0

Trying the low-impact solution as mentioned in the post:

how can I programmatically cause a new windows users profile to be created

Suggestion was to run a command as that user using psexec.exe for Windows to create the profile:

psexec.exe -u <domain/user name for AD user> -p <password> cmd.exe /c exit

I'm running it local to the VM I've created. Getting the message :

PsExec could not start cmd.exe:
The user name or password is incorrect

Can someone give me insight into what I'm doing wrong? My purpose is to create the user folder in the C:\Users area based upon the AD user I set up, without them or me having to log in to toggle this user folder creation.

Mr R
  • 103
  • 1
  • 5
Pflipper
  • 1
  • 1
  • Hi @Pflipper could you use net user /add? I'm not sure about AD way of doing it but I often do `net user /add "USER" "PASSWD" /fullname "Hairy Mclairy"` – Mr R Apr 05 '21 at 21:04
  • Hi Mr R. I tried this option, even mentioned in the referred post, this does not cause the profile itself to be created. It does create the AD user, but I would like the actual user folder (C:\Users\) to be created without having to log in myself under this user, or have the user log on in order to create this. – Pflipper Apr 05 '21 at 23:16
  • Hmm - wierd - we do `net user /add` then change password expiry using `wmic useraccount` then do `net localgroup SPECIFICGROUP USER /add` .. I wouldn't have thought either of the last two would cause the user folder to be created ... Are you running on the box (we do via SSH and an appropriately privaleged user)? or remotely? – Mr R Apr 06 '21 at 01:01
  • I am running this directly on the server. – Pflipper Apr 06 '21 at 13:39
  • And the user gets created? if you do `net user SPECIFICUSER` do you get a dump showing anything? – Mr R Apr 06 '21 at 20:53
  • Yes, it shows a number of properties for the user. But again, I'm trying to create the user folder in the C:\Users area based upon the AD user I set up, without them or me having to log in to toggle this user folder creation. From what I see, net user /add does not do this. – Pflipper Apr 06 '21 at 22:07
  • This suggests it happens on first login - https://serverfault.com/questions/836797/windows-create-domain-users-home-directory-before-login – Mr R Apr 06 '21 at 22:57
  • Yes, it does. And the prior post referenced in my original question says that you can toggle it to occur prior to login by using the "psexec.exe ..." command referenced above. That's not working for me, and what I'm requesting help with. – Pflipper Apr 06 '21 at 23:31
  • You did the net user /add first? then the psexec? – Mr R Apr 06 '21 at 23:48
  • And the user running is I'm guessing needing to be an administrator? – Mr R Apr 06 '21 at 23:55
  • I am admin on this VM. And the user is added first. then psexec – Pflipper Apr 07 '21 at 00:02
  • Can you post EXACTLY what you typed - can remove the password but leave everything else EXACTLY as typed.. – Mr R Apr 07 '21 at 00:35
  • C:\Users\COC\Downloads\PSTools\psexec.exe -u COCUsers\COCP1 -p 123$abc cmd.exe /c exit.... password included – Pflipper Apr 07 '21 at 13:56
  • Perhaps @Pflipper you need to use the _local username_ in this case? (i.e. drop COCUsers\?).. – Mr R Apr 07 '21 at 22:02
  • Good morning Mr. R. COCP1 is a local user name. – Pflipper Apr 08 '21 at 13:10
  • I meant `-u COCP1` not `-u COCUsers\COCP1`? – Mr R Apr 08 '21 at 13:11
  • Yep, used them both. -u \ and -u . Same outcome. – Pflipper Apr 08 '21 at 13:45
  • What about quotes around the password? – Mr R Apr 08 '21 at 13:46
  • Tried as well. Are you familiar with psexec.exe? – Pflipper Apr 08 '21 at 13:53
  • sorry only what I've read here - https://docs.microsoft.com/en-us/sysinternals/downloads/psexec - and the linked article underneath it. It was written along time ago - I wonder whether it's now locked out because it was a vector for trojans ... – Mr R Apr 08 '21 at 14:09
  • OK, well thanks anyway. Seems you've thought of the same things I've thought of. Perhaps someone will weigh in with other suggestions based upon the error message. – Pflipper Apr 08 '21 at 14:28

2 Answers2

0

You might have a look at this ansible module - win_user_profile. The powershell script (which is the ansible module) can be found here: https://github.com/ansible-collections/community.windows/blob/3afe02165344bf46534a9b56766e68531addac43/plugins/modules/win_user_profile.ps1

Of interest to you would be lines 35-58 (where the Ansible.WinUserProfile.NativeMethods class is created) and 130 to 146ish. You could base your own process off of this, or at the very least it would point you in one direction to achieve what you seek.

Semicolon
  • 1,646
  • 7
  • 7
0

This is a bit old of a thread but I came upon it while looking for a way to create a user's profile folder structure properly during a new image build script for specific customization that were not possible by GPO etc.

If you run a remote powershell Invoke-Command with the user's credentials, it will build the user profile folder under C:\Users if it doesn't already exist and you can then manipulate it and also the HKCU registry keys as needed.

This command does nothing but the exit command, but will create the user's profile if it doesn't already exist:

Invoke-Command -ComputerName $computerVar -ScriptBlock {exit} -Credential $credentialVar

Obviously the user's creds have to have the rights to connect remotely, and the OS firewall can't be blocking said connections but otherwise, this command will do what you are looking for at least.

bdoc7329
  • 1