Select Page

Required Files: None

Add local administrative account to PC, and attempts to hide it from the logon screen.
If you create an Asset Custom Field called “LocalAdminAccount” and the script will populate the field with the username chosen!


Import-Module $env:SyncroModule
$Username = "AdminUserName-CHANGEME"
$Password = "AdminPassword-CHANGEME"
$group = "Administrators"
$KeyPath = "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon"
$adsi = [ADSI]"WinNT://$env:COMPUTERNAME"
$existing = $adsi.Children | where {$_.SchemaClassName -eq 'user' -and $_.Name -eq $Username }
if ($existing -eq $null) {
    Write-Host "Creating new local user $Username."
    & NET USER $Username $Password /add /y /expires:never
    Write-Host "Adding local user $Username to $group."
    & NET LOCALGROUP $group $Username /add
    Rmm-Alert -Category 'Automation' -Body 'Local Admin Account Added'
    Set-Asset-Field -Subdomain $SubDomain -Name "LocalAdminAccount" -Value $UserName
else {
    Write-Host "Setting password for existing local user $Username."
Write-Host "Ensuring password for $Username never expires."
& WMIC USERACCOUNT WHERE "Name='$Username'" SET PasswordExpires=FALSE
New-Item -Path "$KeyPath" -Name SpecialAccounts | Out-Null
New-Item -Path "$KeyPath\SpecialAccounts" -Name UserList | Out-Null
New-ItemProperty -Path "$KeyPath\SpecialAccounts\UserList" -Name $Username -Value 0 -PropertyType DWord | Out-Null