cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Bert_D
Lansweeper Employee
Lansweeper Employee

Creates a new local user and adds it to the local admin group

Rem: You need to add the user and password as a parameters.
Rem: If you do not add a username parameter, the username is default set to: Lansweeperadm
Rem: If you do not add a password parameter, the password is default set to: Strongpassword0*

Rem: Copy the code below and save it as Create_Admin_User.vbs at the {PackageShare}\Scripts folder


Set Arg = WScript.Arguments

if Arg.count = 2 then
strUser = Arg(0) 'Pass the username as parameter to the script
strPassword = Arg(1) 'Pass the password as parameter to the script
end if

if IsEmpty(strUser) or IsNull(strUser) or strUser = "" or IsEmpty(strPassword) or IsNull(strPassword) or strPassword = "" then
strUser = "Lansweeperadm"
strPassword = "Strongpassword0*"
end if

Set objWshNet = CreateObject("WScript.Network")
strComputer = objWshNet.ComputerName

Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery ("SELECT Name,SID from Win32_Group where domain ='" & strcomputer & "'")
For Each objItem in colItems
sidAdmin = objItem.SID
if sidadmin = "S-1-5-32-544" then
strGroup = objItem.Name
end if
Next

Set colAccounts = GetObject("WinNT://" & strComputer & "")
Set objUser = colAccounts.Create("user", strUser)
objUser.SetPassword strpassword
objUser.SetInfo
Set objGroup = GetObject("WinNT://" & strComputer & "/" & strGroup & ",group")
objGroup.Add(objUser.ADsPath)
10 REPLIES 10
Zacs
Engaged Sweeper III
Hi Guys

I have followed this but when i try do it i get a access denied message
Line: 28
Char: 1
Error: Access denied

Code: 8007005
Source: Active directory

I have run as system
I have run as scanning cred(Domain Admin)

But its both the same

HELP!!!!
spamking
Engaged Sweeper III
Can this be modified to set the password for the new admin account to never expire? We have had a few machines fall off of our domain due to inactivity or other errors and would like at least one account with a password set to never expire.
Bert_D
Lansweeper Employee
Lansweeper Employee
You need to look up the hostname inside the script and add it to your password.

If you don't want him to be admin you should remove the part where the user is added to the admin group.
pixa241
Engaged Sweeper II
Can this be used with thin clients, and will it recognize variables? Our local admin on thin clients has a unique password like my%hostname%password. Could that be used to pass on the username and password? and if I do not want the new user to be a local admin as well?
Bert_D
Lansweeper Employee
Lansweeper Employee
You could take a look at this post: http://www.lansweeper.com/Forum/yaf_postst10448_Script---Reset-Local-Admin-Password.aspx#post39286

The code there (re)sets the password for the administrator
gkeys
Engaged Sweeper II
Now my challenge is to modify this so that if the account already exists it just updates the password. My goal is to have the same local admin account on every PC in the domain and to change the password every 30 days.
I am NOT a VB Script person....... learning curves are so much fun.......

Bert_D
Lansweeper Employee
Lansweeper Employee
I adjusted the post so others won't have the same issue.

Good catch
gkeys
Engaged Sweeper II
Running locally pointed out the issue. Line 16 & 17 are a split and the VBS compiler on Windows 8.1 did not like it. The lines read:
Set colItems = objWMIService.ExecQuery ("SELECT Name,SID from Win32_Group
where domain ='" & strcomputer & "'")

once I changed it to a single line:
Set colItems = objWMIService.ExecQuery ("SELECT Name,SID from Win32_Group where domain ='" & strcomputer & "'")

Everything ran like a champ.

Michael_V
Champion Sweeper III
Are you able to run the vbs file manually on the client?