Mark

Home Members Mark

4sysops - The online community for SysAdmins and DevOps

  • Profile picture of David Figueroa

    David Figueroa replied to the topic How to Create Local Admin account on Remote Windows Server 2003 and 2008 in Group logo of PowerShellPowerShell Forum 2 years, 11 months ago

    @nikhilb There are few ways to do this between the machines.. This all assumes they are on the same network.. (can speak to each other over SMB).

    Assuming they are on the same physical network, you can use psexec.exe and pass the credentials into it.

    I’d create the batch file to handle both steps together.. (it will require the password to be embedded in the file for the new user).

    ::NewLocalUser.cmd
net user <username> <password> /add /description "local user"
net localgroup administrators <username> /add

    So, assuming your computer text list is just that..  this should work.

    psexec.exe @computerlist.txt -u <username> -p <password> -c newlocaluser.cmd -accepteula

    You may need to prepend in front of each computername in the file (Its been a long time, I just don’t remember).. If you don’t want to bother, then you could do it this way:

    for /f %f in (computerlist.txt) do psexec %f -u <username> -p <password> -c newlocaluser.cmd -accepteula

     

    Another way would be to use your account to copy the batch file on to each of the systems and create a scheduled task to run the batch file with the system account.

    for /f %f in (computerlist.txt) do schtasks.exe /create /tn CreateLocalUser /tr c:newlocaluser.cmd /s %f /ru "NT AuthoritySystem" /z /st 14:00

    The 14:00 would be whatever time you want it to run, maybe 2-3 minutes after you start it? and then when complete, delete the batch file so you don’t leave the stored password out there.

    If you want to make this more secure.. then you could add randomized passwords to your text file, and make it comma delimited.  If you go that route, you won’t need the batch file to copy, just 2 passes with psexec.

    computer1,password1
computer2,password2
    for /f "tokens=1,2 delims=," %f in (computerlist.txt) do psexec -h %f -u <username> -p <password> net user <username> %g /add /description "local user or whatever text"
for /f "tokens=1,2 delims=," %f in (computerlist.txt) do psexec -h %f -u <username> -p <password> net localgroup administrators <username> /add

    This is the most secure version since you won’t be leaving the password in plaintext to the accounts on the servers themselves.

     

    David F.

    Share
© 4sysops 2006 - 2022

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account