BatchPatch Forums Home › Forums › BatchPatch Support Forum › Create a local user and add him to Administrators
- This topic has 3 replies, 2 voices, and was last updated 1 month ago by doug.
-
AuthorPosts
-
September 23, 2024 at 3:07 am #14287avichoParticipant
Hi there.
Can you please guide me how to use BatchPatch to create a local user and add him to the Administrators local group on a remote PC.
Thanks,
AviSeptember 23, 2024 at 2:16 pm #14288dougModeratorThis tutorial demonstrates how you can use BatchPatch to execute a script to modify local group membership on multiple computers:
Using BatchPatch to Modify Local Group Membership on Multiple Remote Computers
You can also use the same concept that is described in the tutorial above to create a local user account first. In the tutorial above we use the following command to add an account to the local administrators group:
net localgroup Administrators USERNAME /add
But you can use this command to first create a local account:
net user USERNAME PASSWORD /add
May 5, 2025 at 8:53 am #14393avichoParticipantHi,
thanks for your answer.Follow-up question – If I want first to create a user as you mentioned using this command:
net user USERNAME PASSWORD /add
Should I be worried regards the fact that when I run it remotely for number of servers (using BatchPatch of course :)) – the plain text password is going through the network and everyone can see it or can I rest assured that this traffic is secured (encrypted or something)?
May 5, 2025 at 3:31 pm #14395dougModeratorBatchPatch executes the command via PsExec. If you are using PsExec v2.1 or newer, network communication is encrypted. However, there are some things to still note:
1. On a modern LAN, even unencrypted traffic is NOT seen by everyone. Traffic in a switched LAN is sent only to the particular port on the switch where the destination computer is plugged in. Unless an attacker has direct access to the switch, the traffic can generally only be seen by the source and destination switch ports.
2. If you are logging command line activity of your computers (this is somewhat common at large enterprises), any commands that are sent to the command line (including the net user USERNAME PASSWORD /add command) would therefore be logged, including your command to set the password.
3. It’s always best to verify any concerns with your own eyes. You can review network traffic on the source and target computers by using an application like Wireshark to capture the traffic and then look at it.
-
AuthorPosts
- You must be logged in to reply to this topic.