Set-LocalUserConfig

Windows: Modifies a local user account configuration

Script

#Requires -Version 5.1

[CmdletBinding()]
Param (
    [Parameter(Mandatory = $true)]
    [string]$Name,

    [string]$FullName,

    [string]$Description,

    [securestring]$Password,

    [bool]$PasswordNeverExpires,

    [bool]$AccountNeverExpires,

    [bool]$Enabled,

    [string]$ComputerName = $env:COMPUTERNAME,

    [pscredential]$Credential
)

Process {
    try {
        $scriptBlock = {
            Param($UserName, $UserFull, $UserDesc, $UserPass, $PassNever, $AccNever, $IsEnabled, $BoundParams)
            $params = @{
                'Name' = $UserName
                'ErrorAction' = 'Stop'
            }
            if ($BoundParams.ContainsKey('FullName')) { $params.Add('FullName', $UserFull) }
            if ($BoundParams.ContainsKey('Description')) { $params.Add('Description', $UserDesc) }
            if ($BoundParams.ContainsKey('Password')) { $params.Add('Password', $UserPass) }
            if ($BoundParams.ContainsKey('PasswordNeverExpires')) { $params.Add('PasswordNeverExpires', $PassNever) }
            if ($BoundParams.ContainsKey('AccountNeverExpires')) { $params.Add('AccountNeverExpires', $AccNever) }
            if ($BoundParams.ContainsKey('Enabled')) { $params.Add('Enabled', $IsEnabled) }
            
            Set-LocalUser @params
            Get-LocalUser -Name $UserName | Select-Object Name, SID, Enabled, Description
        }

        if ($ComputerName -ne $env:COMPUTERNAME) {
            $invokeParams = @{
                'ComputerName' = $ComputerName
                'ScriptBlock'  = $scriptBlock
                'ArgumentList' = @($Name, $FullName, $Description, $Password, $PasswordNeverExpires, $AccountNeverExpires, $Enabled, $PSBoundParameters)
                'ErrorAction'  = 'Stop'
            }
            if ($null -ne $Credential) {
                $invokeParams.Add('Credential', $Credential)
            }

            $result = Invoke-Command @invokeParams
        }
        else {
            $result = &$scriptBlock -UserName $Name -UserFull $FullName -UserDesc $Description -UserPass $Password -PassNever $PasswordNeverExpires -AccNever $AccountNeverExpires -IsEnabled $Enabled -BoundParams $PSBoundParameters
        }

        $output = [PSCustomObject]@{
            Name         = $result.Name
            SID          = $result.SID.Value
            Enabled      = $result.Enabled
            ComputerName = $ComputerName
            Action       = "UserModified"
            Timestamp    = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
        }

        Write-Output $output
    }
    catch {
        throw
    }
}

Customize

Name string

Specifies the name of the local user to modify.

FullName string

Specifies a new full name for the user account.

Description string

Specifies a new description for the user account.

Password securestring

Specifies a new secure string password for the account.

PasswordNeverExpires bool

If set, the password for the account will never expire.

AccountNeverExpires bool

If set, the account will never expire.

Enabled bool

If set, enables or disables the account.

ComputerName string

Specifies the name of the target computer. Defaults to the local computer.

env string

Credential pscredential

Specifies a PSCredential object for remote connection.