Set-​Local​User

Modifies a local user account.

Syntax

Set-LocalUser
   [-InputObject] <LocalUser>
   [-AccountExpires <DateTime>]
   [-AccountNeverExpires]
   [-Confirm]
   [-Description <String>]
   [-FullName <String>]
   [-Password <SecureString>]
   [-PasswordNeverExpires <Boolean>]
   [-UserMayChangePassword <Boolean>]
   [-WhatIf]
   [<CommonParameters>]
Set-LocalUser
   [-Name] <String>
   [-AccountExpires <DateTime>]
   [-AccountNeverExpires]
   [-Confirm]
   [-Description <String>]
   [-FullName <String>]
   [-Password <SecureString>]
   [-PasswordNeverExpires <Boolean>]
   [-UserMayChangePassword <Boolean>]
   [-WhatIf]
   [<CommonParameters>]
Set-LocalUser
   [-SID] <SecurityIdentifier>
   [-AccountExpires <DateTime>]
   [-AccountNeverExpires]
   [-Confirm]
   [-Description <String>]
   [-FullName <String>]
   [-Password <SecureString>]
   [-PasswordNeverExpires <Boolean>]
   [-UserMayChangePassword <Boolean>]
   [-WhatIf]
   [<CommonParameters>]

Description

The Set-LocalUser cmdlet modifies a local user account. This cmdlet can reset the password of a local user account.

Examples

Example 1: Change a description of a user account

PS C:\> Set-LocalUser -Name "Admin07" -Description "Description of this account."

This command changes the description of a user account named Admin07.

Example 2: Change the password on an account

PS C:\> $Password = Read-Host -AsSecureString
PS C:\> $UserAccount = Get-LocalUser -Name "User02"
PS C:\> $UserAccount | Set-LocalUser -Password $Password

The first command prompts you for a password by using the Read-Host cmdlet. The command stores the password as a secure string in the $Password variable.

The second command gets a user account named User02 by using Get-LocalUser. The command stores the account in the $UserAccount variable.

The third command sets the new password on the user account stored in $UserAccount.

Required Parameters

-InputObject

Specifies the user account that this cmdlet changes. To obtain a user account, use the Get-LocalUser cmdlet.

Type:LocalUser
Position:0
Default value:None
Accept pipeline input:True (ByPropertyName, ByValue)
Accept wildcard characters:False
-Name

Specifies the name of the user account that this cmdlet changes.

Type:String
Position:0
Default value:None
Accept pipeline input:True (ByPropertyName, ByValue)
Accept wildcard characters:False
-SID

Specifies the security ID (SID) of the user account that this cmdlet changes.

Type:SecurityIdentifier
Position:0
Default value:None
Accept pipeline input:True (ByPropertyName, ByValue)
Accept wildcard characters:False

Optional Parameters

-AccountExpires

Specifies when the user account expires. To obtain a DateTime object, use the Get-Date cmdlet.

If you do not want the account to expire, specify the AccountNeverExpires parameter.

Type:DateTime
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-AccountNeverExpires

Indicates that the account does not expire.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Accept pipeline input:False
Accept wildcard characters:False
-Description

Specifies a comment for the user account. The maximum length is 48 characters.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-FullName

Specifies the full name for the user account. The full name differs from the user name of the user account.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Password

Specifies a password for the user account. If the user account is connected to a Microsoft account, do not set a password.

You can use Read-Host -GetCredential, Get-Credential, or ConvertTo-SecureString to create a SecureString object for the password.

If you omit the Password and NoPassword parameters, Set-LocalUser prompts you for the user's password.

Type:SecureString
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-PasswordNeverExpires

Indicates whether the password expires.

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-UserMayChangePassword

Indicates that the user can change the password on the user account.

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

System.Management.Automation.SecurityAccountsManager.LocalUser, System.String, System.Security.Principal.SecurityIdentifier

You can pipe a local user, a string, or a SID to this cmdlet.

Outputs

None

This cmdlet does not generate any output.

Notes

  • The PrincipalSource property is a property on LocalUser, LocalGroup, and LocalPrincipal objects that describes the source of the object. The possible sources are as follows:

  • Local

  • Active Directory
  • Azure Active Directory group
  • Microsoft Account

PrincipalSource is supported only by Windows 10, Windows Server 2016, and later versions of the Windows operating system. For earlier versions, the property is blank.