How Do You Create a New User with DSC?

Problem scenario
You are using Windows Server 2019. You want to create a new local user. You don't want the user to be a member of the local Administrators group (which allows remote logins). What do you do?


i. Install DSC. If you need assistance, see this posting.
ii.a. Make sure the server has been added to its own TrustedHosts configuration settings. To do this, open PowerShell and run this:

Set-Item wsman:localhost\client\trustedhosts -Value $env:COMPUTERNAME

ii.b. Answer "Yes" to the pop up window.


  1. Create a .ps1 file with the following content (but replace "foobar" with your desired password and replace "cooluser" with your desired password):
$ConfigData = @{
    AllNodes = @(
            PSDscAllowPlainTextPassword = $true


Configuration newLocalAdmin
    $secpasswd = ConvertTo-SecureString "foobar" -AsPlainText -Force
    $mycreds = New-Object System.Management.Automation.PSCredential ("cooluser", $secpasswd)
    Node $env:COMPUTERNAME
        User adminUser
            UserName = "Steve.J"
            Description = "This account is created using DSC"
            Password = $mycreds
            FullName = "Steve Jobs"
            PasswordNeverExpires = $true

            Ensure = 'Present'

# Run the Configuration with the -ConfigurationData parameter and use our configData as argument
newLocalAdmin -ConfigurationData $ConfigData
  1. Run the script above.
  2. Run this command (from the directory where you ran the above command as it would have created a new directory): Start-DscConfiguration -Path .\newLocalAdmin -Wait -Verbose
  3. You are done. This method was adapted from this posting.
    We think the directions above would work on most versions of Windows.

Leave a comment

Your email address will not be published. Required fields are marked *