VBS Script – Create Local Administrator User Account Never Expires

The following script can be used to create a local user account and add it to the local Administrators group.

To use, change the strLocalUserName to the desired name and change PASSWORD to password for the account.

Please note, there is a limitation with the NET USER command where you are unable to set an account as ‘never expires’. The bottom part of the script works around this.

'---------------------------------------------------------------------
'
' The following script can be used to create a local
' user account and add it to the local Administrators
' group. To use, change the strLocalUserName to the desired
' name and change PASSWORD to password for the account.
'
' Please note, there is a limitation with the NET USER command
' where you are unable to set an account as 'never expires'.
' The bottom part of the script works arounds this.
'
'---------------------------------------------------------------------
Set objShell = CreateObject ("WScript.Shell")
Set Shell = Nothing
on error resume next
'---------------------------------------------------------------------
' Create local account
Set oWshNet = CreateObject("WScript.Network")
strComputer = oWshNet.ComputerName
strLocalUserName = "LocalAdmin"
strGroupname = "Administrators"
WScript.Sleep(900)
On Error Resume Next
Set objUser = GetObject("WinNT://" & strComputer & "/" & strLocalUserName & ",user")
If Err.Number <> 0 Then
' User account does not exist, create it.
objShell.Run "NET USER "&strLocalUserName&" PASSWORD /ADD " _
& "/ACTIVE:YES /COMMENT:""Local IT Support Account"" /FULLNAME:" _
& strLocalUserName &" /expires:never", 0, True
End If
On Error Resume Next ' Try again
Set objUser = GetObject("WinNT://" & strComputer & "/" & strLocalUserName & ",user")
If Err.Number = 0 Then
' Connect to the group
Set objGroup = GetObject("WinNT://" & strComputer & "/" & strGroupname)
' Add the user account to the group
' Use error handling in case it is a member already
On Error Resume Next
objGroup.Add(objUser.ADsPath)
WScript.sleep 600
objGroup.Add(objUser.ADsPath)
' Error -2147023518 is "The specified account name is already
' a member of the local group."
End If
'-----------------------------------------
' Set Account password to never expire
' This is done externally due to NET USER limitations
Const ufDONT_EXPIRE_PASSWD = &H10000
objUserFlags = objUser.Get("UserFlags")
if (objUserFlags And ufDONT_EXPIRE_PASSWD) = 0 then
objUserFlags = objUserFlags Or ufDONT_EXPIRE_PASSWD
objUser.Put "UserFlags", objUserFlags
objUser.SetInfo
end if

Was this article helpful?

Related Articles