Last active
May 22, 2024 09:29
-
-
Save ducas/3a65704a3b92dfa0301e to your computer and use it in GitHub Desktop.
Create a local administrator account using PowerShell
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$Username = "su" | |
$Password = "password" | |
$group = "Administrators" | |
$adsi = [ADSI]"WinNT://$env:COMPUTERNAME" | |
$existing = $adsi.Children | where {$_.SchemaClassName -eq 'user' -and $_.Name -eq $Username } | |
if ($existing -eq $null) { | |
Write-Host "Creating new local user $Username." | |
& NET USER $Username $Password /add /y /expires:never | |
Write-Host "Adding local user $Username to $group." | |
& NET LOCALGROUP $group $Username /add | |
} | |
else { | |
Write-Host "Setting password for existing local user $Username." | |
$existing.SetPassword($Password) | |
} | |
Write-Host "Ensuring password for $Username never expires." | |
& WMIC USERACCOUNT WHERE "Name='$Username'" SET PasswordExpires=FALSE |
@dalexander101
You probably don't need help anymore, but specifying to only update the local account worked for me.
WMIC USERACCOUNT WHERE "Domain='$env:ComputerName'AND Name='$usr'" SET PasswordExpires=FALSE
thanks a lot it working perfectly,, I want to run this to remote servers with around 200 machines, can you please let me know how and where need to change.
clean and simple, appreciate you sharing!
lets just hope you do not deploy that script to the clients rather than remote-execute it, since the password is in the script.
There are methods to encrypt it in a script.
Thank You.
Works like a charm.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When we excute this powershell in Intune, we receive acces denied error. Anyone an idee how to run this script with admin rights in intune?