How to Create a Local Admin Account Using PowerShell?

Recently, I got a requirement to create local admin accounts on Windows machines. It is easy to make these local admin accounts using Microsoft PowerShell. In this tutorial, I will explain how to create a local admin account using PowerShell with some examples.

Note: You need administrator access to the computer where you want to create the local admin account.

Table of Contents

Create a Local Admin Account using PowerShell in Windows

Now, let me show you how to create a local admin account using PowerShell step by step.

Step 1: Open PowerShell with Administrative Privileges

To create a local admin account, you need to run PowerShell as an administrator. Follow these steps:

Press Windows + X and select Windows PowerShell (Admin) or Windows Terminal (Admin).
Click Yes on the User Account Control (UAC) prompt to allow PowerShell to make changes to your device.

Check out Create a Registry Key with PowerShell If It Does Not Exist

Step 2: Create a New Local User Account

Use the New-LocalUser cmdlet to create a new local user account. In this example, we will create a user named “JohnDoe” with a password.

$Password = Read-Host -AsSecureString "Enter the password for the new user"
New-LocalUser -Name "JohnDoe" -Password $Password -FullName "John Doe" -Description "Local Administrator Account"

This command creates a new local user account with the specified name, password, full name, and description. The Read-Host -AsSecureString cmdlet prompts you to enter the password securely.

Step 3: Add the New User to the Administrators Group

To grant administrative privileges to the new user, you need to add the user to the Administrators group. Use the Add-LocalGroupMember cmdlet for this purpose.

Add-LocalGroupMember -Group "Administrators" -Member "JohnDoe"

This command adds the user “JohnDoe” to the Administrators group, giving them administrative rights on the local machine.

Step 4: Verify the New Local Admin Account

To ensure that the new local admin account has been created successfully, you can list the members of the Administrators group.

Get-LocalGroupMember -Group "Administrators"

This command displays all members of the Administrators group, allowing you to verify that “JohnDoe” is included.

Check out Get Windows Event Logs using PowerShell

Example: Creating a Local Admin Account for a Specific Task

Let’s consider a scenario where you need to create a local admin account for a temporary project. The user, “JaneSmith,” will have administrative privileges to install software and configure settings for the duration of the project.

Step 1: Create the User Account

$Password = ConvertTo-SecureString "P@ssw0rd123" -AsPlainText -Force
New-LocalUser -Name "JaneSmith" -Password $Password -FullName "Jane Smith" -Description "Temporary Project Admin"

In this example, we use ConvertTo-SecureString to convert the password to a secure string. This command creates a new user account named “JaneSmith.”

Step 2: Add the User to the Administrators Group

Add-LocalGroupMember -Group "Administrators" -Member "JaneSmith"

This command grants administrative privileges to “JaneSmith.”

Step 3: Set an Expiration Date for the Account

If the account is only needed temporarily, you can set an expiration date using the Set-LocalUser cmdlet.

Set-LocalUser -Name "JaneSmith" -AccountExpires (Get-Date).AddDays(30)

This command sets the account to expire 30 days from the current date.

Check out Retrieve Your Windows Product Key Using PowerShell

Create Multiple Local Admin Accounts

If you need to create multiple local admin accounts, you can use a PowerShell script to automate the process. Here’s an example script that creates three local admin accounts.

$Users = @(
    @{Name="AliceJohnson"; FullName="Alice Johnson"; Password="SecureP@ss1"},
    @{Name="BobWilliams"; FullName="Bob Williams"; Password="SecureP@ss2"},
    @{Name="CharlieBrown"; FullName="Charlie Brown"; Password="SecureP@ss3"}
)

foreach ($User in $Users) {
    $Password = ConvertTo-SecureString $User.Password -AsPlainText -Force
    New-LocalUser -Name $User.Name -Password $Password -FullName $User.FullName -Description "Local Admin Account"
    Add-LocalGroupMember -Group "Administrators" -Member $User.Name
}

This script creates three local admin accounts: AliceJohnson, BobWilliams, and CharlieBrown. Each user is added to the Administrators group.

Troubleshooting Common Issues

Here are a few common issues I faced while creating a local admin account in PowerShell. Incase you get these errors, you can follow the solutions below.

Issue: Access Denied

If you encounter an “Access Denied” error, ensure that you are running PowerShell with administrative privileges. Right-click on the PowerShell icon and select Run as administrator.

Issue: User Already Exists

If the user already exists, you will receive an error message. You can check for existing users with the following command:

Get-LocalUser

This command lists all local users on the system. If the user exists, consider renaming the new user or deleting the existing one.

Issue: Password Complexity Requirements

Ensure that the password meets the complexity requirements set by your organization or local security policy. Typically, a strong password includes a mix of uppercase and lowercase letters, numbers, and special characters.

Conclusion

In this tutorial, I explained how to create a local admin account using PowerShell in a Windows system. I have also shown how to create multiple user accounts.