-
-
Save ducas/3a65704a3b92dfa0301e to your computer and use it in GitHub Desktop.
$Username = "su" | |
$Password = "password" | |
$group = "Administrators" | |
$adsi = [ADSI]"WinNT://$env:COMPUTERNAME" | |
$existing = $adsi.Children | where {$_.SchemaClassName -eq 'user' -and $_.Name -eq $Username } | |
if ($existing -eq $null) { | |
Write-Host "Creating new local user $Username." | |
& NET USER $Username $Password /add /y /expires:never | |
Write-Host "Adding local user $Username to $group." | |
& NET LOCALGROUP $group $Username /add | |
} | |
else { | |
Write-Host "Setting password for existing local user $Username." | |
$existing.SetPassword($Password) | |
} | |
Write-Host "Ensuring password for $Username never expires." | |
& WMIC USERACCOUNT WHERE "Name='$Username'" SET PasswordExpires=FALSE |
New-LocalUser -AccountNeverExpires:$true -Password ( ConvertTo-SecureString -AsPlainText -Force 'somepassword') -Name ' someuser' | Add-LocalGroupMember -Group administrators
This is far simpler and easier to understand.
When we excute this powershell in Intune, we receive acces denied error. Anyone an idee how to run this script with admin rights in intune?
@dalexander101
You probably don't need help anymore, but specifying to only update the local account worked for me.
WMIC USERACCOUNT WHERE "Domain='$env:ComputerName'AND Name='$usr'" SET PasswordExpires=FALSE
thanks a lot it working perfectly,, I want to run this to remote servers with around 200 machines, can you please let me know how and where need to change.
clean and simple, appreciate you sharing!
lets just hope you do not deploy that script to the clients rather than remote-execute it, since the password is in the script.
There are methods to encrypt it in a script.
Thank You.
Works like a charm.
You need rights of administrator to run this script, if you want do this from "run as power shell script". You can modify it with rights:
ipconfig|out-null;[Console]::outputEncoding =[System.Text.Encoding]::GetEncoding('cp866') $IsElevated=$false foreach ($sid in [Security.Principal.WindowsIdentity]::GetCurrent().Groups) { if ($sid.Translate([Security.Principal.SecurityIdentifier]).IsWellKnown([Security.Principal.WellKnownSidType]::BuiltinAdministratorsSid)) { $IsElevated=$true } } if (-not $IsElevated) { Start-Process "$psHome\powershell.exe" -Verb Runas -ArgumentList ("-command cd $pwd; " + $MyInvocation.Line) exit }