This script can be used to generate a new local administrator account on remote computers (Yes, you have to run it with an account that already ha
This script can be used to generate a new local administrator account on remote computers (Yes, you have to run it with an account that already has administrator rights on the remote systems.) Edit the variables to suit your environment.
#Define variables
$computers = Get-Content C:\scripts\Computers1.txt
$username = “Administrator_Account_Name”
$password = “Password_to_use”
$fullname = “Local Administrator”
$local_security_group = “Administrators”
$description = “Description”
Foreach ($computer in $computers) {
$users = $null
$comp = [ADSI]”WinNT://$computer”
#Check if username exists
Try {
$users = $comp.psbase.children | select -expand name
if ($users -like $username) {
Write-Host “$username already exists on $computer”
} else {
#Create the account
$user = $comp.Create(“User”,”$username”)
$user.SetPassword(“$password”)
$user.Put(“Description”,”$description”)
$user.Put(“Fullname”,”$fullname”)
$user.SetInfo()
#Set password to never expire
#And set user cannot change password
$ADS_UF_DONT_EXPIRE_PASSWD = 0x10000
$ADS_UF_PASSWD_CANT_CHANGE = 0x40
$user.userflags = $ADS_UF_DONT_EXPIRE_PASSWD + $ADS_UF_PASSWD_CANT_CHANGE
$user.SetInfo()
#Add the account to the local admins group
$group = [ADSI]”WinNT://$computer/$local_security_group,group”
$group.add(“WinNT://$computer/$username”)
#Validate whether user account has been created or not
$users = $comp.psbase.children | select -expand name
if ($users -like $username) {
Write-Host “$username has been created on $computer”
} else {
Write-Host “$username has not been created on $computer”
}
}
}
Catch {
Write-Host “Error creating $username on $($computer.path): $($Error[0].Exception.Message)”
}
}
Post Views: 5,405
COMMENTS