Skip to main content

How to Create a Local User Account in Batch Script

Automating the setup of a new computer or creating standardized user accounts is a common administrative task. Instead of manually clicking through the user account settings, you can create a new local user directly from a batch script. The standard, built-in command-line utility for managing user accounts on a Windows machine is the powerful NET USER command.

This guide will teach you how to use the NET USER ... /ADD command to create new local users. You will learn how to set a password, configure password policies, and add the new user to local groups (like Administrators or Remote Desktop Users), all from within a single script.

The Core Command: NET USER ... /ADD

The NET USER command is the primary tool for adding, modifying, and deleting local user accounts. The /ADD switch is used to create a new account.

Syntax: NET USER <username> [password | *] /ADD [options]

  • <username>: The name for the new user account.
  • [password | *]: You can either provide the password directly in the script (less secure) or use * to make the script prompt for the password securely.
  • /ADD: The switch to create the account.
  • [options]: Additional switches to control password policies.

This command must be run with administrator privileges.

Basic Example: Creating a Simple User Account

This script creates a new local user named TempUser with a specified password. It must be run as an Administrator.

@ECHO OFF
ECHO --- Creating a New Local User ---
ECHO.

NET USER TempUser MyP@ssw0rd123 /ADD

IF %ERRORLEVEL% EQU 0 (
    ECHO [SUCCESS] User 'TempUser' was created successfully.
) ELSE (
    ECHO [FAILURE] The command failed. See error message above.
)

After running this, a new user named TempUser will be visible in the user accounts control panel.

Setting a Password and Password Policies

Providing a password in plain text within a script is a security risk. A better way is to have the script prompt for the password.

Prompting for a Password

Using an asterisk (*) in place of the password will make the NET USER command securely prompt for a password; the user's typing will not be displayed on screen.

ECHO Creating a new user. You will be prompted for a password.
NET USER NewUser * /ADD

Common Password Options

You can add switches to control the user's password settings.

  • /PASSWORDCHG:NO: The user cannot change their own password.
  • /PASSWORDREQ:YES: The user account must have a password.
  • /EXPIRES:NEVER: The password will not expire.
  • /LOGONPASSWORDCHG:YES: The user must change their password the next time they log on. This is a best practice for new accounts.

Example with options: NET USER TempUser MyP@ssw0rd123 /ADD /EXPIRES:NEVER /LOGONPASSWORDCHG:YES

Adding the User to a Local Group (e.g., Administrators)

Creating a user is often a two-step process. After creating the account, you usually need to add it to one or more local groups to grant it the correct permissions. This is done with the NET LOCALGROUP command.

This script first creates a user named TempAdmin and then adds that user to the built-in "Administrators" group.

@ECHO OFF
REM Run as Administrator.

ECHO Step 1: Creating the user account...
NET USER TempAdmin MyP@ssw0rd123 /ADD

ECHO.
ECHO Step 2: Adding the user to the Administrators group...
NET LOCALGROUP Administrators TempAdmin /ADD

ECHO.
ECHO --- Operation complete ---

How the NET USER Command Works

The NET USER command interacts directly with the local Security Account Manager (SAM) database. The SAM is a protected file on the local machine that stores all local user accounts and their password hashes. The NET USER command is a trusted interface to this database.

Common Pitfalls and How to Solve Them

Problem: "Access is denied." (Administrator Privileges)

This is the number one reason for failure.

Solution: The script must be run from an elevated command prompt. Right-click your .bat file or cmd.exe and select "Run as administrator."

Problem: The Password Doesn't Meet Policy Requirements

Windows has a password complexity policy (requiring uppercase, lowercase, numbers, symbols, and a minimum length). If the password you provide in the script doesn't meet these requirements, the command will fail.

Example of error message:

The password does not meet the password policy requirements.

Solution: Either provide a stronger password that meets the policy, or use the * to let the user enter a compliant password themselves.

Problem: The User Account Already Exists

If you try to create a user with a name that is already taken, the command will fail.

Example of error message:

The account already exists.

Solution: A robust script should check if the user exists before trying to create them.

NET USER "%UserName%" | FIND "The user name could not be found." > NUL
IF %ERRORLEVEL% EQU 0 (
    ECHO User does not exist. Creating...
    NET USER "%UserName%" ... /ADD
) ELSE (
    ECHO User already exists.
)

Practical Example: A "Create Standard User" Script

This script is a complete utility. It takes a username as a command-line argument, checks if it exists, securely prompts for a password, creates the user, and adds them to the standard "Users" and "Remote Desktop Users" groups.

@ECHO OFF
SETLOCAL
REM This script must be run as an Administrator.
SET "UserName=%~1"

IF "%UserName%"=="" (ECHO Usage: %~n0 <username> & GOTO :End)

ECHO --- Create New Standard User ---
ECHO Creating account for: %UserName%
ECHO.

REM --- Step 1: Check if user already exists ---
NET USER "%UserName%" > NUL 2> NUL
IF %ERRORLEVEL% EQU 0 (
    ECHO [FAILURE] The user account '%UserName%' already exists.
    GOTO :End
)

REM --- Step 2: Create the user, prompting for password ---
ECHO You will now be prompted to create a password for the new user.
NET USER "%UserName%" * /ADD /COMMENT:"Standard user account created by script." /EXPIRES:NEVER

IF %ERRORLEVEL% NEQ 0 (ECHO [FAILURE] Could not create user. & GOTO :End)
ECHO [SUCCESS] User account created.
ECHO.

REM --- Step 3: Add user to standard groups ---
ECHO Adding to 'Remote Desktop Users'...
NET LOCALGROUP "Remote Desktop Users" "%UserName%" /ADD
ECHO Adding to 'Users'...
NET LOCALGROUP "Users" "%UserName%" /ADD

ECHO.
ECHO --- User setup complete ---

:End
ENDLOCAL

Conclusion

The NET USER and NET LOCALGROUP commands are the essential, built-in tools for automating the creation of local user accounts.

Key takeaways for success:

  • You must run your script as an Administrator.
  • Use NET USER <username> <password> /ADD to create the account.
  • For better security, use NET USER <username> * /ADD to have the script prompt for a password.
  • Always check if the user already exists before trying to create them.
  • Follow up with NET LOCALGROUP <group> <username> /ADD to assign the necessary permissions.

Table of Contents