-
Notifications
You must be signed in to change notification settings - Fork 59
/
Copy pathCreate-LocalAdminAccount.ps1
114 lines (86 loc) · 2.97 KB
/
Create-LocalAdminAccount.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
#requires -version 2
<#
.SYNOPSIS
Create a local admin user, with local admin group adaptation
.DESCRIPTION
Create a local admin user, with local admin group adaptation
.INPUTS
<None>
.OUTPUTS
<None>
.NOTES
Version: 0.1
Author: ALBERT Jean-Marc
Creation Date: 08/04/2016 (DD/MM/YYYY)
Purpose/Change: 1.0 - 2016.04.08 - ALBERT Jean-Marc - Initial script development
.SOURCES
<None>
.EXAMPLE
<None>
#>
#---------------------------------------------------------[Initialisations]--------------------------------------------------------
Set-StrictMode -version Latest
#Set Error Action to Silently Continue
$ErrorActionPreference = "SilentlyContinue"
#----------------------------------------------------------[Declarations]----------------------------------------------------------
$scriptVersion = "0.1"
$userName = "test"
$password = "P@ssw0rd!!"
$description = 'TYPE_A_DESCRIPTION'
$computer = $Env:COMPUTERNAME
#-----------------------------------------------------------[Functions]------------------------------------------------------------
function LocalGroupExist ($groupName) {
return [ADSI]::Exists("WinNT://$Env:COMPUTERNAME/$groupName,group")
}
function LocalUserExist ($userName) {
# Local user account creation:
$colUsers = ($Computer.psbase.children | Where-Object {$_.psBase.schemaClassName -eq "User"} | Select-Object -expand Name)
$userFound = $colUsers -contains $userName
return $userFound
}
function CreateLocalUser ($userName,$password) {
$userExist = LocalUserExist($userName)
if($userExist -eq $false)
{
$User = $Computer.Create("User", $userName)
$User.SetPassword($password)
$User.SetInfo()
$User.FullName = $userName
$User.SetInfo()
$user.description = $description
$user.SetInfo()
$User.UserFlags = 64 + 65536 # ADS_UF_PASSWD_CANT_CHANGE + ADS_UF_DONT_EXPIRE_PASSWD
$User.SetInfo()
}
else {
"User : $userName already exist."
}
}
function AddUserToGroup ($groupName, $userName) {
$group = [ADSI]"WinNT://$Env:COMPUTERNAME/$groupName"
$user = [ADSI]"WinNT://$Env:COMPUTERNAME/$userName"
$memberExist = CheckGroupMember $groupName $userName
if($memberExist -eq $false)
{
$group = [ADSI]"WinNT://$Env:COMPUTERNAME/$groupName"
$user = [ADSI]"WinNT://$Env:COMPUTERNAME/$userName"
$group.Add($user.Path)
}
}
#----------------------------------------------------------[Execution]----------------------------------------------------------
#Get local admin group
$LocalAdminGroup = (get-wmiobject win32_group | Where-Object {$_.Name -Like "Administr*"}).Name
#Create $userName local account
CreateLocalUser $userName $password
#Check $userName local account creation
$IsAccountExist = LocalUserExist($userName)
if($IsAccountExist -eq $true)
{
"$userName now exist"
}
else
{
"/!\ Error: $userName don't exist /!\"
}
#Add $userName local account to local admin group
AddUserToGroup $LocalAdminGroup