Jump to content

Create a local admin account


andy0609
 Share

Recommended Posts

I use this when I am onboarding a new client. Computers have been there and most people don't know/have their own admin password

Quote

 

$Username = "ADMIN-USERNAME-HERE"
$Password = "ADMIN-PASSWORD-HERE"

$group = "Administrators"

$adsi = [ADSI]"WinNT://$env:COMPUTERNAME"
$existing = $adsi.Children | where {$_.SchemaClassName -eq 'user' -and $_.Name -eq $Username }

if ($existing -eq $null) {

    Write-Host "Creating new local user $Username."
    & NET USER $Username $Password /add /y /expires:never
    
    Write-Host "Adding local user $Username to $group."
    & NET LOCALGROUP $group $Username /add

}
else {
    Write-Host "Setting password for existing local user $Username."
    $existing.SetPassword($Password)
}

Write-Host "Ensuring password for $Username never expires."
& WMIC USERACCOUNT WHERE "Name='$Username'" SET PasswordExpires=FALSE

 

 

Link to comment
Share on other sites

  • 10 months later...
  • 1 year later...
On 4/5/2017 at 12:11 AM, andy0609 said:

I use this when I am onboarding a new client. Computers have been there and most people don't know/have their own admin password

 

Thanks for this. I can see it coming in handy. I'll definitely be bookmarking this page. 

Link to comment
Share on other sites

On 4/4/2017 at 9:11 PM, andy0609 said:

I use this when I am onboarding a new client. Computers have been there and most people don't know/have their own admin password

 

I am trying to use this script, but I keep getting the error

"Where-Object : Cannot process command because of one or more missing mandatory parameters: FilterScript. At C:\Program Files\Pulseway\automation_dc45fa75_cbe2_4a45_bfb5_18a9f9945795.ps 1:16 char:4 + } ? <<<< + CategoryInfo : InvalidArgument: (:) [Where-Object], ParameterBi ndingException + FullyQualifiedErrorId : MissingMandatoryParameter,Microsoft.PowerShell.C ommands.WhereObjectCommand"

 

Ideas?

Link to comment
Share on other sites

  • 2 months later...
  • 1 month later...

Adding one line hides the ID from the user.

$Username = "ID to create"
$Password = "Password for created ID"

$group = "Administrators"

$adsi = [ADSI]"WinNT://$env:COMPUTERNAME"
$existing = $adsi.Children | where {$_.SchemaClassName -eq 'user' -and $_.Name -eq $Username }

if ($existing -eq $null) {

    Write-Host "Creating new local user $Username."
    & NET USER $Username $Password /add /y /expires:never
    
    Write-Host "Adding local user $Username to $group."
    & NET LOCALGROUP $group $Username /add
    
	New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" -Name $Username -PropertyType DWord -Value 0 -ea SilentlyContinue -wa SilentlyContinue

}
else {
    Write-Host "Setting password for existing local user $Username."
    $existing.SetPassword($Password)
}

Write-Host "Ensuring password for $Username never expires."
& WMIC USERACCOUNT WHERE "Name='$Username'" SET PasswordExpires=FALSE

exit 0;

I have not used created ID to run scripts. Wanted to give back, if I didn't post this now I would never post it.

I am new to scripting with pulseway. Does Write-Host go somewhere meaningful, or is this just also a script you manually run?

Thanks for the ID creation with  error checking!

Link to comment
Share on other sites

  • 7 months later...


This works perfect, almost...I have an encoding problem...
I am on a swedish OS and the name of the administrators group is "Administratörer".
How do I get that ö over to the machine instead of a Çô or whatever gets in to that powershell session.

Best regards
Mike :)

2020-02-08@21_54_59.png

Edited by kappnet
Link to comment
Share on other sites

  • 2 weeks later...
  • 3 months later...

sure seems like way too much code for this project, I do this as a bath script not power shell.

net user localpcadmin Password /add
net localgroup administrators localpcadmin /add
net localgroup administrators administrator /add
net localgroup administrators "domain admins" /add
net localgroup "Power Users" "domain users" /add

Link to comment
Share on other sites

On 2/8/2020 at 10:03 PM, kappnet said:


This works perfect, almost...I have an encoding problem...
I am on a swedish OS and the name of the administrators group is "Administratörer".
How do I get that ö over to the machine instead of a Çô or whatever gets in to that powershell session.

Best regards
Mike :)

2020-02-08@21_54_59.png

 

Unfortunately, Pulseway doesn't support Swedish characters within scripts at this point in time (I'd love to see that in the future though). However there's a way around it.. You can use ASCII-code instead of letters. I did this with a script recently in order to create a scheduled task, and it's working fine.  

 

Replace the following: 

$group = "Administrators"

 

With:

$group = [char]065+[char]100+[char]109+[char]105+[char]110+[char]105+[char]115+[char]116+[char]114+[char]097+[char]116+[char]246+[char]114+[char]101+[char]114

(The ASCII code above says Administratörer. Please note that putting the code within quotation marks will store the ASCII-code itself, which we don't want in this case)

Edited by AC_Martin_J
Link to comment
Share on other sites

  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...