为什么登录屏幕不显示创建的 New-LocalUser 或管理员帐户?

tag-icon tag-icon powershell user-accounts windows-11 login administrator
为什么登录屏幕不显示创建的 New-LocalUser 或管理员帐户?

登录需要输入密码,右键单击cmd允许以提升模式运行,以便Administrator新帐户被创建:

添加用户:

PS C:\Windows\System32>
PS C:\Windows\System32> New-LocalUser

cmdlet New-LocalUser at command pipeline position 1
Supply values for the following parameters:
Name: nicholas
Password: *****************************************

Name     Enabled Description
----     ------- -----------
nicholas True


PS C:\Windows\System32>
PS C:\Windows\System32>
PS C:\Windows\System32> Get-LocalUser

Name               Enabled Description
----               ------- -----------
Administrator      False   Built-in account for administering the =
computer/domain
DefaultAccount     False   A user account managed by the system.
defaultuser100001  True
foo                True
Guest              False   Built-in account for guest access to the =
computer/domain
nicholas           True
WDAGUtilityAccount False   A user account managed and used by the system =
for Windows Defender Application Guard scen...


PS C:\Windows\System32>

虽然管理员帐户未启用,但foo用户可以cmdAdministrator特权运行。新创建的帐户显示为已启用,但在登录屏幕上无法选择。

系统信息:

PS C:\Users\foo>
PS C:\Users\foo> [System.Environment]::OSVersion

Platform ServicePack Version      VersionString
-------- ----------- -------      -------------
 Win32NT             10.0.22621.0 Microsoft Windows NT 10.0.22621.0


PS C:\Users\foo>
PS C:\Users\foo>
PS C:\Users\foo> cmd /c ver

Microsoft Windows [Version 10.0.22621.1105]
PS C:\Users\foo>

如上Windows 10所示,winver显示Windows 11

温弗

新创建的用户未列为登录选项。没有选项,只有单个帐户。

我不明白账户和个人资料之间的区别。我能不能以其他用户身份登录?

来自 IRC 的 Akik 建议运行:

 FOR %F IN ("%SystemRoot%\servicing\Packages\Microsoft-Windows-GroupPolicy-ClientTools-Package~*.mum") DO (DISM /Online /NoRestart /Add-Package:"%F")

j​borean93 的另一个建议是:

https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.localaccounts/set-localuser?view=powershell-5.1

答案1

您的新用户需要成为该Users组的成员。这是我用于创建用户的简单脚本

param ($Site, $FullName, $UserName, $Password, [switch] $Admin)
if ($PSBoundParameters.ContainsKey('UserName')) {
    if ($PSBoundParameters.ContainsKey('Admin')) {
        $Description = "Admin account for $FullName"
    }
    else {
        $Description = "User account for $FullName"
    }
    if (-Not ($PSBoundParameters.ContainsKey('Password'))) {
        $Credential = Get-Credential -UserName $UserName -Message "Supply password for new user"
        $User = New-LocalUser -FullName "$($FullName) - $($Site)" -Name $UserName -Description $Description -PasswordNeverExpires -Password $Credential.Password
    }
    else {
        $User = New-LocalUser -FullName "$($FullName) - $($Site)" -Name $UserName -Description $Description -PasswordNeverExpires -Password (ConvertTo-SecureString -String $Password -AsPlainText -Force)
    }
    if ($null -ne $User) {
        Add-LocalGroupMember -Group "Users"  -Member $User 
        if ($PSBoundParameters.ContainsKey('Admin')) {
            Add-LocalGroupMember -Group "Administrators" -Member $User 
        }
        Write-Output $User
    }
}
else {
    Write-Host "Usage: $(Split-Path $PSCommandPath -leaf) <Site> <Full Name> <Username> [password] [-Admin]"
}

对于你的情况你可以使用 Add-LocalGroupMember -Group "Users" -Member "nicholas"

相关内容