Technology Blog

Home » Scripting/Automation » Shell Scripting ! – How to create the Local Admin account and Manage others functionality in Windows 2012/2012 R2

Shell Scripting ! – How to create the Local Admin account and Manage others functionality in Windows 2012/2012 R2


 

# Below Script/Logic script is self-explanatory and tested in Windows Server 2008/2008R2/2012/2012R2

# Note: Please don’t run this script directly in production environment and do the proper testing in Lab environment first

# —————————-Script starts from here—————————————————-

# Powershell Script to rename the Local “Administrator” account to Specific account as “Local_Admin”

$Admins = [ADSI](“WinNT://$Env:COMPUTERNAME/Administrator,User”)
$Admins.psbase.rename(“Local_Admin”)

# ——————————————————————————————————–

# Or else other way for doing the same logic by using the below wmic command

wmic useraccount where name=”Administrator” rename Local_Admin

# ——————————————————————————————————–

# Powershell Script to create the Local user account as Administrator…

$UserName=”Administrator”
$Computer = [ADSI]”WinNT://$Env:COMPUTERNAME,Computer”

# ——————————————————————————————————–

# Powershell function to create the local user and set in disabled state…

$User = $Computer.Create(“User”, $USerName)
$User.SetPassword(“Actu@lPassw0rd”)
$User.SetInfo()
$User.FullName = “”
$User.SetInfo()
$User.Put(“Description”, “Local Admin Account”)
$User.SetInfo()
$User.UserFlags = 2 + 65536 # DISABLED_LOCAL_ADMIN + PASSWD_NEVER_EXPIRE
$User.SetInfo()
$Group = [ADSI](“WinNT://$Env:COMPUTERNAME/Users,Group”)
$Group.add(“WinNT://$Env:COMPUTERNAME/$UserName”)
$Group = [ADSI](“WinNT://$Env:COMPUTERNAME/Guests,Group”)
$Group.add(“WinNT://$Env:COMPUTERNAME/$UserName”)
$Group = [ADSI](“WinNT://$Env:COMPUTERNAME/Remote Desktop Users,Group”)
$Group.add(“WinNT://$Env:COMPUTERNAME/$UserName”)

# ————————————————————————————————————

# Powershell Script to reset the “Local_Admin” account password and set as password never expire

$Admin = [ADSI](“WinNT://$Env:COMPUTERNAME/Local_Admin,User”)
$Admin.SetPassword(“Actu@lPassw0rd”)
$Admin.SetInfo()
$Admin.UserFlags = 65536 # PASSWORD_NEVER_EXPIRE
$Admin.SetInfo()

# ——————–Script ends here————————————————————————

# Reference for userFlags has been taken from below MSDN article and it can add more functionality as per your requirement
# http://msdn.microsoft.com/en-us/library/aa772300(VS.85).aspx


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: