-
-
Save ducas/3a65704a3b92dfa0301e to your computer and use it in GitHub Desktop.
| $Username = "su" | |
| $Password = "password" | |
| $group = "Administrators" | |
| $adsi = [ADSI]"WinNT://$env:COMPUTERNAME" | |
| $existing = $adsi.Children | where {$_.SchemaClassName -eq 'user' -and $_.Name -eq $Username } | |
| if ($existing -eq $null) { | |
| Write-Host "Creating new local user $Username." | |
| & NET USER $Username $Password /add /y /expires:never | |
| Write-Host "Adding local user $Username to $group." | |
| & NET LOCALGROUP $group $Username /add | |
| } | |
| else { | |
| Write-Host "Setting password for existing local user $Username." | |
| $existing.SetPassword($Password) | |
| } | |
| Write-Host "Ensuring password for $Username never expires." | |
| & WMIC USERACCOUNT WHERE "Name='$Username'" SET PasswordExpires=FALSE |
Thx @ducas. Quick question: https://gist.github.com/ducas/3a65704a3b92dfa0301e#file-create-administrator-ps1-L24 is taking approximately 10 seconds to return. Are you seeing the same behavior? If not, any thoughts on why this is taking so long?
Thanks!
I would suggest you use a single quote for the password, like this: 'password'. If your password contains special characters, the password is not set properly.
Hi , thanks is very ""útil" ...jajajaj BR.
probably easier to use proper way of doing this:
New-LocalUser -AccountNeverExpires:$true -Password ( ConvertTo-SecureString -AsPlainText -Force 'somepassword') -Name '
someuser' | Add-LocalGroupMember -Group administrators
You need rights of administrator to run this script, if you want do this from "run as power shell script". You can modify it with rights:
ipconfig|out-null;[Console]::outputEncoding =[System.Text.Encoding]::GetEncoding('cp866') $IsElevated=$false foreach ($sid in [Security.Principal.WindowsIdentity]::GetCurrent().Groups) { if ($sid.Translate([Security.Principal.SecurityIdentifier]).IsWellKnown([Security.Principal.WellKnownSidType]::BuiltinAdministratorsSid)) { $IsElevated=$true } } if (-not $IsElevated) { Start-Process "$psHome\powershell.exe" -Verb Runas -ArgumentList ("-command cd $pwd; " + $MyInvocation.Line) exit }
New-LocalUser -AccountNeverExpires:$true -Password ( ConvertTo-SecureString -AsPlainText -Force 'somepassword') -Name ' someuser' | Add-LocalGroupMember -Group administrators
This is far simpler and easier to understand.
When we excute this powershell in Intune, we receive acces denied error. Anyone an idee how to run this script with admin rights in intune?
@dalexander101
You probably don't need help anymore, but specifying to only update the local account worked for me.
WMIC USERACCOUNT WHERE "Domain='$env:ComputerName'AND Name='$usr'" SET PasswordExpires=FALSE
thanks a lot it working perfectly,, I want to run this to remote servers with around 200 machines, can you please let me know how and where need to change.
clean and simple, appreciate you sharing!
lets just hope you do not deploy that script to the clients rather than remote-execute it, since the password is in the script.
There are methods to encrypt it in a script.
Thank You.
Works like a charm.
Just modify $Username and $Password values, works like a charm!