Jump to content
andy0609

Create a local admin account

Recommended Posts

I use this when I am onboarding a new client. Computers have been there and most people don't know/have their own admin password

Quote

 

$Username = "ADMIN-USERNAME-HERE"
$Password = "ADMIN-PASSWORD-HERE"

$group = "Administrators"

$adsi = [ADSI]"WinNT://$env:COMPUTERNAME"
$existing = $adsi.Children | where {$_.SchemaClassName -eq 'user' -and $_.Name -eq $Username }

if ($existing -eq $null) {

    Write-Host "Creating new local user $Username."
    & NET USER $Username $Password /add /y /expires:never
    
    Write-Host "Adding local user $Username to $group."
    & NET LOCALGROUP $group $Username /add

}
else {
    Write-Host "Setting password for existing local user $Username."
    $existing.SetPassword($Password)
}

Write-Host "Ensuring password for $Username never expires."
& WMIC USERACCOUNT WHERE "Name='$Username'" SET PasswordExpires=FALSE

 

 

Share this post


Link to post
Share on other sites

Thanks for sharing this, this would be even more awesome when we will support script variables to be entered at runtime.

-Paul

Share this post


Link to post
Share on other sites
On 5.4.2017 at 6:11 AM, andy0609 said:

I use this when I am onboarding a new client. Computers have been there and most people don't know/have their own admin password

 

Very handy - thanks for sharing!

Share this post


Link to post
Share on other sites
On 4/5/2017 at 3:33 AM, Paul said:

Thanks for sharing this, this would be even more awesome when we will support script variables to be entered at runtime.

-Paul

Is this available yet?

Share this post


Link to post
Share on other sites
On 4/5/2017 at 12:11 AM, andy0609 said:

I use this when I am onboarding a new client. Computers have been there and most people don't know/have their own admin password

 

Thanks for this. I can see it coming in handy. I'll definitely be bookmarking this page. 

Share this post


Link to post
Share on other sites
On 4/4/2017 at 9:11 PM, andy0609 said:

I use this when I am onboarding a new client. Computers have been there and most people don't know/have their own admin password

 

I am trying to use this script, but I keep getting the error

"Where-Object : Cannot process command because of one or more missing mandatory parameters: FilterScript. At C:\Program Files\Pulseway\automation_dc45fa75_cbe2_4a45_bfb5_18a9f9945795.ps 1:16 char:4 + } ? <<<< + CategoryInfo : InvalidArgument: (:) [Where-Object], ParameterBi ndingException + FullyQualifiedErrorId : MissingMandatoryParameter,Microsoft.PowerShell.C ommands.WhereObjectCommand"

 

Ideas?

Share this post


Link to post
Share on other sites

Adding one line hides the ID from the user.

$Username = "ID to create"
$Password = "Password for created ID"

$group = "Administrators"

$adsi = [ADSI]"WinNT://$env:COMPUTERNAME"
$existing = $adsi.Children | where {$_.SchemaClassName -eq 'user' -and $_.Name -eq $Username }

if ($existing -eq $null) {

    Write-Host "Creating new local user $Username."
    & NET USER $Username $Password /add /y /expires:never
    
    Write-Host "Adding local user $Username to $group."
    & NET LOCALGROUP $group $Username /add
    
	New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" -Name $Username -PropertyType DWord -Value 0 -ea SilentlyContinue -wa SilentlyContinue

}
else {
    Write-Host "Setting password for existing local user $Username."
    $existing.SetPassword($Password)
}

Write-Host "Ensuring password for $Username never expires."
& WMIC USERACCOUNT WHERE "Name='$Username'" SET PasswordExpires=FALSE

exit 0;

I have not used created ID to run scripts. Wanted to give back, if I didn't post this now I would never post it.

I am new to scripting with pulseway. Does Write-Host go somewhere meaningful, or is this just also a script you manually run?

Thanks for the ID creation with  error checking!

Share this post


Link to post
Share on other sites


This works perfect, almost...I have an encoding problem...
I am on a swedish OS and the name of the administrators group is "Administratörer".
How do I get that ö over to the machine instead of a Çô or whatever gets in to that powershell session.

Best regards
Mike :)

2020-02-08@21_54_59.png

Edited by kappnet

Share this post


Link to post
Share on other sites

sure seems like way too much code for this project, I do this as a bath script not power shell.

net user localpcadmin Password /add
net localgroup administrators localpcadmin /add
net localgroup administrators administrator /add
net localgroup administrators "domain admins" /add
net localgroup "Power Users" "domain users" /add

Share this post


Link to post
Share on other sites
Posted (edited)
On 2/8/2020 at 10:03 PM, kappnet said:


This works perfect, almost...I have an encoding problem...
I am on a swedish OS and the name of the administrators group is "Administratörer".
How do I get that ö over to the machine instead of a Çô or whatever gets in to that powershell session.

Best regards
Mike :)

2020-02-08@21_54_59.png

 

Unfortunately, Pulseway doesn't support Swedish characters within scripts at this point in time (I'd love to see that in the future though). However there's a way around it.. You can use ASCII-code instead of letters. I did this with a script recently in order to create a scheduled task, and it's working fine.  

 

Replace the following: 

$group = "Administrators"

 

With:

$group = [char]065+[char]100+[char]109+[char]105+[char]110+[char]105+[char]115+[char]116+[char]114+[char]097+[char]116+[char]246+[char]114+[char]101+[char]114

(The ASCII code above says Administratörer. Please note that putting the code within quotation marks will store the ASCII-code itself, which we don't want in this case)

Edited by AC_Martin_J

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...