Hi,
a short post. It describes how to create a new local Windows User account and add them to an existing local user group.
First of all, include the following references in your project:
using System.DirectoryServices; using System.Runtime.InteropServices;
Create a new User with local administrator rights.
// define Username and Password
const string USER_NAME = "NewAdmin";
char[] aPWchars = { 'P', 'a', 's', 's' , 'w', 'o', 'r', 'd'};
System.Security.SecureString oPW = new System.Security.SecureString();
foreach (char cChr in aPWchars) {
oPW.AppendChar(cChr);
}
// Get Computerobject via ADSI
DirectoryEntry oComputer = new DirectoryEntry("WinNT://" + Environment.MachineName + ",computer");
// New User
DirectoryEntry oNewUser = oComputer.Children.Add(USER_NAME, "user");
// define Pointer to a string
IntPtr pString = IntPtr.Zero;
// Pointer to password
pString = Marshal.SecureStringToGlobalAllocUnicode(oPW);
// Set password
oNewUser.Invoke("SetPassword", new object[] { Marshal.PtrToStringUni(pString) });
// Add a description
oNewUser.Invoke("Put", new object[] { "Description", "New Administrator" });
// Save changes
oNewUser.CommitChanges();
// Cleanup and free Password pointer
Marshal.ZeroFreeGlobalAllocUnicode(pString);
// Get Group
DirectoryEntry oGroup = oComputer.Children.Find("Administrators", "group");
// And add the recently created user
oGroup.Invoke("Add", new object[] { oNewUser.Path.ToString() });
Michael
This doesn’t provide any security at all… As soon as you call Marshal.PtrToStringUni(pString) you create a common .NET String instance which can’t be garbage collected anymore. This example provides just an illusion of security whichs is actually more dangerous than using a normal String.
Hi Michael. This snipped should just demonstrate how to add an administrator. Defining a hardcoded password is never a good idea but this let you copy the example in your project which then can be altered to your needs. Do you have a better way to set the password in program?