Search the Petri IT Knowledgebase
search icon

close

Windows

Cloud

Microsoft 365

PowerShell

Active Directory

Security

Windows Server

Video

Microsoft Teams Day is back!

Register today!
Icon for Live Conference on December 8!

Live Conference on December 8!

GET-IT Microsoft Teams Conference

Icon for Live Webinar on Nov. 29th!

Live Webinar on Nov. 29th!

MVP Panel Talk: Do You Need to Backup Microsoft 36...

Icon for Live Webinar Coming Dec. 14th!

Live Webinar Coming Dec. 14th!

Recession Proof Your IT: How to Reduce IT Costs Wi...

Icon for New E-Book

New E-Book

Tracking Tasks in Microsoft 365

Home

Windows Server

Managing Windows Server with Puppet Part 5: Managing Local Users and Groups

Russell Smith

 |

Apr 3, 2018

In today’s Ask the Admin, I’ll show you how to manage local users and groups using Puppet.

 

 

Just because you can do something, doesn’t mean that you should. And while Puppet can create local user accounts in Windows, you should always try and use Active Directory for user management and authentication. There might be some situations where you want to use Puppet to manage local users and groups. For example, where a server is not a member of an Active Directory domain. Or you might want to add Active Directory users or groups to a member server using Puppet instead of Group Policy.

Create a Local User Account

Let’s start by looking at how to create a new local user. The built-in Puppet user and group resources know how to manage Windows local users and groups. The resource below creates a new local user, petriuser1 and sets the password for the account. Make sure you create a password that meets the complexity requirements set in policy on the Windows device.

user { 'petriuser1':
   ensure => present,
   password => 'Petri!Kn0Wledge' 
}

When you are creating a new user, you can also add it to a group straight away:

user { 'petriuser1':
   ensure => present,
   password => 'Petri!Kn0Wledge',
   groups => 'Administrators'
}
Creating a new local user in Puppet (Image Credit: Russell Smith)

Creating a New Local User in Puppet (Image Credit: Russell Smith)

Managing Group Membership

Using the group resource, you can either add or remove users from an existing group or create a new group. The resource below makes sure that petagentadmin and petriuser1 are both members of the Administrators group:

group { 'Local Admins':
    name => 'Administrators',
    ensure => present,
    members => ['petagentadmin','petriuser1'],
    auth_membership => false,
}
Puppet agent creates a new local user on a node (Image Credit: Russell Smith)

Puppet Agent Creates a New Local User on a Node (Image Credit: Russell Smith)

The auth_membership parameter’s default setting is false. When set to false, any existing members of the group are preserved. If you want to purge the group, set auth_membership to true. To add a domain user to a local group, you need to specify the username and the domain together. In the resource below, I’m adding a user called testuser1 from the Petri domain to the local Administrators group:

group { 'Local Admins':
    name => 'Administrators',
    ensure => present,
    members => 'petri\testuser1',
    auth_membership => false
}

To delete a local user, change the ensure parameter to absent. The same applies when deleting groups.

user { 'petriuser1':
   ensure => absent,
}

The auth_membership parameter can also be set in a user resource. If set to inclusive, Puppet will make sure the user only belongs to the groups specified in the manifest and remove the user from any groups that are not specified. In the resource below, petriuser1 will be added to Administrators and removed from any other local groups that it is a member of.

user { 'petriuser1':
   ensure => present,
   password => 'Petri!Kn0Wledge',
   groups => 'Administrators',
   auth_membership => inclusive
}

In this Ask the Admin, I showed you how to create, remove, and manage local users and groups in Windows using Puppet.

More from Russell Smith

Apple iOS 16

This Week in IT - The UGLY Truth About the iPhone SE
Project Volterra

Windows on Arm - Does Project Volterra Solve the Performance Problem?

Windows 11 Has a 'Moment' and Microsoft Accidently Leaks Redesigned Desktop

Petri Newsletters

Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.

More in Windows Server

Cloud Computing

Latest Patch Tuesday Updates Cause Freezes, Reboots on Domain Controllers

Nov 25, 2022 | Rabia Noureen

Windows Logo

Microsoft Releases Fix for Kerberos Authentication Issues on Domain Controllers

Nov 18, 2022 | Rabia Noureen

Cloud Computing

Microsoft Confirms Server Manager Disk Resets Could Cause Data Loss

Oct 28, 2022 | Rabia Noureen

Windows 11

September Patch Tuesday Updates Cause Group Policy Issues on Windows PCs

Sep 26, 2022 | Rabia Noureen

Datacenter networking servers

Latest Windows Server 2022 Update Improves Protection Against Ransomware Attacks

Aug 17, 2022 | Rabia Noureen

Datacenter networking servers

Latest Windows Server Updates May Cause Printing and Scanning Issues

Jul 25, 2022 | Rabia Noureen

Most popular on petri

Article saved!

Access saved content from your profile page. View Saved

Reach out

Learn More

Sitemap

Join The Conversation

Create a free account today to participate in forum conversations, comment on posts and more.

Copyright ©2019 BWW Media Group

Terms and Conditions of Use

 |

Privacy Policy