C#, Windows knowhow

Windows: Create a new local User Account and add them to a local group by using .NET and C#

2 Comments

Hi,

a short post. It describes how to create a new local Windows User account and add them to an existing local user group.

First of all, include the following references in your project:

1
2
using System.DirectoryServices;
using System.Runtime.InteropServices;

Create a new User with local administrator rights.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
// define Username and Password
const string USER_NAME = "NewAdmin";
char[] aPWchars = { 'P', 'a', 's', 's' , 'w', 'o', 'r', 'd'};
System.Security.SecureString oPW = new System.Security.SecureString();
foreach (char cChr in aPWchars) {
    oPW.AppendChar(cChr);
}
// Get Computerobject via ADSI
DirectoryEntry oComputer = new DirectoryEntry("WinNT://" + Environment.MachineName + ",computer");
// New User
DirectoryEntry oNewUser = oComputer.Children.Add(USER_NAME, "user");
// define Pointer to a string
IntPtr pString = IntPtr.Zero;
// Pointer to password
pString = Marshal.SecureStringToGlobalAllocUnicode(oPW);
// Set password
oNewUser.Invoke("SetPassword", new object[] { Marshal.PtrToStringUni(pString) });
// Add a description
oNewUser.Invoke("Put", new object[] { "Description", "New Administrator" });
// Save changes
oNewUser.CommitChanges();
// Cleanup and free Password pointer
Marshal.ZeroFreeGlobalAllocUnicode(pString);
// Get Group
DirectoryEntry oGroup = oComputer.Children.Find("Administrators", "group");
// And add the recently created user
oGroup.Invoke("Add", new object[] { oNewUser.Path.ToString() });

Michael

2 thoughts on “Windows: Create a new local User Account and add them to a local group by using .NET and C#”

  1. This doesn’t provide any security at all… As soon as you call Marshal.PtrToStringUni(pString) you create a common .NET String instance which can’t be garbage collected anymore. This example provides just an illusion of security whichs is actually more dangerous than using a normal String.

    1. Hi Michael. This snipped should just demonstrate how to add an administrator. Defining a hardcoded password is never a good idea but this let you copy the example in your project which then can be altered to your needs. Do you have a better way to set the password in program?

Leave a Reply