Create Local User Based on Serial Number

Posted on by

If you ever find yourself wanting to create a local user based on something super specific (like Serial Number) then this post is for you.

First you need your script:


#
#Created by Ami Casto Twitter:@MDTPro Blog:http://amicasto.com
#
#This script will create a local user account based on Serial Number, set the password to never expire, prevent user from changing the password, and add it to the Local Admin Group
#
#Make it all clean - this could be commented out if unwanted
#
$Error.clear() # Clear errors
$startupVariables=””
#
#Queries Win32_Bios for Serial Number and pulls out the serial number to return it on a single line which gets captured as a variable
#
$SN = gwmi win32_bios | Select-Object -Expandproperty SerialNumber
#
# $SN now equals the hardware's Serial Number and this variable is used to create a user account, set a password, and prevent that user from changing it
#
net user $SN P@ssw0rd /add /passwordchg:no
#
#This step sets the password to never expire
#
wmic useraccount where "name='$SN'" set passwordexpires=false
#
#This step adds the newly created account to the Local Admin group
#
net localgroup administrators $SN /add
#

Just copy/paste and save it as user.ps1 in the Scripts folder.

In MDT, open your preferred task sequence and create a new group where you would like the step to go.  Since this account is a local user and won’t be able to access anything specific to the deployment anyway, I’m adding the account near the end.

I've added the PowerShell script in a group I created for this step.
I’ve added the PowerShell script in a group I created for this step.

Notice that I call on it this way %SCRIPTROOT%\user.ps1 .  You could create a separate folder within the scripts folder, but you’ll have to remember to include that in the path as well, otherwise your deployment will fail.

And, Success!

Complete
It worked as expected – the user account matches what’s in the Serial Number property.

Disclaimer: It is very important that you pick a property that is short and doesn’t have special characters.  So I wouldn’t do this on a VM for example, I’d pick something from win32_bios such as model.

If you want to make this work on a Intel NUC, then you need to read my post about how to assign a Serial Number for your NUC.