Skip to content

Instantly share code, notes, and snippets.

@ducas
Last active May 22, 2024 09:29
Show Gist options
  • Save ducas/3a65704a3b92dfa0301e to your computer and use it in GitHub Desktop.
Save ducas/3a65704a3b92dfa0301e to your computer and use it in GitHub Desktop.
Create a local administrator account using PowerShell
$Username = "su"
$Password = "password"
$group = "Administrators"
$adsi = [ADSI]"WinNT://$env:COMPUTERNAME"
$existing = $adsi.Children | where {$_.SchemaClassName -eq 'user' -and $_.Name -eq $Username }
if ($existing -eq $null) {
Write-Host "Creating new local user $Username."
& NET USER $Username $Password /add /y /expires:never
Write-Host "Adding local user $Username to $group."
& NET LOCALGROUP $group $Username /add
}
else {
Write-Host "Setting password for existing local user $Username."
$existing.SetPassword($Password)
}
Write-Host "Ensuring password for $Username never expires."
& WMIC USERACCOUNT WHERE "Name='$Username'" SET PasswordExpires=FALSE
@Albertjanvb
Copy link

When we excute this powershell in Intune, we receive acces denied error. Anyone an idee how to run this script with admin rights in intune?

@charlesrc019
Copy link

@dalexander101
You probably don't need help anymore, but specifying to only update the local account worked for me.
WMIC USERACCOUNT WHERE "Domain='$env:ComputerName'AND Name='$usr'" SET PasswordExpires=FALSE

@Charasala
Copy link

thanks a lot it working perfectly,, I want to run this to remote servers with around 200 machines, can you please let me know how and where need to change.

@softtears
Copy link

clean and simple, appreciate you sharing!

@HorNet505
Copy link

lets just hope you do not deploy that script to the clients rather than remote-execute it, since the password is in the script.
There are methods to encrypt it in a script.

@alexdotdev
Copy link

Thank You.
Works like a charm.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment