Disclaimer: Techniques to create an administrator local account immediately after a fresh install or clean reset of Windows 11 is continuously evolving and comprehensively covered on the Internet. This tech tip assumes you already have an administrator Windows User Account and wish to create additional local accounts via a terminal approach.
This tech tip shows you how to create an administrator or user local account via PowerShell on Windows 11. This workflow is particularly useful for users on Windows 11 Home, which has more limitations than other Windows editions to create a local account.
A Windows User Account is the identity you use to sign in to Windows. There are two types of Windows User Accounts:
Local account: Exists only on the computer.
Microsoft account: Linked to Microsoft cloud services.
There are two tiers of user privileges:
Administrator: Grants full control over the Windows system, should be reserved for system management purposes.
Standard User: Grants limited control over the Windows system, should be reserved for daily use.
Mixing the above gives you four configurations of Windows User Accounts.
Administrator Microsoft account
Administrator local account
User Microsoft account
User local account
ℹ️ Note
A Windows User Profile is a collection of settings and files linked to a Windows User Account. Windows 11 allocates one Windows User Profile to a Windows User Account.
Once you are logged into an administrator Microsoft or local account on your Windows 11 system,
Open Terminal (Admin). A Windows PowerShell terminal will appear.
Store your new account password as a PowerShell variable with the following command.
$Password = Read-Host -AsSecureString
A blank line appears immediately below your command waiting for your password input. Type your new password and press Enter.
Store your account username, user full name, and account description as variables for convenience.
$UserName = Read-Host
$FullName = Read-Host
$Description = Read-Host
Create a new local account with the following command.
New-LocalUser $UserName -Password $Password -FullName $FullName -Description $Description
(Optional) If you are creating an administrator local account, add the newly created local account to the Administrators user group.
Add-LocalGroupMember -Group "Administrators" -Member $UserName
Check if the newly created local account has password expiry enabled.
Password expiry is enabled when PasswordExpires = True for the account
name.
Get-CimInstance -ClassName Win32_UserAccount | Format-Table -Property Name, Disabled, PasswordExpires
If the local account has password expiry enabled, disable password expiry.
Set-LocalUser -Name $UserName -PasswordNeverExpires $true
If you need to delete a Windows User Account (e.g., another Microsoft account or local account) on your computer, login to an administrator local account and open Terminal (Admin).
Take note of the account username of the Windows User Account to be deleted in the first column (Name) of the following command.
Get-LocalUser
Get the user object of the target account username. Replace <user name>
with the target account username.
$User = Get-LocalUser -Name "<user name>" -ErrorAction Stop
Remove the associated Windows User Profile (from both filesystem and registry).
Get-CimInstance -Class Win32_UserProfile | ? SID -eq $User.SID | Remove-CimInstance
Remove the Windows User Account.
Remove-LocalUser -SID $User.SID