Create Local Admin Account

WinServer ICON


This is a script that your not going to need everyday but it could come in handy. I had a situation at one of my clients that required us to allow a consultant team to log on to servers during a migration process with local admin privileges. Obviously if your security team is OK with it you could just give the consultants the password for your local admin account in your environment. You could also temporarily change the default admin account password and then change it back if you wanted. We could not do either of those things for one reason or another so this script was born.

The script takes a name you set in the variable called “$NewLocAdmin” and processes through a list of servers you populate in a file named “ServersList.txt” and creates a local user and adds it to the local Administrators group. The “ServersList.txt” will need to exist in the same directory as the script unless you update the “$Computers” variable. The script prompts for the password to be given to the new account. If in your environment you have renamed the local Administrators group on your machines you will need to change where it where it is referenced in the script as well.

Like a couple of my other scripts this one also uses the Export-Excel function for some reporting it has built into it. There are two functions in the script. One reaches out to the current computer in the “ForEach” loop and grabs a list of local users on the machine. The other function actual creates the local user account and adds it to the local Administrators group. The account creation function has some condition checking built into it like attempting to ping the machine name before it does it work.

The script has been tested on Microsoft Windows Server 2003 to 2012 SP2. I do not know of any reason why it would not work on server 2016.


Github Link: Create-Local-Admin-Account.ps1