Create a local admin account

[andy0609]

I use this when I am onboarding a new client. Computers have been there and most people don't know/have their own admin password

Quote

 

$Username = "ADMIN-USERNAME-HERE"
$Password = "ADMIN-PASSWORD-HERE"

$group = "Administrators"

$adsi = [ADSI]"WinNT://$env:COMPUTERNAME"
$existing = $adsi.Children | where {$_.SchemaClassName -eq 'user' -and $_.Name -eq $Username }

if ($existing -eq $null) {

    Write-Host "Creating new local user $Username."
    & NET USER $Username $Password /add /y /expires:never
    
    Write-Host "Adding local user $Username to $group."
    & NET LOCALGROUP $group $Username /add

}
else {
    Write-Host "Setting password for existing local user $Username."
    $existing.SetPassword($Password)
}

Write-Host "Ensuring password for $Username never expires."
& WMIC USERACCOUNT WHERE "Name='$Username'" SET PasswordExpires=FALSE

 

 

[Paul]

Thanks for sharing this, this would be even more awesome when we will support script variables to be entered at runtime.

-Paul

[Tarsinion]

On 5.4.2017 at 6:11 AM, andy0609 said:

I use this when I am onboarding a new client. Computers have been there and most people don't know/have their own admin password

 

Very handy - thanks for sharing!

[dpbklyn]

On 4/5/2017 at 3:33 AM, Paul said:

Thanks for sharing this, this would be even more awesome when we will support script variables to be entered at runtime.

-Paul

Is this available yet?

[Indy Tech Advisor]

On 4/5/2017 at 12:11 AM, andy0609 said:

I use this when I am onboarding a new client. Computers have been there and most people don't know/have their own admin password

 

Thanks for this. I can see it coming in handy. I'll definitely be bookmarking this page. 

[awestwood]

On 4/4/2017 at 9:11 PM, andy0609 said:

I use this when I am onboarding a new client. Computers have been there and most people don't know/have their own admin password

 

I am trying to use this script, but I keep getting the error

"Where-Object : Cannot process command because of one or more missing mandatory parameters: FilterScript. At C:\Program Files\Pulseway\automation_dc45fa75_cbe2_4a45_bfb5_18a9f9945795.ps 1:16 char:4 + } ? <<<< + CategoryInfo : InvalidArgument: (:) [Where-Object], ParameterBi ndingException + FullyQualifiedErrorId : MissingMandatoryParameter,Microsoft.PowerShell.C ommands.WhereObjectCommand"

 

Ideas?

[PapaTango79]

Thank you very much! We are just staring out with Pulseway (and MSP for that matter) and put this script to use today. Very handy!

[David-]

Adding one line hides the ID from the user.

$Username = "ID to create"
$Password = "Password for created ID"

$group = "Administrators"

$adsi = [ADSI]"WinNT://$env:COMPUTERNAME"
$existing = $adsi.Children | where {$_.SchemaClassName -eq 'user' -and $_.Name -eq $Username }

if ($existing -eq $null) {

    Write-Host "Creating new local user $Username."
    & NET USER $Username $Password /add /y /expires:never
    
    Write-Host "Adding local user $Username to $group."
    & NET LOCALGROUP $group $Username /add
    
	New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" -Name $Username -PropertyType DWord -Value 0 -ea SilentlyContinue -wa SilentlyContinue

}
else {
    Write-Host "Setting password for existing local user $Username."
    $existing.SetPassword($Password)
}

Write-Host "Ensuring password for $Username never expires."
& WMIC USERACCOUNT WHERE "Name='$Username'" SET PasswordExpires=FALSE

exit 0;

I have not used created ID to run scripts. Wanted to give back, if I didn't post this now I would never post it.

I am new to scripting with pulseway. Does Write-Host go somewhere meaningful, or is this just also a script you manually run?

Thanks for the ID creation with  error checking!

[kappnet]

This works perfect, almost...I have an encoding problem...
I am on a swedish OS and the name of the administrators group is "Administratörer".
How do I get that ö over to the machine instead of a Çô or whatever gets in to that powershell session.

Best regards
Mike 

Edited February 10, 2020 by kappnet

[Paul]

Thanks Mike for your report. We'll look into the problem and get back with updates.

-Paul

[kappnet]

Hello,

Any updates on this?

:-) Mike

[eDecisions]

sure seems like way too much code for this project, I do this as a bath script not power shell.

net user localpcadmin Password /add
net localgroup administrators localpcadmin /add
net localgroup administrators administrator /add
net localgroup administrators "domain admins" /add
net localgroup "Power Users" "domain users" /add

[AC_Martin_J]

On 2/8/2020 at 10:03 PM, kappnet said:

This works perfect, almost...I have an encoding problem...
I am on a swedish OS and the name of the administrators group is "Administratörer".
How do I get that ö over to the machine instead of a Çô or whatever gets in to that powershell session.

Best regards
Mike 

 

Unfortunately, Pulseway doesn't support Swedish characters within scripts at this point in time (I'd love to see that in the future though). However there's a way around it.. You can use ASCII-code instead of letters. I did this with a script recently in order to create a scheduled task, and it's working fine.  

 

Replace the following: 

$group = "Administrators"

 

With:

$group = [char]065+[char]100+[char]109+[char]105+[char]110+[char]105+[char]115+[char]116+[char]114+[char]097+[char]116+[char]246+[char]114+[char]101+[char]114

(The ASCII code above says Administratörer. Please note that putting the code within quotation marks will store the ASCII-code itself, which we don't want in this case)

Edited June 15, 2020 by AC_Martin_J

[kappnet]

Nice!
Thanks a lot!

:-)