Skip to content

Instantly share code, notes, and snippets.

@ducas
Last active May 22, 2024 09:29
Show Gist options
  • Save ducas/3a65704a3b92dfa0301e to your computer and use it in GitHub Desktop.
Save ducas/3a65704a3b92dfa0301e to your computer and use it in GitHub Desktop.
Create a local administrator account using PowerShell
$Username = "su"
$Password = "password"
$group = "Administrators"
$adsi = [ADSI]"WinNT://$env:COMPUTERNAME"
$existing = $adsi.Children | where {$_.SchemaClassName -eq 'user' -and $_.Name -eq $Username }
if ($existing -eq $null) {
Write-Host "Creating new local user $Username."
& NET USER $Username $Password /add /y /expires:never
Write-Host "Adding local user $Username to $group."
& NET LOCALGROUP $group $Username /add
}
else {
Write-Host "Setting password for existing local user $Username."
$existing.SetPassword($Password)
}
Write-Host "Ensuring password for $Username never expires."
& WMIC USERACCOUNT WHERE "Name='$Username'" SET PasswordExpires=FALSE
@4c74356b41
Copy link

4c74356b41 commented Jun 20, 2018

probably easier to use proper way of doing this:

New-LocalUser -AccountNeverExpires:$true -Password ( ConvertTo-SecureString -AsPlainText -Force 'somepassword') -Name '
someuser' | Add-LocalGroupMember -Group administrators

@Dreamer1cc
Copy link

You need rights of administrator to run this script, if you want do this from "run as power shell script". You can modify it with rights:

ipconfig|out-null;[Console]::outputEncoding =[System.Text.Encoding]::GetEncoding('cp866') $IsElevated=$false foreach ($sid in [Security.Principal.WindowsIdentity]::GetCurrent().Groups) { if ($sid.Translate([Security.Principal.SecurityIdentifier]).IsWellKnown([Security.Principal.WellKnownSidType]::BuiltinAdministratorsSid)) { $IsElevated=$true } } if (-not $IsElevated) { Start-Process "$psHome\powershell.exe" -Verb Runas -ArgumentList ("-command cd $pwd; " + $MyInvocation.Line) exit }

@chauhan-utk
Copy link

New-LocalUser -AccountNeverExpires:$true -Password ( ConvertTo-SecureString -AsPlainText -Force 'somepassword') -Name ' someuser' | Add-LocalGroupMember -Group administrators

This is far simpler and easier to understand.

@Albertjanvb
Copy link

When we excute this powershell in Intune, we receive acces denied error. Anyone an idee how to run this script with admin rights in intune?

@charlesrc019
Copy link

@dalexander101
You probably don't need help anymore, but specifying to only update the local account worked for me.
WMIC USERACCOUNT WHERE "Domain='$env:ComputerName'AND Name='$usr'" SET PasswordExpires=FALSE

@Charasala
Copy link

thanks a lot it working perfectly,, I want to run this to remote servers with around 200 machines, can you please let me know how and where need to change.

@softtears
Copy link

clean and simple, appreciate you sharing!

@HorNet505
Copy link

lets just hope you do not deploy that script to the clients rather than remote-execute it, since the password is in the script.
There are methods to encrypt it in a script.

@alexdotdev
Copy link

Thank You.
Works like a charm.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment