How To Create Local Admin
- Home
- Programming
- PowerShell
I am wanting to create script to push out using GPO to create local admin account. I have the following script.
New-LocalUser -AccountNeverExpires:$true -Password ( ConvertTo-SecureString -AsPlainText -Force 'Password123!') -Name 'nwcaluser' | Add-LocalGroupMember -Group administrators
You can set as startup script no need to run as admin it will work
IF (!( Get-LocalUser -Name "nwcaluser" )){ New-LocalUser -AccountNeverExpires : $true -Password ( ConvertTo-SecureString -AsPlainText -Force 'Password123!' ) -Name 'nwcaluser' | Add-LocalGroupMember -Group administrators } else { Add-Content \\ server \ share \ txt . txt -Value "accounts exits in $env:COMPUTERNAME" }
The help desk software for IT. Free.
Track users' IT needs, easily, and with only the features you need.
37 Replies
You can use this to check if Powershell is running as admin:
#Requires -RunAsAdministrator If the console is not elevated, the script will not execute.
I hope that the password in your command isn't the real password.
Instead of scripting local admin accounts, you should use LAPS.
https://www.microsoft.com/en-us/download/details.aspx?id=46899
Yes, I am in the process of implementing LAPS. However, My supervisor doesn't want to use the local built-in admin account. I have tried creating the local admin password through a GPO. However, It seems that is no longer allowed. I am wanting to create another account.
Edited Oct 8, 2019 at 17:34 UTC You can set as startup script no need to run as admin it will work
IF (!( Get-LocalUser -Name "nwcaluser" )){ New-LocalUser -AccountNeverExpires : $true -Password ( ConvertTo-SecureString -AsPlainText -Force 'Password123!' ) -Name 'nwcaluser' | Add-LocalGroupMember -Group administrators } else { Add-Content \\ server \ share \ txt . txt -Value "accounts exits in $env:COMPUTERNAME" }
JitenSh
What does the Add-Content part do?
this will add the value of what is specified you can skip else part if you don't want to
jeffb_ wrote:
JitenSh
What does the Add-Content part do?
Add-Content appends data to a text file. That probably is for logging purposes.
JitenSh
I am getting an error message when i try to run the script. It's stating the user nwcaluser was not found. The nwcaluser account hasn't been created. So how would i change it to create the account?
jeffb_ wrote:
the script is working when testing it. I have setup the GPO. However, It doesn't seem to be working at startup. Do i need to include any script parameters?
Does GPResult.exe /r confirm that the GPO has been applied? Did you check the Powershell logs to see if the script ran?
Evan7191
Yes i have ran gpresult /r. It doesn't appear the GP is being applied. I have the policy linked to the Desktop & Laptops OU. I have security filtering set to Domain Computers.
jeffb_ wrote:
Evan7191
Yes i have ran gpresult /r. It doesn't appear the GP is being applied. I have the policy linked to the Desktop & Laptops OU. I have security filtering set to Domain Computers.
Is the workstation in that OU? Did you run gpupdate /force on the workstation to refresh its group policy?
Yes, The workstation is in those OU. I have ran gpupdate /force on both the server & workstation.
jeffb_ wrote:
Yes, The workstation is in those OU. I have ran gpupdate /force on both the server & workstation.
Do Domain Computers have read access to the GPO on the Delegation tab?
You don't need to run gpupdate /force on the server.
Yes, Domain Computer have read access.
The GPO may need more time to replicate across the domain controllers.
Checked the GP back. I apparently used scripts instead of the powershell script tab. trying it now
Why not?
Why not?jeffb_ wrote:
My supervisor doesn't want to use the local built-in admin account.
made the changes to the GP. ran GPResult.exe /r again on local PC. still doesn't appear the policy is being applied
jeffb_ wrote:
made the changes to the GP. ran GPResult.exe /r again on local PC. still doesn't appear the policy is being applied
Did you run gpupdate /force again? Group policy can take a while to replicate and refresh. With default settings, the cycle usually is about 90 minutes.
jeffb_ wrote:
gotcha. will wait
You can force replication between domain controllers, and you can force the workstation to check for GPO (gpupdate /force). Whether or not you need to force it depends on the size and settings of your environment.
the policy seems to be being applied to the workstations. However, the local admin account isn't showing up.
This topic has been locked by an administrator and is no longer open for commenting.
To continue this discussion, please ask a new question.
How To Create Local Admin
Source: https://community.spiceworks.com/topic/2236229-script-to-create-local-admin-account
Posted by: galelecought.blogspot.com
0 Response to "How To Create Local Admin"
Post a Comment