Here is the powershell script:
# Version 1.0 - 2016/10/27
###########################################
# Disclaimer
#
# The sample script is provided AS IS without warranty of any kind. The entire risk arising out of the use or performance of the
# sample script and documentation remains with you. In no event shall its authors, or anyone else involved in the creation,
# production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of
# business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or
# inability to use the sample scripts or documentation.
#
# Examples:
# CMDL Args:
# .\AddLocalAdminUser.ps1 (Without parameters is the user "AdmUser" added!)
# .\AddLocalAdminUser.ps1 -UserName "AdminUser1" -UserPassword "1P@ssw3rd"
<# Script History & Comments
Comments:
The script add the user name to the local admin group regardles of the OS language. By default, when no user name is stated,
will be "AdmUser" user name added.
History:
#>
param(
[string]$User = "AdmUser",
[string]$Password = "H3lpMeN0w"
)
#=================================================
# Declaring Functions
#=================================================
#Get the Local Group Name based on SID (Defualt: Administrators)
function Get-GroupBySid {
param(
[string]$GroupNameSid = "S-1-5-32-544"
)
$objSID = New-Object System.Security.Principal.SecurityIdentifier($GroupNameSid)
$objgroup = $objSID.Translate( [System.Security.Principal.NTAccount])
$objgroupname = ($objgroup.Value).Split("\")[1]
return $objgroupname
}
#Add User to the local group
function Set-User {
param(
[string]$Computer = $env:COMPUTERNAME,
[string]$GroupName,
[string]$UserName
)
try {
$de = [ADSI]"WinNT://$computer/$GroupName,group"
$de.Add("WinNT://$computer/$UserName,user")
#$de.psbase.Invoke("Add",([ADSI]"WinNT://$domain/$user").path)
} catch {
write-host "User not added, already exists or not running as Administrator" -ForegroundColor Red
}
}
# Create a new local user
function New-User {
param(
[string]$ComputerName = $env:COMPUTERNAME,
[string]$UserName,
[string]$UserPassword
)
try {
$Computer = [ADSI]"WinNT://$ComputerName,Computer"
$LocalAdmin = $Computer.Create("User", $UserName)
$LocalAdmin.SetPassword($UserPassword)
$LocalAdmin.SetInfo()
$LocalAdmin.FullName = "Local Admin by Powershell"
$LocalAdmin.SetInfo()
# $LocalAdmin.UserFlags = 64 + 65536 # ADS_UF_PASSWD_CANT_CHANGE + ADS_UF_DONT_EXPIRE_PASSWD
#$LocalAdmin.SetInfo()
return $LocalAdmin
} catch {
write-host "Error, User not created: $_.Exception.Message" -ForegroundColor Red
}
}
# Create a new local user
function Remove-User {
param(
[string]$ComputerName = $env:COMPUTERNAME,
[string]$UserName
)
try {
$Computer = [ADSI]"WinNT://$ComputerName,Computer"
$Computer.Delete("User", $UserName)
} catch {
write-host "Error, User not deleted" -ForegroundColor Red
}
}
#=================================================
# Main Script
#=================================================
try {
#Create a new local user
$LocalUser = New-User -UserName $User -UserPassword $Password
#Get the name of the local administrator group
$LocalGroupName = Get-GroupBySid
#Add $LocalUser to the local admin group
Set-User -GroupName $LocalGroupName -UserName $LocalUser.Name
#Get the name of the local Users group
$LocalGroupName = Get-GroupBySid -GroupNameSid "S-1-5-32-545"
#Add $LocalUser to the local Users group
Set-User -GroupName $LocalGroupName -UserName $LocalUser.Name
} catch {
write-host "Error in the main script." -ForegroundColor Red
}