2

I need to programmatically create a new Windows account for running a Windows service I recently developed.

Due to lack of sufficient privileges I cannot use any of the existing service accounts (LocalService, NetworkService and LocalSystem), so I have to create my own account during installation of my service.

Unfortunately, I have no idea on how to accomplish this from code (C#). However, I know that the steps I have to go through include:

  • Create the account
  • Deny account log on via console
  • Grant log on as a service.
  • Add the account to the local administrators group on the PC

My service must install and run on all Windows PC operating systems ranging from Windows XP SP3 and up.

Question: Which command line tools are available for this purpose (I can very well call those command line tools from code)?

Further, any relevant links, code snippets or scripts will be very much appreciated!

Steve Konves
  • 2,648
  • 3
  • 25
  • 44
Martin Christiansen
  • 1,037
  • 3
  • 9
  • 28
  • might be worth adding 'windows' before 'service account' to the title. ;) – leonigmig Jan 22 '12 at 18:59
  • Well, the Win32 APIs are [NetUserAdd](http://msdn.microsoft.com/en-us/library/windows/desktop/aa370649%28v=vs.85%29.aspx) (for creating an account) and [LsaAddAccountRights](http://msdn.microsoft.com/en-us/library/windows/desktop/ms721786%28v=vs.85%29.aspx) (to grant account privileges). Don't know what the managed APIs are, but maybe Google can help. – Luke Jan 22 '12 at 21:44

1 Answers1

0

If you just want a single command you can probably do:

net user /ADD "newuser" "Pass phrase" /passwordchg:no

However I looked into 'grant logon as a service' in the past, and had to download an additional .exe from a Windows Server Resource Pack to do this. That may be a pain as you'll need to redistribute the .exe.

Unless someone suggests a better way which uses only built in .exes I'd try and do this with one of:

  • Powershell
  • VBscript
leonigmig
  • 2,736
  • 3
  • 25
  • 21
  • Ok, it looks like I'm somewhat into deep water here. Maybe I should consider a totally different approach, but I really don't know what my options are? The basic problem I'm trying to solve is explained in another question I posted a few days ago (search for "Which service account is suitable"). – Martin Christiansen Jan 22 '12 at 21:16
  • To be honest if as Luke's comment suggests there are C# APIs to do this stuff, that may be your best bet. – leonigmig Jan 23 '12 at 09:29