[英]Invisible powershell script to create local admin account with secured password
I'm not very familiar with stackoverflow nor with Powershell. 我不熟悉stackoverflow,也不熟悉Powershell。 Sorry for formatting, please let me know how to improve my post for more visibility. 对不起格式化,请告诉我如何改进我的帖子以获得更多可见性。
I've been trying to get an invisible powershell script who will check if the account exists before creating it. 我一直在尝试获取一个隐形的PowerShell脚本,该脚本将在创建帐户之前检查该帐户是否存在。 If the account doesn't exists, then the script would create a local administrator account part of administrator group with a secured password. 如果该帐户不存在,则该脚本将使用安全密码创建管理员组的本地管理员帐户部分。 The account would be forced to change password on next login. 该帐户将在下次登录时被迫更改密码。
I've already tried a couple of things, i'm having 2 separated scripts, one to create the secured password in a .txt file then i'm calling this file into the main script. 我已经尝试了几件事,我有两个独立的脚本,一个用于在.txt文件中创建安全密码,然后我将这个文件调用到主脚本中。
So far the script is not silent (invisible) and the password is not saved. 到目前为止,脚本不是静默的(不可见),并且不保存密码。 The account is indeed created but when I enter the password it says I have an error. 该帐户确实已创建,但当我输入密码时,它表示我有错误。 If I set the password in an unsecured way It would work and ask me to change it on next login. 如果我以不安全的方式设置密码它会工作,并要求我在下次登录时更改它。
Unfortunately, if the account already exists it doesn't quit the script, instead it changes the password. 不幸的是,如果帐户已经存在,它不会退出脚本,而是更改密码。
Password creation: 密码创建:
Read-Host -Prompt "Saisir mot de passe " -AsSecureString | ConvertFrom-SecureString | Out-File C:\\script2\\init.pwd
Main script: 主要脚本:
$Password = cat C:\script2\init.pwd | ConvertTo-SecureString
$group = "Administrators"
$adsi = [ADSI]"WinNT://$env:COMPUTERNAME"
$existing = $adsi.Children | where {$_.SchemaClassName -eq 'user' -and $_.Name -eq $Username }
if ($existing -eq $Username) {
exit
}
else {
NET USER $Username $Password /add /y /expires:never
NET LOCALGROUP $group $Username /add
}
$Username = "su"
$Usrstring = "WinNT://localhost/"+$Username
$usr=[ADSI] $Usrstring
$usr.passwordExpired = 1
$usr.setinfo()
I think you can use the try-catch
method and New-localuser
to do this. 我认为您可以使用try-catch
方法和New-localuser
来执行此操作。
$username = "TestUser"
$Password = cat C:\script2\init.pwd | ConvertTo-SecureString
#Changing this back to what would work for you. I was supplying a plaintext password
#$Password = Read-Host -Prompt "Password" -AsSecureString
try
{
Get-LocalUser -Name $username -ErrorAction Stop
#"User Already exists"
}
catch
{
New-LocalUser -Name $username -Password $Password
Add-LocalGroupMember -Group "Administrators" -Member $username
$usr=[ADSI]"WinNT://localhost/$username"
$usr.passwordExpired = 1
$usr.setinfo()
}
If this is saved as a script say Create-localUser.ps1
you can invoke this from Run
, Task Scheduler
or a logon batch script
using the command 如果将其保存为脚本,请说Create-localUser.ps1
您可以使用命令从Run
, Task Scheduler
或logon batch script
调用此logon batch script
powershell.exe -windowstyle Hidden -file C:\\temp\\create-Localuser.ps1
And keep it hidden from the logged on user. 并将其与登录用户隐藏起来。 I assumed thats what you meant by invisible. 我认为这就是你看不见的意思。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.