SCCM – Add Local User During OSD


If you want to add a local machine user to your deployed machine during your SCCM OSD process then you can do this using a standard “Run Command Line” step.


So, you need to add a “Run Command Line” step in your task sequence towards the end, after the Windows deployment and after the ConfigMgr Client install. You should then give it a meaningful name and use the following command line:

 cmd.exe /c net user LocalAdmin Pa55w0rd# /add /comment:"Local Admin Account" /expires:never /fullname:"Local Admin Account"  

Each of these parts are detailed below and can be changed to your own requirements:

  • cmd.exe /c – required to run a successful command
  • net user – run the “net user” command
  • LocalAdmin – name of the local admin account you want to create
  • Pa55w0rd# – the password of the local admin account you want to create
  • /add – to add the user
  • /comment:”Local Admin Account” – this is the description of the local account
  • /expires:never – means the account will never expire (note account NOT password will never expire)
  • /fullname:”Local Admin Account” – full name details for the local account

When you have completed this, you should have something that looks a little like this:


Now when the task sequence runs through it will run this command and add the local user. Note that this will add the user add a “Standard” user, if you want to then make this user (or any other local user) as a local administrator then take a look at our guide for this here.


If you have any feedback about this guide, please feel free to leave us a message below using our comments section.

You might also like...

3 Responses

  1. sema says:

    I add this step and the other one to create a local account and add it to the administrator group. But, OSD fails with an 0x00000002 error code.

  2. Bhupesh Thakur says:

    How do we set password never expires check box.

  3. AIXI says:

    With this way you may have a security problem with the logs. The sccm logs will have the user and password in plain text, someone may found it and use account.
    You can delete the logs after the installation or use just use a package(powershell with secure string, c++ program etc…) that add the user, it may be decrypted also but is more difficult.

Leave us a message...

This site uses Akismet to reduce spam. Learn how your comment data is processed.