Local Account Management Module 2.1

I am no longer maintaining this tool. Microsoft will provide cmdlets for Local Account Management in Server 2016 and there are rumors that the module will be also available for older operating systems. If someone wants to take over the project despite of this, I am happy to trans

 
 
 
 
 
4.8 Star
(74)
Add to favorites
4/21/2016
E-mail Twitter del.icio.us Digg Facebook
Sign in to ask a question


  • Issue registering the module
    4 Posts | Last post February 05, 2016
    • Hi there,
      I've spent the last few hours trying to get this module running and figured it was time to ask.
      
      I've tried on two machines; one a Server2008R2, and one a Windows7.
      I type 'import-module localaccounts'
      I get 'could not load file or assembly \LocalAccounts.dll or one of its dependencies.  Operation is not supported.  (Exception from HRESULT: 0x80131515)'
      
      Running powershell 3.0
      Running .NET 4.5
      Tried more than one version of the local account management module.
      
      Any suggestions?
      
      
    • Anyone have the answer to this issue?
      
      I am getting the same results as Ian...
    • Download the module again.  I had this issue and it turned out the download was corrupted.
    • I have downloaded the module multiple times and still get the above result.  I have tried unblocking the dll and registering it.  no luck.
  • Security2 Attachment
    1 Posts | Last post October 28, 2015
    • One of the attachments here is Security2, what is that for? Is it needed to run the LAM Module?
      
  • Disable-Enable
    2 Posts | Last post September 30, 2015
    • Thanks for module, Raimund.
      When I use cmdlet Enable-LocalUser to enable user named 'Superadmin', it writes "User 'Superadmin' has been _disabled_". So why "disabled", if it supposed to be "enabled"? May be this is just a typo?
    • Yes it is a typo.  I'm looking at the source code and looks like the warning message was copy and pasted.
  • why is this module still not available at the PowerShell Gallery?
    1 Posts | Last post July 29, 2015
    • It would be very convinient being able to install the module with Install-Module.
      
      Otherwise great lob,
      
      Regards,
      Peter
  • local users disable issue
    1 Posts | Last post November 18, 2014
    • hey raimund,
      
      thanks for all this help, but i am trying to disable local inactive users, its disabling all of them, even one user i just used day before.. 
      
      another point is that can we use some exception for disabling users ? ,like i don't want script to disable few users which are running scheduled tasks on same machine...but they never logged on
      
      Thanks Much
      Needz
  • New-LocalUser ERROR
    1 Posts | Last post May 26, 2014
    • Hi, I keep getting the "New_LocalUser: The Password does not meet the password policy requirements." I can create the user with the same password manually but getting this error when using the powershell script.
      Can you please help on solving this issue as this will help me a lot.
      Thank you very much.
      Oguz
  • Anyone else having issue with -Cred to use a different logon?
    3 Posts | Last post January 01, 2014
    • Greetings,
      
      I am attempting to use this module in order to set remote user account passwords and enable/disable accounts. In order to do that in a script file, I am constructing a credential to use with these commandlets. 
      
      So far, the script only passes the account that is running the script.
      
      I've tried to simply pass a string to -Cred and expected to be prompted for a password. Instead I received  the error :
      
      Get-LocalGroup : Cannot bind parameter 'Credential'. Cannot convert the "domain\xxxx" value of type "System.String"
       to type "System.Management.Automation.PSCredential".
      At line:1 char:63
      + get-localgroup -source remoteserver -Name Administrators -cred <<<<  domain\xxxx
          + CategoryInfo          : InvalidArgument: (:) [Get-LocalGroup], ParameterBindingException
          + FullyQualifiedErrorId : CannotConvertArgumentNoMessage,LocalAccounts.GetLocalGroup
      
      
      Has anyone used -Credential successfully?
      
      -Doug
    • I got into the source.. base.cs and changed the Credential Parameter to be :
      
              [Credential, Parameter(ValueFromPipelineByPropertyName = true)]
              public PSCredential Credential
              {
                  get { return credential; }
                  set { credential = value; }
              }
      
      Now when I pass it a string for domain\xxxx it pops a dialog asking for the password.
      
      However.. Tracing the security logs.. I see that it logs on once with the admin account that I use in the Credentials, but then logs in again as my non-admin account. I then get the access denied..
      
      Please help.
    • Im having the same issue - did you find a solution to this?
  • Get-LocalGroup returns 0 members
    1 Posts | Last post December 17, 2013
    • When I run get-localgroup against a remote machine, it returns 0 members. This runs fine, however, if I run this against a local machine. Other commands like Get-LocalUser etc work fine on the same remote machines. This is the command I'm running:
      
      Get-LocalGroup -Name Administrators -Source $RemoteHost -Credential $Cred -Verbose
      
      This is the Output:
      Name           Member Count Source                             Description                                                                
      ----           ------------ ------                             -----------                                                                
      Administrators 0            host.domain.com Administrators have complete and unrestricted access to the computer/domain
  • password does not meet complexity requirements
    5 Posts | Last post September 06, 2013
    • ya think and IT guy would get be able to figure out how to post a forum question. I'll try this for a 3rd time.
      
      The command I'm running is simple:
      New-LocalUser -Name Test1 -FullName Test1 -Password This1WillNotWork! -Description Testing -PasswordNeverExpires -CannotChangePassword -PassThru
      
      When I run the command I get:
      New-LocalUser : The password does not meet the password policy requirements. Check the minimum password length, password complexity and password history requirements.
      
      The password I set does meet the complexity requirements and if I use the local users and groups MMC console to create the account it works OK. The only difference I see in the security logs between the two attempts is that the GUI loggs computerName\userID and the New-LocalUser logs the SID.
      
      MMC Local Users and Groups:
      Security ID:  Computername\test1
      
      Using New-LocalUser the security log has the SID:
      Security ID:  S-1-5-21-00000000-0000000000-0000000000-12345
      
      I know the error is obvious but I've checked and double checked the password and if I copy that and paste it in the new user wizard in Users and Groups console it completes just fine. I'm stumped on what to try next.
      Any help is appreciated.
    • Not sure if there is a bug in this module but the script 'Local User Management Module' worked for me following this blog - 
      http://blogs.technet.com/b/heyscriptingguy/archive/2011/07/03/use-a-module-to-simplify-scripting-local-users-and-groups.aspx
    • Hi Brian,
      
      I am not sure what the trouble is on your side. I have just tried the same command you used and the result is as expected:
      
      PS C:\> New-LocalUser -Name Test1 -FullName Test1 -Password This1WillNotWork! -Description Testing -PasswordNeverExpires -CannotChangePassword -PassThru
      
      Name  FullName Source    Enabled Locked Out Description
      ----  -------- ------    ------- ---------- -----------
      Test1 Test1    RAANDREE0 True    False      Testing
      
      Do you get the problem on just one machine or on all your Computers?
      
      Thanks,
      Raimund
    • I experience the same issue with New-LocalUser if the local account policy is changed from the default, for example to require a minimum 8 character password. The issue is caused by the code saving the user with all the properties before calling set password.
      
                    user.Save();
                    user.SetPassword(password);
      
      This needs to be changed to:
      
                    user = new UserPrincipal(ctx);
                    user.SamAccountName = name;
                    user.SetPassword(password);
                    user.Save();
      
                    if.....
      
                    user.Save();
      
    • I also have policy in place that requires a complex password. 
      
      Brian.L.M's blog link does not work at this time.
      
      SeanDecker seems to know the problem.  Is there any way I can fix this?  Or, do I have to wait for Raimund Andree to fix it and release an update?
      
      
  • Automatically disable inactive accounts
    4 Posts | Last post September 03, 2013
    • Raimund,
      
      I am not an administrator.  I beg your pardon if I do not use the proper vernacular or nomenclature in describing my need.  
      The environment is Windows Server 2008, comprising 12 servers, and Active Directory is not implemented.  I'm looking for a script, I don't care if it is PowerShell, VBscript, or whatever so long as using it does not introduce new, unacceptable, risk/vulnerability to the environment.
      
      I need a way to automatically identify and disable user accounts that have been inactive for 90 days.   I find examples of Powershell scripts that can do this in Active Directory, but there is a paucity of information available for an environment that does not utilize AD.
      
      Thank you,
      
      Fergie
    • Hi,
      
      this should do it:
      
      Get-LocalUser -All | Where-Object { $_.LastLogon -lt (Get-Date).AddDays(-90) } | Disable-LocalUser
      
      I have just tried it on my local machine so please test it thoroughly.
      
      -Raimund
    • I tried this line of code:
      (Get-LocalUser -All | Where-Object { $_.LastLogon -lt (Get-Date).AddDays(-90) } | Disable-LocalUser
      ) 
      and I get this:
      Get-LocalUser : A parameter cannot be found that matches parameter name 'All'.
      At line:1 char:19
      + Get-LocalUser -All <<<<  | Where-Object { $_.LastLogon -lt (Get-Date).AddDays(-90) } | Disable-LocalUser
          + CategoryInfo          : InvalidArgument: (:) [Get-LocalUser], ParameterBindingException
          + FullyQualifiedErrorId : NamedParameterNotFound,Get-LocalUser
    • I have just tried the same and it works. However I found a typo as the Enable-LocalUser cmdlet also reports about disabling users.
      
      PS C:\> Get-LocalUser -All | Where-Object { $_.LastLogon -lt (Get-Date).AddDays(-90) } | Disable-LocalUser
      WARNING: User 'Admin' on computer 'CLIENT1' has been disabled
      WARNING: User 'Administrator' on computer 'CLIENT1' has been disabled
      WARNING: User 'Guest' on computer 'CLIENT1' has been disabled
      
      PS C:\> Get-LocalUser -All | Where-Object { $_.LastLogon -lt (Get-Date).AddDays(-90) } | Enable-LocalUser
      WARNING: User 'Admin' on computer 'CLIENT1' has been disabled
      WARNING: User 'Administrator' on computer 'CLIENT1' has been disabled
      WARNING: User 'Guest' on computer 'CLIENT1' has been disabled
1 - 10 of 21 Items