Select Page

Required Files: None


Add local administrative account to PC, and attempts to hide it from the logon screen.
If you create an Asset Custom Field called “LocalAdminAccount” and the script will populate the field with the username chosen!


 

Import-Module $env:SyncroModule
$Username = "AdminUserName-CHANGEME"
$Password = "AdminPassword-CHANGEME"
$SubDomain = "YOURSYNCROSUBDOMAIN"
 
$group = "Administrators"
$KeyPath = "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon"
 
$adsi = [ADSI]"WinNT://$env:COMPUTERNAME"
$existing = $adsi.Children | where {$_.SchemaClassName -eq 'user' -and $_.Name -eq $Username }
 
if ($existing -eq $null) {
 
    Write-Host "Creating new local user $Username."
    & NET USER $Username $Password /add /y /expires:never
 
    Write-Host "Adding local user $Username to $group."
    & NET LOCALGROUP $group $Username /add
    Rmm-Alert -Category 'Automation' -Body 'Local Admin Account Added'
    Set-Asset-Field -Subdomain $SubDomain -Name "LocalAdminAccount" -Value $UserName
}
else {
    Write-Host "Setting password for existing local user $Username."
    $existing.SetPassword($Password)
}
 
Write-Host "Ensuring password for $Username never expires."
& WMIC USERACCOUNT WHERE "Name='$Username'" SET PasswordExpires=FALSE
 
New-Item -Path "$KeyPath" -Name SpecialAccounts | Out-Null
New-Item -Path "$KeyPath\SpecialAccounts" -Name UserList | Out-Null
New-ItemProperty -Path "$KeyPath\SpecialAccounts\UserList" -Name $Username -Value 0 -PropertyType DWord | Out-Null