Required Files: None
Add local administrative account to PC, and attempts to hide it from the logon screen.
If you create an Asset Custom Field called “LocalAdminAccount” and the script will populate the field with the username chosen!
Import-Module $env:SyncroModule $Username = "AdminUserName-CHANGEME" $Password = "AdminPassword-CHANGEME" $SubDomain = "YOURSYNCROSUBDOMAIN" $group = "Administrators" $KeyPath = "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" $adsi = [ADSI]"WinNT://$env:COMPUTERNAME" $existing = $adsi.Children | where {$_.SchemaClassName -eq 'user' -and $_.Name -eq $Username } if ($existing -eq $null) { Write-Host "Creating new local user $Username." & NET USER $Username $Password /add /y /expires:never Write-Host "Adding local user $Username to $group." & NET LOCALGROUP $group $Username /add Rmm-Alert -Category 'Automation' -Body 'Local Admin Account Added' Set-Asset-Field -Subdomain $SubDomain -Name "LocalAdminAccount" -Value $UserName } else { Write-Host "Setting password for existing local user $Username." $existing.SetPassword($Password) } Write-Host "Ensuring password for $Username never expires." & WMIC USERACCOUNT WHERE "Name='$Username'" SET PasswordExpires=FALSE New-Item -Path "$KeyPath" -Name SpecialAccounts | Out-Null New-Item -Path "$KeyPath\SpecialAccounts" -Name UserList | Out-Null New-ItemProperty -Path "$KeyPath\SpecialAccounts\UserList" -Name $Username -Value 0 -PropertyType DWord | Out-Null |