Create Multiple User Accounts

[weehongayden]

Hello everyone.
How can I create multiple user accounts with NTLite?
I would like to know how to import autounattend.xml as well.

 

[garlin]

There's two ways of adding multiple user accounts:

1. Unattended's Add local account wizard.





2. Create additional users with Post-Setup commands:

---

NTLite can't import existing autounattend files to the preset, but you can copy it to the ISO folder. When you make a new ISO, autounattend will be included.

 

[weehongayden]

There's two ways of adding multiple user accounts:

1. Unattended's Add local account wizard.

View attachment 9078

View attachment 9079

2. Create additional users with Post-Setup commands:

View attachment 9082

---

NTLite can't import existing autounattend files to the preset, but you can copy it to the ISO folder. When you make a new ISO, autounattend will be included.

Hi Garlin,

Thank you for your guidance!

 

[weehongayden]

Hi garlin,

I tried methods one and two to create a new user.

The First Method
I create two local accounts.
However, only one local account was created after installing the Windows, the other account has gone missing.


The Second Method
I can see the new user has been created.
However, the user account cannot be switch if the Member Of is empty.

 

[garlin]

1. Unattended's Add local account wizard.

Spoiler

                        <UserAccounts>
                                <LocalAccounts>
                                        <LocalAccount wcm:action="add">
                                                <Group>Administrators</Group>
                                                <Name>GARLIN</Name>
                                                <Password>
                                                        <PlainText>true</PlainText>
                                                        <Value></Value>
                                                </Password>
                                        </LocalAccount>
                                        <LocalAccount wcm:action="add">
                                                <DisplayName>Jane Doe</DisplayName>
                                                <Name>JANEDOE</Name>
                                                <Password>
                                                        <PlainText>true</PlainText>
                                                        <Value></Value>
                                                </Password>
                                        </LocalAccount>
                                </LocalAccounts>
                        </UserAccounts>

2. Create additional users with Post-Setup commands:

You also need to add group memberships.

net user janedoe xyz123 /ADD /passwordchg:no /expires:never /active:yes /fullname:"Jane Doe"
net localgroup users janedoe /add

 

[weehongayden]

Hi garlin,

Are we allowed to add multiple Administrators in one unattended.xml?

I checked the unattended.xml, and the only difference compared to your configuration is your Jane Doe doesn't include the Administrator group.

 

[garlin]

There is only one Administrator account, but multiple users can be in the Administrators group. If the new user doesn't have a named group, they default to the normal Users group. While you can enable Administrator to use as a personal account, MS doesn't recommend that as a security issue. You should always use a different user, and be forced to use UAC.

People who use Administrator or disable UAC, have a higher risk of making stupid mistakes, and more open to security problems because they're always running elevated.

When Administrator is disabled for logon, Windows requires at least one user be included in Administrators group to manage the system.

 

[weehongayden]

garlin

Thank you for the explanation.

 

[layer8tech]

I'm glad I found this thread as it helped to point me in the right direction for a bug that was occurring when I was creating a deployment image.
I was creating 2 local accounts in the NTLite "Unattended" screen, "Teacher" and "Student". I was configuring the teacher account as a member of "Administrators" group and the student account as a member of "Users" group, however when I installed the image, it would auto-logon the "Student" user as I expected (I specified that in the option), but I was finding that the user "Student" had not been added to any groups (even though I specified the "Users" group for it, therefore, when I would log out and log in as "Teacher", the Student account would disappear and not be available to log in as (even though it still existed).

I had to go in to account settings (running netplwiz) and then manually add the "Student" account to the "Users" group which would allow me to log in to it again. I then rebuilt the image using similar to your method of using "net" CLI commands in "Post-setup" which fixed the issue. I still created the user as normal in "Unattended" but then added script "net user student /passwordchg:no /passwordreq:no" in Post-setup

 

[layer8tech]

Along this journey of discovery, I found that NTLite won't actually prevent you from creating a user account with the same name as the "Computer name", which is forbidden and caused me some problems before I realised what I had done.

 

[garlin]

UPDATE: My NTLite session was incorrectly started with debug flags, causing a broken image. But the 2nd comment is true.

I tried to correctly add a Teacher (Administrator) and autologon Student (Users) in Unattended, and OOBE didn't finish. There's probably some conflict where Windows assumes the autologon user is primary user, but requires that person to have admin rights to complete setup.

It's true the User Name isn't allowed to match the Computer Name. nuhi should check for this case.

https://web.archive.org/web/20050212120159/http://support.microsoft.com/kb/310845/EN-US/

Spoiler

SYMPTOMS​

If you try to create a user account on a computer and try to use the computer name for the user account name, you receive the following error message:
The user name may not be the same as the computer name computer name

CAUSE​

This behavior occurs to prevent users from creating user names with the same user name as the computer's name. This check is made to prevent problems with programs that use NetBIOS name registrations, which can mistakenly use the 03 NetBIOS entry (registered in this case by the user), rather than the 20 NetBIOS entry, which represents the workstation's Server service. Such errors can prevent programs from working properly.

RESOLUTION​

To work around this behavior, do not try to use the computer name for a user account.

STATUS​

This behavior is by design.

MORE INFORMATION​

Several NetBIOS names are registered for a workstation, and these reflect the roles of the workstation, or of the services that are installed. The following list contains the entries that are registered and that can be displayed with the nbtstat -a server namecommand:
Local Area Connection:
Node IpAddress: [169.54.160.92] Scope Id: []

NetBIOS Remote Machine Name Table

Name Type Status
---------------------------------------------
SERVERNAME <00> UNIQUE Registered
DOMAIN <00> GROUP Registered
SERVERNAME <03> UNIQUE Registered
SERVERNAME <20> UNIQUE Registered
DOMAIN <1E> GROUP Registered
USERNAME <03> UNIQUE Registered

MAC Address = 00-B0-D0-DC-E5-87

In the preceding example, the computer has registered a 00, a 03, and a 20 entry, and these correspond to the Workstation service, the Messenger service, and the Server service, respectively.

The username creation is disallowed to prevent the situation where the username 03 and servername 03 entries would be in conflict. In this case, it is possible for programs that rely on these entries (as well as the Server service entry), to use the wrong interface to communicate.

---

APPLIES TO​

•	Microsoft Windows XP Home Edition
•	Microsoft Windows XP Professional Edition
•	Microsoft Windows XP 64-Bit Edition

 

[garlin]

I've confirmed the problem, as you reported: NTLite is losing Student's group membership.

Add new user Student, as member of Users.



Add new user Teacher, as member of Administrators. Check Unattended, and Student has lost their group membership.



The only way to bypass this problem is save the preset, manually add the missing line for Student's group membership. Load the modified preset into NTLite, and make the image.

Spoiler

                                <UserAccounts>
                                        <LocalAccounts>
                                                <LocalAccount>
                                                        <Group>Users</Group>    <-- Missing line
                                                        <Name>Student</Name>
                                                        <Password>
                                                                <PlainText>true</PlainText>
                                                                <Value></Value>
                                                        </Password>
                                                </LocalAccount>
                                                <LocalAccount>
                                                        <Group>Administrators</Group>
                                                        <Name>Teacher</Name>
                                                        <Password>
                                                                <PlainText>true</PlainText>
                                                                <Value></Value>
                                                        </Password>
                                                </LocalAccount>
                                        </LocalAccounts>
                                </UserAccounts>

 

[layer8tech]

I've confirmed the problem, as you reported: NTLite is losing Student's group membership.

Add new user Student, as member of Users.

View attachment 9557

Add new user Teacher, as member of Administrators. Check Unattended, and Student has lost their group membership.

View attachment 9558

The only way to bypass this problem is save the preset, manually add the missing line for Student's group membership. Load the modified preset into NTLite, and make the image.

Spoiler

                                <UserAccounts>
                                        <LocalAccounts>
                                                <LocalAccount>
                                                        <Group>Users</Group>    <-- Missing line
                                                        <Name>Student</Name>
                                                        <Password>
                                                                <PlainText>true</PlainText>
                                                                <Value></Value>
                                                        </Password>
                                                </LocalAccount>
                                                <LocalAccount>
                                                        <Group>Administrators</Group>
                                                        <Name>Teacher</Name>
                                                        <Password>
                                                                <PlainText>true</PlainText>
                                                                <Value></Value>
                                                        </Password>
                                                </LocalAccount>
                                        </LocalAccounts>
                                </UserAccounts>

View attachment 9559

Thanks for your reply. I was actually able to correct it by simply changing the "Group" drop-down list to "Custom" and then manually specifying "Users" under "Custom Group".
This would then give the expected result in "Unattended" screen, so I believe it's a bug in NTLite.

 

[layer8tech]

UPDATE: My NTLite session was incorrectly started with debug flags, causing a broken image. But the 2nd comment is true.

I tried to correctly add a Teacher (Administrator) and autologon Student (Users) in Unattended, and OOBE didn't finish. There's probably some conflict where Windows assumes the autologon user is primary user, but requires that person to have admin rights to complete setup.

It's true the User Name isn't allowed to match the Computer Name. nuhi should check for this case.

https://web.archive.org/web/20050212120159/http://support.microsoft.com/kb/310845/EN-US/

Spoiler

SYMPTOMS​

If you try to create a user account on a computer and try to use the computer name for the user account name, you receive the following error message:
The user name may not be the same as the computer name computer name

CAUSE​

This behavior occurs to prevent users from creating user names with the same user name as the computer's name. This check is made to prevent problems with programs that use NetBIOS name registrations, which can mistakenly use the 03 NetBIOS entry (registered in this case by the user), rather than the 20 NetBIOS entry, which represents the workstation's Server service. Such errors can prevent programs from working properly.

RESOLUTION​

To work around this behavior, do not try to use the computer name for a user account.

STATUS​

This behavior is by design.

MORE INFORMATION​

Several NetBIOS names are registered for a workstation, and these reflect the roles of the workstation, or of the services that are installed. The following list contains the entries that are registered and that can be displayed with the nbtstat -a server namecommand:
Local Area Connection:
Node IpAddress: [169.54.160.92] Scope Id: []

NetBIOS Remote Machine Name Table

Name Type Status
---------------------------------------------
SERVERNAME <00> UNIQUE Registered
DOMAIN <00> GROUP Registered
SERVERNAME <03> UNIQUE Registered
SERVERNAME <20> UNIQUE Registered
DOMAIN <1E> GROUP Registered
USERNAME <03> UNIQUE Registered

MAC Address = 00-B0-D0-DC-E5-87

In the preceding example, the computer has registered a 00, a 03, and a 20 entry, and these correspond to the Workstation service, the Messenger service, and the Server service, respectively.

The username creation is disallowed to prevent the situation where the username 03 and servername 03 entries would be in conflict. In this case, it is possible for programs that rely on these entries (as well as the Server service entry), to use the wrong interface to communicate.

---

APPLIES TO​

•	Microsoft Windows XP Home Edition
•	Microsoft Windows XP Professional Edition
•	Microsoft Windows XP 64-Bit Edition

Thank you for the response.

Yes, I believe this is an unintended scenario as most administrators should be aware that you cannot have a username equal to the computer name, but in my case of accidentally doing that without noticing straight away, I think NTLite should generate an error or prompt the user to say that this is not allowed, as it actually let me fully process an image a few times under this scenario before I realised the mistake I'd made.

Just a suggestion for a fix for NTLite

 

[garlin]

I've tagged nuhi for attention. Should be easy for him to address.