Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Local user account created with Powershell is NOT shown in settings "Family & Other people"

I am working on Windows 10 Assigned Access for Desktop for version 1607.

Mission: I need to get Assigned Access to work with Powershell.

Steps done: I create a new LocalUser account with New-LocalUser and I enable the account with Enable-LocalUser. To check if the account is added, I run Get-LocalUser and see that the account is created (see attachment).

Issue: To double check I go to the PC settings for Accounts-Family & other people, but I cannot see the new local user account "KioskTest".

I have restarted the computer but the account is not added to "Family & Other people".

I have spent some time on this and I would really appreciate your help, How can I make sure that the added Local user "KioskTest" is shown in the PC Accounts settings-Family & other people, when using Powershell?

I can Set-AssignedAccess, when I do Get-AssignedAccess I can see that it is there. Trouble is, I cannot login to the local user account because I cannot find the account in the settings for the PC.

It's like powershell has "hidden" the local user account from my client computer!!!

ADDED information + updated images: After some trial and error I found out the following:

  • Using NET USER username password/ADD --works perfectly! I can find the user account and login as a customer would. The account is part of the LocalGroupMember
  • The local user account created with New-LocalUser with Powershell does NOT appear in the PC account settings BUT if you click on set assigned access in the Family & other people the system finds the local user account (see attachment). However you cannot login to the account as it seemingly does not have a group membership! Not great for testing :(

Thanks for taking the time, Karina

See attachment: Powershell Get-AssignedAccess PC Account settings Family & other people

like image 589
pixelmybit Avatar asked Sep 21 '16 09:09

pixelmybit


People also ask

How to set the local user account settings using PowerShell?

How to set the local user account settings using PowerShell? To set the local user account settings related to the account or the password expiration, we can use the Set-LocalUser command. The below command will change the local user Testuser account and password set to never expire.

How to add users to a local group with PowerShell?

To make the user member of a group we are going to use the Add-LocalGroupMember cmdlet. The Add-LocalGroupMember only requires the group name and the member that you want to add: The cmdlet doesn’t give any output on success, only an error when the group name or member isn’t found. You can also add multiple users to a local group with PowerShell.

How do I view the members of a group in PowerShell?

To view the members of a specific group, use the Get-LocalGroupMember cmdlet. For example, to figure out who is a member of the local Administrators group, run the command Get-LocalGroupMember Administrators. You can create a new local user using the New-LocalUser cmdlet.

How to create a local user in Active Directory?

There are two methods to create a local user account. You can use net user, or you can use Active Directory Service Interfaces (ADSI). Of course, you can still use the graphical tool seen in the following figure. We will use ADSI to create local users and groups.


2 Answers

In my case it was a group membership issue. I have created some users with powershell new-localuser, but they did not show up in any GUI and I was unable to log on. The users were only visible in powershell with get-localuser and lusmgr. In settings, control panel 'user accounts' and login screen they did not show up.

I just had to add the new users to the local 'users' group. Once this was done, the new users were visible in all settings and available for login. I was unaware of that local security policy (local policy/user rights assignment/allow log on locally) restricting login to 'Guest,Administrators,Users,Backup Operators'. Either add the users to one of these groups or add them to the local security policy.
like image 51
user11809149 Avatar answered Oct 08 '22 05:10

user11809149


This isn't really a PowerShell issue and might be better suited for SuperUser. But I would guess that this is an issue with group membership. Unfortunately get-localuser doesn't give membership. So something like this would be the PowerShell way to check which user objects belong to which local groups.

Get-Localgroup | % { "`n$($_.name)`n"; get-localgroupmember $_}

Then check through which groups other user objects are a member of and add the KioskTest account to that group using this:

Add-LocalGroupMember -Group "ExampleGroup" -Member "KioskTest"
like image 1
BenH Avatar answered Oct 08 '22 05:10

BenH