","TechAcct")
  TechAcct.setpassword "I94D.!JNm13$_z"  ‘ <—–Just some random junk, I reset the password further down
  TechAcct.setinfo
  If err.Number = 0 Then
    logfile.writeline(storenum & "," & date & " " & time & "," & SuccessAcctCreation)
    AcctCreated = True
  Else
    logfile.writeline(storenum & "," & date & " " & time & "," & FailureAcctCreation & "," & err.number)
  End If
 
  err.Clear
  ‘ Set property "User cannot change password" to Enabled
  UserCannotChangePW = "&H40"
  onsitetech.getinfo
  UserFlags = TechAcct.Get("userFlags")
  NewUserFlags = UserFlags Or UserCannotChangePW
  TechAcct.Put "userFlags", NewUserFlags
  TechAcct.setinfo
  If err.Number = 0 Then
    logfile.writeline(storenum & "," & date & " " & time & "," & SuccessUserFlagsSet)
  Else
    logfile.writeline(storenum & "," & date & " " & time & "," & FailureUserFlagsSet & "," & err.number)
  End If
 
  ‘ Set TechAcctPassword to most current password.
  If AcctCreated Then
    Set Shell = WScript.CreateObject("Wscript.Shell")
    Net.MapNetworkDrive "P:", "
\\servername\sharename$", False, "domain\acct", "password"
    Set PWReset = Shell.Exec("p:\pwreset\pwreset.exe")
    Do While PWReset.Status = 0
      WScript.Sleep 2000
    Loop
    Net.RemoveNetworkDrive "P:"
   
    Call Add_User_To_AdminGroup
  End If
End Sub
 
 
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s