Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Create a local administrator account using PowerShell
$Username = "su"
$Password = "password"
$group = "Administrators"
$adsi = [ADSI]"WinNT://$env:COMPUTERNAME"
$existing = $adsi.Children | where {$_.SchemaClassName -eq 'user' -and $_.Name -eq $Username }
if ($existing -eq $null) {
Write-Host "Creating new local user $Username."
& NET USER $Username $Password /add /y /expires:never
Write-Host "Adding local user $Username to $group."
& NET LOCALGROUP $group $Username /add
}
else {
Write-Host "Setting password for existing local user $Username."
$existing.SetPassword($Password)
}
Write-Host "Ensuring password for $Username never expires."
& WMIC USERACCOUNT WHERE "Name='$Username'" SET PasswordExpires=FALSE
@cepefernando

This comment has been minimized.

Copy link

commented Jul 27, 2017

Nice one, this thing saved me!

@dalexander101

This comment has been minimized.

Copy link

commented Sep 20, 2017

This is the exact script I"m looking for, but the last line isn't working for me.
Error message WMIC USERACCOUNT WHERE "Name='$Username'" SET PasswordExpires=FALSE
No Instance(s) Available.
I would really appreciate some help with this It would save me some time creating this account for multiply computers.

Thanks,

@UnderTheGun

This comment has been minimized.

Copy link

commented Oct 19, 2017

If the value specified for $username also matches a domain account, this script will attempt to modify properties (both the password and the expiration bit) on both the local and domain accounts. I didn't see an obvious way to prevent this, though I'm sure there is one.

@jorgeLuizChaves

This comment has been minimized.

Copy link

commented Jan 19, 2018

Nice man! Thanks for sharing it. You saved me a lot time. Thx.

@layer4down

This comment has been minimized.

Copy link

commented Feb 15, 2018

Just modify $Username and $Password values, works like a charm!

@tarpanpathak

This comment has been minimized.

Copy link

commented Mar 29, 2018

Thx @ducas. Quick question: https://gist.github.com/ducas/3a65704a3b92dfa0301e#file-create-administrator-ps1-L24 is taking approximately 10 seconds to return. Are you seeing the same behavior? If not, any thoughts on why this is taking so long?

@GitTune

This comment has been minimized.

Copy link

commented May 2, 2018

Thanks!

I would suggest you use a single quote for the password, like this: 'password'. If your password contains special characters, the password is not set properly.

@PicasoFloyd

This comment has been minimized.

Copy link

commented Jun 8, 2018

Hi , thanks is very ""útil" ...jajajaj BR.

@4c74356b41

This comment has been minimized.

Copy link

commented Jun 20, 2018

probably easier to use proper way of doing this:

New-LocalUser -AccountNeverExpires:$true -Password ( ConvertTo-SecureString -AsPlainText -Force 'somepassword') -Name '
someuser' | Add-LocalGroupMember -Group administrators
@Dreamer1cc

This comment has been minimized.

Copy link

commented Jun 22, 2018

You need rights of administrator to run this script, if you want do this from "run as power shell script". You can modify it with rights:

ipconfig|out-null;[Console]::outputEncoding =[System.Text.Encoding]::GetEncoding('cp866') $IsElevated=$false foreach ($sid in [Security.Principal.WindowsIdentity]::GetCurrent().Groups) { if ($sid.Translate([Security.Principal.SecurityIdentifier]).IsWellKnown([Security.Principal.WellKnownSidType]::BuiltinAdministratorsSid)) { $IsElevated=$true } } if (-not $IsElevated) { Start-Process "$psHome\powershell.exe" -Verb Runas -ArgumentList ("-command cd $pwd; " + $MyInvocation.Line) exit }

@chauhan-utk

This comment has been minimized.

Copy link

commented Sep 19, 2018

New-LocalUser -AccountNeverExpires:$true -Password ( ConvertTo-SecureString -AsPlainText -Force 'somepassword') -Name ' someuser' | Add-LocalGroupMember -Group administrators

This is far simpler and easier to understand.

@Albertjanvb

This comment has been minimized.

Copy link

commented Feb 20, 2019

When we excute this powershell in Intune, we receive acces denied error. Anyone an idee how to run this script with admin rights in intune?

@charlesrc19

This comment has been minimized.

Copy link

commented Mar 28, 2019

@dalexander101
You probably don't need help anymore, but specifying to only update the local account worked for me.
WMIC USERACCOUNT WHERE "Domain='$env:ComputerName'AND Name='$usr'" SET PasswordExpires=FALSE

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.