Set-LocalUser

Module:

Microsoft.PowerShell.LocalAccounts

Modifies a local user account.

Syntax

Set-LocalUser
   [-AccountExpires <DateTime>]
   [-AccountNeverExpires]
   [-Description <String>]
   [-FullName <String>]
   [-Name] <String>
   [-Password <SecureString>]
   [-PasswordNeverExpires <Boolean>]
   [-UserMayChangePassword <Boolean>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Set-LocalUser
   [-AccountExpires <DateTime>]
   [-AccountNeverExpires]
   [-Description <String>]
   [-FullName <String>]
   [-InputObject] <LocalUser>
   [-Password <SecureString>]
   [-PasswordNeverExpires <Boolean>]
   [-UserMayChangePassword <Boolean>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Set-LocalUser
   [-AccountExpires <DateTime>]
   [-AccountNeverExpires]
   [-Description <String>]
   [-FullName <String>]
   [-Password <SecureString>]
   [-PasswordNeverExpires <Boolean>]
   [-SID] <SecurityIdentifier>
   [-UserMayChangePassword <Boolean>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The Set-LocalUser cmdlet modifies a local user account. This cmdlet can reset the password of a local user account.

Examples

Example 1: Change a description of a user account

PS C:\> Set-LocalUser -Name "Admin07" -Description "Description of this account."

This command changes the description of a user account named Admin07.

Example 2: Change the password on an account

PS C:\> $Password = Read-Host -AsSecureString
PS C:\> $UserAccount = Get-LocalUser -Name "User02"
PS C:\> $UserAccount | Set-LocalUser -Password $Password

The first command prompts you for a password by using the Read-Host cmdlet. The command stores the password as a secure string in the $Password variable.

The second command gets a user account named User02 by using Get-LocalUser. The command stores the account in the $UserAccount variable.

The third command sets the new password on the user account stored in $UserAccount.

Parameters

-AccountExpires

Specifies when the user account expires. To obtain a DateTime object, use the Get-Date cmdlet.

If you do not want the account to expire, specify the AccountNeverExpires parameter.

Type:	DateTime
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-AccountNeverExpires

Indicates that the account does not expire.

Type:	SwitchParameter
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:	SwitchParameter
Aliases:	cf
Position:	Named
Default value:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-Description

Specifies a comment for the user account. The maximum length is 48 characters.

Type:	String
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-FullName

Specifies the full name for the user account. The full name differs from the user name of the user account.

Type:	String
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-InputObject

Specifies the user account that this cmdlet changes. To obtain a user account, use the Get-LocalUser cmdlet.

Type:	LocalUser
Position:	0
Default value:	None
Accept pipeline input:	True (ByPropertyName, ByValue)
Accept wildcard characters:	False

-Name

Specifies the name of the user account that this cmdlet changes.

Type:	String
Position:	0
Default value:	None
Accept pipeline input:	True (ByPropertyName, ByValue)
Accept wildcard characters:	False

-Password

Specifies a password for the user account. If the user account is connected to a Microsoft account, do not set a password.

You can use Read-Host -GetCredential, Get-Credential, or ConvertTo-SecureString to create a SecureString object for the password.

If you omit the Password and NoPassword parameters, Set-LocalUser prompts you for the user’s password.

Type:	SecureString
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-PasswordNeverExpires

Indicates whether the password expires.

Type:	Boolean
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-SID

Specifies the security ID (SID) of the user account that this cmdlet changes.

Type:	SecurityIdentifier
Position:	0
Default value:	None
Accept pipeline input:	True (ByPropertyName, ByValue)
Accept wildcard characters:	False

-UserMayChangePassword

Indicates that the user can change the password on the user account.

Type:	Boolean
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:	SwitchParameter
Aliases:	wi
Position:	Named
Default value:	False
Accept pipeline input:	False
Accept wildcard characters:	False

Inputs

System.Management.Automation.SecurityAccountsManager.LocalUser, System.String, System.Security.Principal.SecurityIdentifier

You can pipe a local user, a string, or a SID to this cmdlet.

Outputs

None

This cmdlet does not generate any output.

Notes

• The PrincipalSource property is a property on LocalUser, LocalGroup, and LocalPrincipal objects that describes the source of the object. The possible sources are as follows:

• Local
• Active Directory
• Azure Active Directory group
• Microsoft Account

PrincipalSource is supported only by Windows 10, Windows Server 2016, and later versions of the Windows operating system. For earlier versions, the property is blank.

Related Links

• Disable-LocalUser
• Enable-LocalUser
• Get-LocalUser
• New-LocalUser
• Remove-LocalUser
• Rename-LocalUser

Source: Set-LocalUser