Set-LocalUser

Modifies a local user account.

Syntax

Set-LocalUser
   [-AccountExpires <DateTime>]
   [-AccountNeverExpires]
   [-Description <String>]
   [-FullName <String>]
   [-Name] <String>
   [-Password <SecureString>]
   [-PasswordNeverExpires <Boolean>]
   [-UserMayChangePassword <Boolean>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Set-LocalUser
   [-AccountExpires <DateTime>]
   [-AccountNeverExpires]
   [-Description <String>]
   [-FullName <String>]
   [-InputObject] <LocalUser>
   [-Password <SecureString>]
   [-PasswordNeverExpires <Boolean>]
   [-UserMayChangePassword <Boolean>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Set-LocalUser
   [-AccountExpires <DateTime>]
   [-AccountNeverExpires]
   [-Description <String>]
   [-FullName <String>]
   [-Password <SecureString>]
   [-PasswordNeverExpires <Boolean>]
   [-SID] <SecurityIdentifier>
   [-UserMayChangePassword <Boolean>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The Set-LocalUser cmdlet modifies a local user account. This cmdlet can reset the password of a local user account.

Note

The Microsoft.PowerShell.LocalAccounts module is not available in 32-bit PowerShell on a 64-bit system.

Examples

Example 1: Change a description of a user account

Set-LocalUser -Name "Admin07" -Description "Description of this account."

This command changes the description of a user account named Admin07.

Example 2: Change the password on an account

$Password = Read-Host -AsSecureString
$UserAccount = Get-LocalUser -Name "User02"
$UserAccount | Set-LocalUser -Password $Password

The first command prompts you for a password by using the Read-Host cmdlet. The command stores the password as a secure string in the $Password variable.

The second command gets a user account named User02 by using Get-LocalUser. The command stores the account in the $UserAccount variable.

The third command sets the new password on the user account stored in $UserAccount.

Parameters

-AccountExpires

Specifies when the user account expires. To obtain a DateTime object, use the Get-Date cmdlet.

If you do not want the account to expire, specify the AccountNeverExpires parameter.

Type:DateTime
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AccountNeverExpires

Indicates that the account does not expire.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Description

Specifies a comment for the user account. The maximum length is 48 characters.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-FullName

Specifies the full name for the user account. The full name differs from the user name of the user account.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-InputObject

Specifies the user account that this cmdlet changes. To obtain a user account, use the Get-LocalUser cmdlet.

Type:Microsoft.PowerShell.Commands.LocalUser
Position:0
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Name

Specifies the name of the user account that this cmdlet changes.

Type:String
Position:0
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Password

Specifies a password for the user account. If the user account is connected to a Microsoft account, do not set a password.

You can use Read-Host -AsSecureString, Get-Credential, or ConvertTo-SecureString to create a SecureString object for the password.

If you omit the Password and NoPassword parameters, Set-LocalUser prompts you for the user's password.

Type:SecureString
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PasswordNeverExpires

Indicates whether the password expires.

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-SID

Specifies the security ID (SID) of the user account that this cmdlet changes.

Type:SecurityIdentifier
Position:0
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-UserMayChangePassword

Indicates that the user can change the password on the user account.

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

System.Management.Automation.SecurityAccountsManager.LocalUser

You can pipe a local user to this cmdlet.

String

You can pipe a string to this cmdlet.

SecurityIdentifier

You can pipe a SID to this cmdlet.

Outputs

None

This cmdlet returns no output.

Notes

Windows PowerShell includes the following aliases for Set-LocalUser:

  • slu

The PrincipalSource property is a property on LocalUser, LocalGroup, and LocalPrincipal objects that describes the source of the object. The possible sources are as follows:

  • Local
  • Active Directory
  • Microsoft Entra group
  • Microsoft Account

PrincipalSource is supported only by Windows 10, Windows Server 2016, and later versions of the Windows operating system. For earlier versions, the property is blank.