How can I programmatically cause a new Windows user's profile to be created?
I'm creating a (local) user for a Windows service to run as. I've got good reasons for not wanting to use NETWORK SERVICE, LOCAL SERVICE, or LOCAL SYSTEM.
I create the user via net user foobar "Abcd123!" /add
- this works fine.
At this point, c:usersfoobar
does not exist.
If I create the user's home directory, before the user either logs on (or, more pertinently) or the service that the user is for starts up, Windows creates a user-profile next-door called c:usersfoobar-{gibberish/SID/whatever}
- this is not a predictable name.
I need the user's home directory to contain things like a .ssh
directory, a .gitconfig
- tools like that (not limited to those tools) that make assumptions that it'll be a person using them, and so user-configuration goes inside ~/...
. Usually, tools from a Unix heritage.
Actual question
So - is there a programmatic (preferably, PowerShell, or out-of-the-box command-line) way to tell Windows to create the user-profile for a local user?
Or, any other workarounds?
Things I've yet to try:
- An NSSM start/pre hook that copies files from elsewhere into the user-profile directory that hopefully exists at this point by virtue of Windows starting the service, creating the user-profile then handing control to the NSSM wrapper running the hook before startup.
- Setting the USERPROFILE environment variable for the service to be somewhere other than the actual user-profile directory. This strikes me as dangerously off-piste but also might work fine.
Other context:
- Windows Server 2016, desktop experience.
- Can't use Core/Nano.
- There is no active directory in play. There won't be.
- These are local users.
- I'm doing this via Ansible, which is using PowerShell under the hood for Windows things. Specifically the win_user module, with Ansible 2.7.5.
- I don't want to create a
C:usersdefault
(the equivalent of/etc/skel
), because there are a few different service-users and one size won't fit all. This also doesn't affect when the user-profile is created, just what will be in it when it is. - I'm using NSSM to manage the services.
Things I've tried
- starting the service and allowing Windows to create the directory
- I don't want to do this, because the service requires secrets before starting up, and so if I do this inside my image-baking process I'll then need to clean them up, and also make sure my service doesn't do any work during the baking phase. I want to avoid both of those fiddly bits.
windows powershell windows-service
add a comment |
I'm creating a (local) user for a Windows service to run as. I've got good reasons for not wanting to use NETWORK SERVICE, LOCAL SERVICE, or LOCAL SYSTEM.
I create the user via net user foobar "Abcd123!" /add
- this works fine.
At this point, c:usersfoobar
does not exist.
If I create the user's home directory, before the user either logs on (or, more pertinently) or the service that the user is for starts up, Windows creates a user-profile next-door called c:usersfoobar-{gibberish/SID/whatever}
- this is not a predictable name.
I need the user's home directory to contain things like a .ssh
directory, a .gitconfig
- tools like that (not limited to those tools) that make assumptions that it'll be a person using them, and so user-configuration goes inside ~/...
. Usually, tools from a Unix heritage.
Actual question
So - is there a programmatic (preferably, PowerShell, or out-of-the-box command-line) way to tell Windows to create the user-profile for a local user?
Or, any other workarounds?
Things I've yet to try:
- An NSSM start/pre hook that copies files from elsewhere into the user-profile directory that hopefully exists at this point by virtue of Windows starting the service, creating the user-profile then handing control to the NSSM wrapper running the hook before startup.
- Setting the USERPROFILE environment variable for the service to be somewhere other than the actual user-profile directory. This strikes me as dangerously off-piste but also might work fine.
Other context:
- Windows Server 2016, desktop experience.
- Can't use Core/Nano.
- There is no active directory in play. There won't be.
- These are local users.
- I'm doing this via Ansible, which is using PowerShell under the hood for Windows things. Specifically the win_user module, with Ansible 2.7.5.
- I don't want to create a
C:usersdefault
(the equivalent of/etc/skel
), because there are a few different service-users and one size won't fit all. This also doesn't affect when the user-profile is created, just what will be in it when it is. - I'm using NSSM to manage the services.
Things I've tried
- starting the service and allowing Windows to create the directory
- I don't want to do this, because the service requires secrets before starting up, and so if I do this inside my image-baking process I'll then need to clean them up, and also make sure my service doesn't do any work during the baking phase. I want to avoid both of those fiddly bits.
windows powershell windows-service
1
Have you checked the optionsnet user
has (e.g./HOMEDIR
or/PROFILEPATH
)? . Seenet user /help
. From my (untested) understanding, you can create a directory for the user, and set this as homedir with the/HOMEDIR
switch.
– Sven♦
Dec 28 '18 at 14:37
May I ask what use case do you have that avoids Active Directory? Things would be much easier with AD. Just curious.
– Ondrej Tucny
Dec 28 '18 at 17:15
I'm avoiding AD because the machines are ephemeral; lifetimes are measured in hours, not days. The machines are hosting clean-room build-environments. Juggling machines in and out of an AD as they come and go is simply not worth it (see also medium.com/palantir/active-directory-as-code-e9666a2e548d if you're interested to do it).
– Peter Mounce
5 hours ago
@Sven yes - sadly neither of those cause the profile itself to be created, even if they set the path.
– Peter Mounce
5 hours ago
add a comment |
I'm creating a (local) user for a Windows service to run as. I've got good reasons for not wanting to use NETWORK SERVICE, LOCAL SERVICE, or LOCAL SYSTEM.
I create the user via net user foobar "Abcd123!" /add
- this works fine.
At this point, c:usersfoobar
does not exist.
If I create the user's home directory, before the user either logs on (or, more pertinently) or the service that the user is for starts up, Windows creates a user-profile next-door called c:usersfoobar-{gibberish/SID/whatever}
- this is not a predictable name.
I need the user's home directory to contain things like a .ssh
directory, a .gitconfig
- tools like that (not limited to those tools) that make assumptions that it'll be a person using them, and so user-configuration goes inside ~/...
. Usually, tools from a Unix heritage.
Actual question
So - is there a programmatic (preferably, PowerShell, or out-of-the-box command-line) way to tell Windows to create the user-profile for a local user?
Or, any other workarounds?
Things I've yet to try:
- An NSSM start/pre hook that copies files from elsewhere into the user-profile directory that hopefully exists at this point by virtue of Windows starting the service, creating the user-profile then handing control to the NSSM wrapper running the hook before startup.
- Setting the USERPROFILE environment variable for the service to be somewhere other than the actual user-profile directory. This strikes me as dangerously off-piste but also might work fine.
Other context:
- Windows Server 2016, desktop experience.
- Can't use Core/Nano.
- There is no active directory in play. There won't be.
- These are local users.
- I'm doing this via Ansible, which is using PowerShell under the hood for Windows things. Specifically the win_user module, with Ansible 2.7.5.
- I don't want to create a
C:usersdefault
(the equivalent of/etc/skel
), because there are a few different service-users and one size won't fit all. This also doesn't affect when the user-profile is created, just what will be in it when it is. - I'm using NSSM to manage the services.
Things I've tried
- starting the service and allowing Windows to create the directory
- I don't want to do this, because the service requires secrets before starting up, and so if I do this inside my image-baking process I'll then need to clean them up, and also make sure my service doesn't do any work during the baking phase. I want to avoid both of those fiddly bits.
windows powershell windows-service
I'm creating a (local) user for a Windows service to run as. I've got good reasons for not wanting to use NETWORK SERVICE, LOCAL SERVICE, or LOCAL SYSTEM.
I create the user via net user foobar "Abcd123!" /add
- this works fine.
At this point, c:usersfoobar
does not exist.
If I create the user's home directory, before the user either logs on (or, more pertinently) or the service that the user is for starts up, Windows creates a user-profile next-door called c:usersfoobar-{gibberish/SID/whatever}
- this is not a predictable name.
I need the user's home directory to contain things like a .ssh
directory, a .gitconfig
- tools like that (not limited to those tools) that make assumptions that it'll be a person using them, and so user-configuration goes inside ~/...
. Usually, tools from a Unix heritage.
Actual question
So - is there a programmatic (preferably, PowerShell, or out-of-the-box command-line) way to tell Windows to create the user-profile for a local user?
Or, any other workarounds?
Things I've yet to try:
- An NSSM start/pre hook that copies files from elsewhere into the user-profile directory that hopefully exists at this point by virtue of Windows starting the service, creating the user-profile then handing control to the NSSM wrapper running the hook before startup.
- Setting the USERPROFILE environment variable for the service to be somewhere other than the actual user-profile directory. This strikes me as dangerously off-piste but also might work fine.
Other context:
- Windows Server 2016, desktop experience.
- Can't use Core/Nano.
- There is no active directory in play. There won't be.
- These are local users.
- I'm doing this via Ansible, which is using PowerShell under the hood for Windows things. Specifically the win_user module, with Ansible 2.7.5.
- I don't want to create a
C:usersdefault
(the equivalent of/etc/skel
), because there are a few different service-users and one size won't fit all. This also doesn't affect when the user-profile is created, just what will be in it when it is. - I'm using NSSM to manage the services.
Things I've tried
- starting the service and allowing Windows to create the directory
- I don't want to do this, because the service requires secrets before starting up, and so if I do this inside my image-baking process I'll then need to clean them up, and also make sure my service doesn't do any work during the baking phase. I want to avoid both of those fiddly bits.
windows powershell windows-service
windows powershell windows-service
edited Dec 28 '18 at 22:46
Peter Mortensen
2,09742124
2,09742124
asked Dec 28 '18 at 14:07
Peter Mounce
72141126
72141126
1
Have you checked the optionsnet user
has (e.g./HOMEDIR
or/PROFILEPATH
)? . Seenet user /help
. From my (untested) understanding, you can create a directory for the user, and set this as homedir with the/HOMEDIR
switch.
– Sven♦
Dec 28 '18 at 14:37
May I ask what use case do you have that avoids Active Directory? Things would be much easier with AD. Just curious.
– Ondrej Tucny
Dec 28 '18 at 17:15
I'm avoiding AD because the machines are ephemeral; lifetimes are measured in hours, not days. The machines are hosting clean-room build-environments. Juggling machines in and out of an AD as they come and go is simply not worth it (see also medium.com/palantir/active-directory-as-code-e9666a2e548d if you're interested to do it).
– Peter Mounce
5 hours ago
@Sven yes - sadly neither of those cause the profile itself to be created, even if they set the path.
– Peter Mounce
5 hours ago
add a comment |
1
Have you checked the optionsnet user
has (e.g./HOMEDIR
or/PROFILEPATH
)? . Seenet user /help
. From my (untested) understanding, you can create a directory for the user, and set this as homedir with the/HOMEDIR
switch.
– Sven♦
Dec 28 '18 at 14:37
May I ask what use case do you have that avoids Active Directory? Things would be much easier with AD. Just curious.
– Ondrej Tucny
Dec 28 '18 at 17:15
I'm avoiding AD because the machines are ephemeral; lifetimes are measured in hours, not days. The machines are hosting clean-room build-environments. Juggling machines in and out of an AD as they come and go is simply not worth it (see also medium.com/palantir/active-directory-as-code-e9666a2e548d if you're interested to do it).
– Peter Mounce
5 hours ago
@Sven yes - sadly neither of those cause the profile itself to be created, even if they set the path.
– Peter Mounce
5 hours ago
1
1
Have you checked the options
net user
has (e.g. /HOMEDIR
or /PROFILEPATH
)? . See net user /help
. From my (untested) understanding, you can create a directory for the user, and set this as homedir with the /HOMEDIR
switch.– Sven♦
Dec 28 '18 at 14:37
Have you checked the options
net user
has (e.g. /HOMEDIR
or /PROFILEPATH
)? . See net user /help
. From my (untested) understanding, you can create a directory for the user, and set this as homedir with the /HOMEDIR
switch.– Sven♦
Dec 28 '18 at 14:37
May I ask what use case do you have that avoids Active Directory? Things would be much easier with AD. Just curious.
– Ondrej Tucny
Dec 28 '18 at 17:15
May I ask what use case do you have that avoids Active Directory? Things would be much easier with AD. Just curious.
– Ondrej Tucny
Dec 28 '18 at 17:15
I'm avoiding AD because the machines are ephemeral; lifetimes are measured in hours, not days. The machines are hosting clean-room build-environments. Juggling machines in and out of an AD as they come and go is simply not worth it (see also medium.com/palantir/active-directory-as-code-e9666a2e548d if you're interested to do it).
– Peter Mounce
5 hours ago
I'm avoiding AD because the machines are ephemeral; lifetimes are measured in hours, not days. The machines are hosting clean-room build-environments. Juggling machines in and out of an AD as they come and go is simply not worth it (see also medium.com/palantir/active-directory-as-code-e9666a2e548d if you're interested to do it).
– Peter Mounce
5 hours ago
@Sven yes - sadly neither of those cause the profile itself to be created, even if they set the path.
– Peter Mounce
5 hours ago
@Sven yes - sadly neither of those cause the profile itself to be created, even if they set the path.
– Peter Mounce
5 hours ago
add a comment |
2 Answers
2
active
oldest
votes
Windows can create a user-profile on-demand, using the CreateProfile API
However, if don't want to create an executable to perform this operation, you can call the API in PowerShell. Others have already done it: example on github.
Relevant part of the code:
$methodName = 'UserEnvCP'
$script:nativeMethods = @();
Register-NativeMethod "userenv.dll" "int CreateProfile([MarshalAs(UnmanagedType.LPWStr)] string pszUserSid,`
[MarshalAs(UnmanagedType.LPWStr)] string pszUserName,`
[Out][MarshalAs(UnmanagedType.LPWStr)] StringBuilder pszProfilePath, uint cchProfilePath)";
Add-NativeMethods -typeName $MethodName;
$localUser = New-Object System.Security.Principal.NTAccount("$UserName");
$userSID = $localUser.Translate([System.Security.Principal.SecurityIdentifier]);
$sb = new-object System.Text.StringBuilder(260);
$pathLen = $sb.Capacity;
Write-Verbose "Creating user profile for $Username";
try
{
[UserEnvCP]::CreateProfile($userSID.Value, $Username, $sb, $pathLen) | Out-Null;
}
catch
{
Write-Error $_.Exception.Message;
break;
}
add a comment |
All you need to do is run a command as that user, Windows will create the profile:
psexec.exe -u foobar -p Abcd123! cmd.exe /c exit
https://docs.microsoft.com/en-us/sysinternals/downloads/psexec
1
So what's happening here ispsexec
supposed to connect to localhost under username and password specified with-u
and-p
and launchcmd
just to exit immediately. Did I miss anything ? This sounds somewhat counterintuitive - connecting to system with nonexistent username and password should be an error. How does that work ?
– Sergiy Kolodyazhnyy
Dec 29 '18 at 1:13
1
@SergiyKolodyazhnyy: Why do you think that's a nonexistent username and password? It's the same one used in the question, obviously as an example...
– Ben Voigt
Dec 29 '18 at 3:41
1
@BenVoigt Well, I've missed the top part of the question. I thought OP wanted to create the user as well and that's what this answer was supposed to do. So that last part of the comment is a misunderstanding.
– Sergiy Kolodyazhnyy
Dec 29 '18 at 4:09
@BenVoigt Though I do still have a question. OP mentioned " I don't want to create C:usersdefault". So where would the user's profile come from when this method is used and how would Windows know to create specific pre-configured directories if not fromC:usersdefaults
?
– Sergiy Kolodyazhnyy
Dec 29 '18 at 4:11
1
@SergiyKolodyazhnyy: Pretty sure OP means he doesn't want to customize C:UsersDefault ... not that it will be entirely missing. Windows will create the home directory C:Usersfoobar by copying from the plain vanilla C:Usersdefault, then once it exists OP can apply his special sauce to C:Usersfoobar where it won't affect any other users.
– Ben Voigt
Dec 29 '18 at 5:40
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f946882%2fhow-can-i-programmatically-cause-a-new-windows-users-profile-to-be-created%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
Windows can create a user-profile on-demand, using the CreateProfile API
However, if don't want to create an executable to perform this operation, you can call the API in PowerShell. Others have already done it: example on github.
Relevant part of the code:
$methodName = 'UserEnvCP'
$script:nativeMethods = @();
Register-NativeMethod "userenv.dll" "int CreateProfile([MarshalAs(UnmanagedType.LPWStr)] string pszUserSid,`
[MarshalAs(UnmanagedType.LPWStr)] string pszUserName,`
[Out][MarshalAs(UnmanagedType.LPWStr)] StringBuilder pszProfilePath, uint cchProfilePath)";
Add-NativeMethods -typeName $MethodName;
$localUser = New-Object System.Security.Principal.NTAccount("$UserName");
$userSID = $localUser.Translate([System.Security.Principal.SecurityIdentifier]);
$sb = new-object System.Text.StringBuilder(260);
$pathLen = $sb.Capacity;
Write-Verbose "Creating user profile for $Username";
try
{
[UserEnvCP]::CreateProfile($userSID.Value, $Username, $sb, $pathLen) | Out-Null;
}
catch
{
Write-Error $_.Exception.Message;
break;
}
add a comment |
Windows can create a user-profile on-demand, using the CreateProfile API
However, if don't want to create an executable to perform this operation, you can call the API in PowerShell. Others have already done it: example on github.
Relevant part of the code:
$methodName = 'UserEnvCP'
$script:nativeMethods = @();
Register-NativeMethod "userenv.dll" "int CreateProfile([MarshalAs(UnmanagedType.LPWStr)] string pszUserSid,`
[MarshalAs(UnmanagedType.LPWStr)] string pszUserName,`
[Out][MarshalAs(UnmanagedType.LPWStr)] StringBuilder pszProfilePath, uint cchProfilePath)";
Add-NativeMethods -typeName $MethodName;
$localUser = New-Object System.Security.Principal.NTAccount("$UserName");
$userSID = $localUser.Translate([System.Security.Principal.SecurityIdentifier]);
$sb = new-object System.Text.StringBuilder(260);
$pathLen = $sb.Capacity;
Write-Verbose "Creating user profile for $Username";
try
{
[UserEnvCP]::CreateProfile($userSID.Value, $Username, $sb, $pathLen) | Out-Null;
}
catch
{
Write-Error $_.Exception.Message;
break;
}
add a comment |
Windows can create a user-profile on-demand, using the CreateProfile API
However, if don't want to create an executable to perform this operation, you can call the API in PowerShell. Others have already done it: example on github.
Relevant part of the code:
$methodName = 'UserEnvCP'
$script:nativeMethods = @();
Register-NativeMethod "userenv.dll" "int CreateProfile([MarshalAs(UnmanagedType.LPWStr)] string pszUserSid,`
[MarshalAs(UnmanagedType.LPWStr)] string pszUserName,`
[Out][MarshalAs(UnmanagedType.LPWStr)] StringBuilder pszProfilePath, uint cchProfilePath)";
Add-NativeMethods -typeName $MethodName;
$localUser = New-Object System.Security.Principal.NTAccount("$UserName");
$userSID = $localUser.Translate([System.Security.Principal.SecurityIdentifier]);
$sb = new-object System.Text.StringBuilder(260);
$pathLen = $sb.Capacity;
Write-Verbose "Creating user profile for $Username";
try
{
[UserEnvCP]::CreateProfile($userSID.Value, $Username, $sb, $pathLen) | Out-Null;
}
catch
{
Write-Error $_.Exception.Message;
break;
}
Windows can create a user-profile on-demand, using the CreateProfile API
However, if don't want to create an executable to perform this operation, you can call the API in PowerShell. Others have already done it: example on github.
Relevant part of the code:
$methodName = 'UserEnvCP'
$script:nativeMethods = @();
Register-NativeMethod "userenv.dll" "int CreateProfile([MarshalAs(UnmanagedType.LPWStr)] string pszUserSid,`
[MarshalAs(UnmanagedType.LPWStr)] string pszUserName,`
[Out][MarshalAs(UnmanagedType.LPWStr)] StringBuilder pszProfilePath, uint cchProfilePath)";
Add-NativeMethods -typeName $MethodName;
$localUser = New-Object System.Security.Principal.NTAccount("$UserName");
$userSID = $localUser.Translate([System.Security.Principal.SecurityIdentifier]);
$sb = new-object System.Text.StringBuilder(260);
$pathLen = $sb.Capacity;
Write-Verbose "Creating user profile for $Username";
try
{
[UserEnvCP]::CreateProfile($userSID.Value, $Username, $sb, $pathLen) | Out-Null;
}
catch
{
Write-Error $_.Exception.Message;
break;
}
answered Dec 28 '18 at 14:52
Swisstone
1,7041817
1,7041817
add a comment |
add a comment |
All you need to do is run a command as that user, Windows will create the profile:
psexec.exe -u foobar -p Abcd123! cmd.exe /c exit
https://docs.microsoft.com/en-us/sysinternals/downloads/psexec
1
So what's happening here ispsexec
supposed to connect to localhost under username and password specified with-u
and-p
and launchcmd
just to exit immediately. Did I miss anything ? This sounds somewhat counterintuitive - connecting to system with nonexistent username and password should be an error. How does that work ?
– Sergiy Kolodyazhnyy
Dec 29 '18 at 1:13
1
@SergiyKolodyazhnyy: Why do you think that's a nonexistent username and password? It's the same one used in the question, obviously as an example...
– Ben Voigt
Dec 29 '18 at 3:41
1
@BenVoigt Well, I've missed the top part of the question. I thought OP wanted to create the user as well and that's what this answer was supposed to do. So that last part of the comment is a misunderstanding.
– Sergiy Kolodyazhnyy
Dec 29 '18 at 4:09
@BenVoigt Though I do still have a question. OP mentioned " I don't want to create C:usersdefault". So where would the user's profile come from when this method is used and how would Windows know to create specific pre-configured directories if not fromC:usersdefaults
?
– Sergiy Kolodyazhnyy
Dec 29 '18 at 4:11
1
@SergiyKolodyazhnyy: Pretty sure OP means he doesn't want to customize C:UsersDefault ... not that it will be entirely missing. Windows will create the home directory C:Usersfoobar by copying from the plain vanilla C:Usersdefault, then once it exists OP can apply his special sauce to C:Usersfoobar where it won't affect any other users.
– Ben Voigt
Dec 29 '18 at 5:40
add a comment |
All you need to do is run a command as that user, Windows will create the profile:
psexec.exe -u foobar -p Abcd123! cmd.exe /c exit
https://docs.microsoft.com/en-us/sysinternals/downloads/psexec
1
So what's happening here ispsexec
supposed to connect to localhost under username and password specified with-u
and-p
and launchcmd
just to exit immediately. Did I miss anything ? This sounds somewhat counterintuitive - connecting to system with nonexistent username and password should be an error. How does that work ?
– Sergiy Kolodyazhnyy
Dec 29 '18 at 1:13
1
@SergiyKolodyazhnyy: Why do you think that's a nonexistent username and password? It's the same one used in the question, obviously as an example...
– Ben Voigt
Dec 29 '18 at 3:41
1
@BenVoigt Well, I've missed the top part of the question. I thought OP wanted to create the user as well and that's what this answer was supposed to do. So that last part of the comment is a misunderstanding.
– Sergiy Kolodyazhnyy
Dec 29 '18 at 4:09
@BenVoigt Though I do still have a question. OP mentioned " I don't want to create C:usersdefault". So where would the user's profile come from when this method is used and how would Windows know to create specific pre-configured directories if not fromC:usersdefaults
?
– Sergiy Kolodyazhnyy
Dec 29 '18 at 4:11
1
@SergiyKolodyazhnyy: Pretty sure OP means he doesn't want to customize C:UsersDefault ... not that it will be entirely missing. Windows will create the home directory C:Usersfoobar by copying from the plain vanilla C:Usersdefault, then once it exists OP can apply his special sauce to C:Usersfoobar where it won't affect any other users.
– Ben Voigt
Dec 29 '18 at 5:40
add a comment |
All you need to do is run a command as that user, Windows will create the profile:
psexec.exe -u foobar -p Abcd123! cmd.exe /c exit
https://docs.microsoft.com/en-us/sysinternals/downloads/psexec
All you need to do is run a command as that user, Windows will create the profile:
psexec.exe -u foobar -p Abcd123! cmd.exe /c exit
https://docs.microsoft.com/en-us/sysinternals/downloads/psexec
answered Dec 28 '18 at 15:05
Greg Askew
28.2k33667
28.2k33667
1
So what's happening here ispsexec
supposed to connect to localhost under username and password specified with-u
and-p
and launchcmd
just to exit immediately. Did I miss anything ? This sounds somewhat counterintuitive - connecting to system with nonexistent username and password should be an error. How does that work ?
– Sergiy Kolodyazhnyy
Dec 29 '18 at 1:13
1
@SergiyKolodyazhnyy: Why do you think that's a nonexistent username and password? It's the same one used in the question, obviously as an example...
– Ben Voigt
Dec 29 '18 at 3:41
1
@BenVoigt Well, I've missed the top part of the question. I thought OP wanted to create the user as well and that's what this answer was supposed to do. So that last part of the comment is a misunderstanding.
– Sergiy Kolodyazhnyy
Dec 29 '18 at 4:09
@BenVoigt Though I do still have a question. OP mentioned " I don't want to create C:usersdefault". So where would the user's profile come from when this method is used and how would Windows know to create specific pre-configured directories if not fromC:usersdefaults
?
– Sergiy Kolodyazhnyy
Dec 29 '18 at 4:11
1
@SergiyKolodyazhnyy: Pretty sure OP means he doesn't want to customize C:UsersDefault ... not that it will be entirely missing. Windows will create the home directory C:Usersfoobar by copying from the plain vanilla C:Usersdefault, then once it exists OP can apply his special sauce to C:Usersfoobar where it won't affect any other users.
– Ben Voigt
Dec 29 '18 at 5:40
add a comment |
1
So what's happening here ispsexec
supposed to connect to localhost under username and password specified with-u
and-p
and launchcmd
just to exit immediately. Did I miss anything ? This sounds somewhat counterintuitive - connecting to system with nonexistent username and password should be an error. How does that work ?
– Sergiy Kolodyazhnyy
Dec 29 '18 at 1:13
1
@SergiyKolodyazhnyy: Why do you think that's a nonexistent username and password? It's the same one used in the question, obviously as an example...
– Ben Voigt
Dec 29 '18 at 3:41
1
@BenVoigt Well, I've missed the top part of the question. I thought OP wanted to create the user as well and that's what this answer was supposed to do. So that last part of the comment is a misunderstanding.
– Sergiy Kolodyazhnyy
Dec 29 '18 at 4:09
@BenVoigt Though I do still have a question. OP mentioned " I don't want to create C:usersdefault". So where would the user's profile come from when this method is used and how would Windows know to create specific pre-configured directories if not fromC:usersdefaults
?
– Sergiy Kolodyazhnyy
Dec 29 '18 at 4:11
1
@SergiyKolodyazhnyy: Pretty sure OP means he doesn't want to customize C:UsersDefault ... not that it will be entirely missing. Windows will create the home directory C:Usersfoobar by copying from the plain vanilla C:Usersdefault, then once it exists OP can apply his special sauce to C:Usersfoobar where it won't affect any other users.
– Ben Voigt
Dec 29 '18 at 5:40
1
1
So what's happening here is
psexec
supposed to connect to localhost under username and password specified with -u
and -p
and launch cmd
just to exit immediately. Did I miss anything ? This sounds somewhat counterintuitive - connecting to system with nonexistent username and password should be an error. How does that work ?– Sergiy Kolodyazhnyy
Dec 29 '18 at 1:13
So what's happening here is
psexec
supposed to connect to localhost under username and password specified with -u
and -p
and launch cmd
just to exit immediately. Did I miss anything ? This sounds somewhat counterintuitive - connecting to system with nonexistent username and password should be an error. How does that work ?– Sergiy Kolodyazhnyy
Dec 29 '18 at 1:13
1
1
@SergiyKolodyazhnyy: Why do you think that's a nonexistent username and password? It's the same one used in the question, obviously as an example...
– Ben Voigt
Dec 29 '18 at 3:41
@SergiyKolodyazhnyy: Why do you think that's a nonexistent username and password? It's the same one used in the question, obviously as an example...
– Ben Voigt
Dec 29 '18 at 3:41
1
1
@BenVoigt Well, I've missed the top part of the question. I thought OP wanted to create the user as well and that's what this answer was supposed to do. So that last part of the comment is a misunderstanding.
– Sergiy Kolodyazhnyy
Dec 29 '18 at 4:09
@BenVoigt Well, I've missed the top part of the question. I thought OP wanted to create the user as well and that's what this answer was supposed to do. So that last part of the comment is a misunderstanding.
– Sergiy Kolodyazhnyy
Dec 29 '18 at 4:09
@BenVoigt Though I do still have a question. OP mentioned " I don't want to create C:usersdefault". So where would the user's profile come from when this method is used and how would Windows know to create specific pre-configured directories if not from
C:usersdefaults
?– Sergiy Kolodyazhnyy
Dec 29 '18 at 4:11
@BenVoigt Though I do still have a question. OP mentioned " I don't want to create C:usersdefault". So where would the user's profile come from when this method is used and how would Windows know to create specific pre-configured directories if not from
C:usersdefaults
?– Sergiy Kolodyazhnyy
Dec 29 '18 at 4:11
1
1
@SergiyKolodyazhnyy: Pretty sure OP means he doesn't want to customize C:UsersDefault ... not that it will be entirely missing. Windows will create the home directory C:Usersfoobar by copying from the plain vanilla C:Usersdefault, then once it exists OP can apply his special sauce to C:Usersfoobar where it won't affect any other users.
– Ben Voigt
Dec 29 '18 at 5:40
@SergiyKolodyazhnyy: Pretty sure OP means he doesn't want to customize C:UsersDefault ... not that it will be entirely missing. Windows will create the home directory C:Usersfoobar by copying from the plain vanilla C:Usersdefault, then once it exists OP can apply his special sauce to C:Usersfoobar where it won't affect any other users.
– Ben Voigt
Dec 29 '18 at 5:40
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f946882%2fhow-can-i-programmatically-cause-a-new-windows-users-profile-to-be-created%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
Have you checked the options
net user
has (e.g./HOMEDIR
or/PROFILEPATH
)? . Seenet user /help
. From my (untested) understanding, you can create a directory for the user, and set this as homedir with the/HOMEDIR
switch.– Sven♦
Dec 28 '18 at 14:37
May I ask what use case do you have that avoids Active Directory? Things would be much easier with AD. Just curious.
– Ondrej Tucny
Dec 28 '18 at 17:15
I'm avoiding AD because the machines are ephemeral; lifetimes are measured in hours, not days. The machines are hosting clean-room build-environments. Juggling machines in and out of an AD as they come and go is simply not worth it (see also medium.com/palantir/active-directory-as-code-e9666a2e548d if you're interested to do it).
– Peter Mounce
5 hours ago
@Sven yes - sadly neither of those cause the profile itself to be created, even if they set the path.
– Peter Mounce
5 hours ago