This repository has been archived by the owner on Apr 17, 2024. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #64 from microsoft/AdamGrossTX/1be441e5-13f3-4b69-…
…a43f-10b89ef496a7 Pull request with type [CREATE] for user [AdamGrossTX] and object type [Script] - titled [Enable or Disable Local Administrator Account]
- Loading branch information
Showing
1 changed file
with
64 additions
and
0 deletions.
There are no files selected for viewing
64 changes: 64 additions & 0 deletions
64
objects/Script/Enable or Disable Local Administrator Account.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
<# | ||
.SYNOPSIS | ||
Enables the built-in local Administrator account | ||
.DESCRIPTION | ||
Enables the built-in local Administrator account | ||
.PARAMETER Enable | ||
Set to True to Enable the account | ||
Set to False to Disable the account | ||
.NOTES | ||
Author: Adam Gross | ||
Website: https://www.ASquareDozen.com | ||
GitHub: https://www.github.com/AdamGrossTX | ||
Twitter: https://www.twitter.com/AdamGrossTX | ||
Using NET commands instead | ||
net user Administrator /ACTIVE:YES | ||
net user Administrator P@ssw0rd | ||
Removing the option to set the password here since the env uses LAPS and password parameter is passed in plain text and will show in the client logs. | ||
#> | ||
Param ( | ||
[Parameter(Mandatory=$true)] | ||
[ValidateSet("True","False")] | ||
[string]$Enable | ||
#,[string]$Password = "P@ssw0rd" | ||
) | ||
|
||
Try { | ||
$LocalAdminSIDSearchString = "S-1-5-21-*-500" | ||
|
||
$Account = Get-LocalUser | Where-Object {$_.SID -like $LocalAdminSIDSearchString} | ||
$Return = @() | ||
If($Account) { | ||
|
||
If($Enable -eq "True") { | ||
If(-not $Account.Enabled) { | ||
$Account | Enable-LocalUser | ||
$Return += "Account Enabled" | ||
} | ||
Else { | ||
$Return += "Account Already Enabled" | ||
} | ||
} | ||
Else { | ||
If($Account.Enabled) { | ||
$Account | Disable-LocalUser | ||
$Return += "Account Disabled" | ||
} | ||
Else { | ||
$Return += "Account Already Diabled" | ||
} | ||
} | ||
<#If($Password) { | ||
$SecurePassword = ConvertTo-SecureString -String $Password -AsPlainText -Force | ||
$Account | Set-LocalUser -Password $SecurePassword | ||
$Return += "Password Reset" | ||
}#> | ||
} | ||
$Return | ||
} | ||
Catch { | ||
Return $Error[0] | ||
} | ||
|