[Closed] windows admins, batch files "for" command

you could use one batch file with the NET user type commands - call it STW.bat

then change your password file to start with STW in each line ie

stw username-1 password-1 email-1 fullname-1 group-a
stw username-2 password-2 email-2 fullname-2 group-b

then you use %1 in the stw.bat file to replace username

%2 for password

%3 for email

%4 for fullname

etc, so stw.bat looks like

NET USER %1 %2 /ADD /COMMENT:%3 /FULLNAME:%4 /logonpasswordchg:yes
NET LOCALGROUP %5 %1 /ADD
NET LOCALGROUP “Remote Desktop Users” %1 /ADD

It's probably easier using powershell but I think that that would work.  I haven't written batch files in years so that above is likely to be largely pants

No reason not to use powershell for this.

Data from text file:  https://stackoverflow.com/questions/15173213/import-csv-and-foreach

Creating users:  https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.localaccounts/?view=powershell-5.1

Go back to the vendor and tell them to provide something that's fit for purpose?  That's the sort of insanity I'd have expected to see 20 years ago.

You can do something like FOR /F "tokens=* delims=, %i in (foo.csv) DO {whatever with %i, %j etc} on a CSV, is that the sort of thing you mean?  for /? at the commandline is your friend here.

TBH, I'd be tempted to break out PowerShell for this.

Another hacky approach I have used when I can get a bat file (or any other scripting ISH lang I know a limited amount of) to do something once but not follow the  some greater more complicated variation is to write a python script to write a bat file or edit a bat file and repeatedly call said bat file. Yeeehaaawww cow boy!!!

Go back to the vendor and tell them to provide something that’s fit for purpose? That’s the sort of insanity I’d have expected to see 20 years ago.

My time in comparison to the software's functionality is considered nothing but a triviality. It is a 20 year old bespoke software package that has been updated for it's operational functionality and to run on newer os's, but not modernised for the modern IT landscape. All I can do is keep raising it with the account manager.

Ugh.  You have my sympathies then.

MS have a powershell script for this that may do the trick now that you can't use Group Policy for this sort of thing anymore:

Scroll down to the workarounds part of this article for the 'Invoke-PasswordRoll' script.

https://support.microsoft.com/en-us/help/2962486/ms14-025-vulnerability-in-group-policy-preferences-could-allow-elevati

Ultra hacky quick and dirty way. Write your batch file command once and ensure it works. Transpose it into Excel. Split it up into various columns, then have other columns for the variables (usernames, passwords etc) interspersed. Then have a final column that concatenates it all. Copy this down populating the usernames/passwords as far as you need to. Then copy and paste the rows from your final column into a batch file. So something like the below

Command A |Username 1 | Command B | Password1 | Command C | Email 1 | Concatenated string
Command A |Username 2 | Command B | Password2 | Command C | Email 2 | Concatenated string
Command A |Username 3 | Command B | Password3 | Command C | Email 3 | Concatenated string

Or yeah just use powershell.

You've probably already written it, but if not, Powershell script:

Import-CSV ".\users.txt" -delimiter " " -Header uname,pwd,email,fullname,group | ForEach-Object {
Write-Host $_.uname
$pwd = ConvertTo-SecureString $_.pwd -AsPlainText -Force
# Remove-LocalUser -Name $_.uname
$user = New-LocalUser -Name $_.uname -Password $pwd -Description $_.email -FullName $_.fullname
$group = Get-LocalGroup -Name $_.group
Add-LocalGroupMember -Group $group -Member $user
}

Before you can run this you may need to

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned

to let you run scripts.

Yep, powershell is the key. Is it multiple pcs? You could edit the script to remote into the pcs as long as you have set them to allow it.