CreateAdminUser/CreateAdminUser.ps1 at main · meest92/CreateAdminUser · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
<#
.SYNOPSIS
  Create local user account
.DESCRIPTION
  Creates a local user account on de computer and disable the rest of local users. Requires RunAs permissions to run.
.OUTPUTS
  none
.NOTES
  Version:        1.0
  Author:         Meest
  Creation Date:  05 october 2022
  Purpose/Change: Initial script development
#>

$user='Adminacc' # Username that you want to create
$localuserpwd = ConvertTo-SecureString "MyPassword" -AsPlainText -Force # Password that you what to have the user
$logFile = "c:\%HOMEPATH%\Desktop\log.txt" # Log Path, if you don'to want logFile you can't comment this line

Function Write-Log {
  param(
      [Parameter(Mandatory = $true)][string] $message,
      [Parameter(Mandatory = $false)]
      [ValidateSet("INFO","WARN","ERROR")]
      [string] $level = "INFO"
  )
  # Create timestamp
  $timestamp = (Get-Date).toString("yyyy/MM/dd HH:mm:ss")
  # Append content to log file
  Add-Content -Path $logFile -Value "$timestamp [$level] - $message"
}

Function CreateLocalUser {
    process {
      try {
        # Create new user with default password and password never expires as policy
        New-LocalUser -Name $user -Password $localuserpwd -FullName $user -PasswordNeverExpires -ErrorAction stop
        Write-Log -message "$user local user created"
        # Add new user to administrator group
        Add-LocalGroupMember -Group Administradores -Member $user -ErrorAction stop
        Write-Log -message "$user added to the local users group"
      }catch{
        Write-log -message "Creating local account failed" -level "ERROR"
      }
    }
}

Function Disable-LocalUsers {
process {
      try {
        # Disable all users exept our user local admin
        Get-WmiObject -ComputerName $env:computername -Class Win32_UserAccount -Filter "LocalAccount='True' and Disabled='False' and Name!='$user'"| Disable-LocalUser -ErrorAction stop
        Write-Log -message "All users disabled"
      }catch{
        Write-log -message "Error disabling users" -level "ERROR"
      }
    }
}


if ( ! (Get-WmiObject -ComputerName $env:computername -Class Win32_UserAccount -Filter "Name='$user'")){
        Write-Log -message "#########"
        Write-Log -message "$env:COMPUTERNAME - Create local user account"
        CreateLocalUser
        Write-Log -message "#########"
        Write-Log -message "$env:COMPUTERNAME - Disable All Localusers"
        Disable-LocalUsers
    }else{
        Write-Log -message "#########"
        Write-Log -message "$env:COMPUTERNAME - Disable All Localusers"
        Disable-LocalUsers
    }