The requirement: To create a new local group with a new user inside it.
Depending on your security context, it's considered good practice to run long-running processes such as services under a controlled user with minimum privileges. It might make sense also to create a specific group for this and perhaps other users. The code below creates a simple group and a relatively unprivileged user. Obviously, you still need to secure resources for this user in particular.
Caveat Lector: I am not a security expert and this is example code
import win32net
import win32netcon
USER = "user"
GROUP = "group"
#
# Create a new user with minimum privs.
# If it exists already, drop it first.
#
user_info = dict (
name = USER,
password = "Passw0rd",
priv = win32netcon.USER_PRIV_USER,
home_dir = None,
comment = None,
flags = win32netcon.UF_SCRIPT,
script_path = None
)
try:
win32net.NetUserDel (None, USER)
except win32net.error, (number, context, message):
if number <> 2221:
raise
win32net.NetUserAdd (None, 1, user_info)
#
# Create a new group
# If it exists already, drop it first.
#
group_info = dict (
name = GROUP
)
try:
win32net.NetLocalGroupDel (None, GROUP)
except win32net.error, (number, context, message):
if number <> 2220:
raise
win32net.NetLocalGroupAdd (None, 0, group_info)
#
# Add the new user to the new group
#
user_group_info = dict (
domainandname = USER
)
win32net.NetLocalGroupAddMembers (None, GROUP, 3, [user_group_info])