Posted February 13, 20214 yr I am looking fo a script that I can deploy where Pulseway can check to see if a specific local admin account has been created. If not have it create it. With that local admin account, there is a rotating password, which is recorded in a report per computer.
February 24, 20214 yr Kyle, It's not Pulseway, but have a look at LAPS from Microsoft. If you have an AD Environment, it works a treat, and meets the requirement of recording password "relatively" securely, and allows for password rotation.Â
March 15, 20214 yr So here is a script that I use and just set it up on a schedule. What it does is create a local and/or domain account with the specified user name and password. I can run it manually, on an individual system basis or through a workflow.  The only minor drawback is that the password is listed in plain text. But my justification for this is that anyone internal to my organization is going to have access to this anyway. Its not visible to the client or anyone else.  # Inputs $SetPassword = "Password Here" $SetUserName = "User Name Here" $group = "Administrators" $adsi = [ADSI]"WinNT://$env:COMPUTERNAME" $existing = $adsi.Children | where {$_.SchemaClassName -eq 'user' -and $_.Name -eq $SetUsername } if ($existing -eq $null) {   & NET USER $SetUsername $SetPassword /add /y /expires:never      & NET LOCALGROUP $group $SetUsername /add } else {   $existing.SetPassword($SetPassword) } & WMIC USERACCOUNT WHERE "Name='$SetUsername'" SET PasswordExpires=FALSE
Create an account or sign in to comment