Jump to content

Create local admin account with rotating credentials


Kyle_Sanders

Recommended Posts

I am looking fo a script that I can deploy where Pulseway can check to see if a specific local admin account has been created.  If not have it create it.  With that local admin account, there is a rotating password, which is recorded in a report per computer.

Link to comment
Share on other sites

  • 2 weeks later...
  • 3 weeks later...

So here is a script that I use and just set it up on a schedule.  What it does is create a local and/or domain account with the specified user name and password.  I can run it manually, on an individual system basis or through a workflow.   The only minor drawback is that the password is listed in plain text.  But my justification for this is that anyone internal to my organization is going to have access to this anyway.  Its not visible to the client or anyone else.

 

# Inputs
$SetPassword = "Password Here"
$SetUserName = "User Name Here"
$group = "Administrators"

$adsi = [ADSI]"WinNT://$env:COMPUTERNAME"
$existing = $adsi.Children | where {$_.SchemaClassName -eq 'user' -and $_.Name -eq $SetUsername }

if ($existing -eq $null) {

    & NET USER $SetUsername $SetPassword /add /y /expires:never
    
    & NET LOCALGROUP $group $SetUsername /add

}
else {
    $existing.SetPassword($SetPassword)
}

& WMIC USERACCOUNT WHERE "Name='$SetUsername'" SET PasswordExpires=FALSE

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...