Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- $propADComputers = Get-ADComputer -Filter * -SearchBase "Whatever you want"
- $name = Read-Host -AsSecureString "Enter the name of the non-built in admin you would like if required:"
- $password = Read-Host -AsSecureString "Enter the password of the non-built in admin account you would like if required:"
- foreach ($c in $propADComputers | Select-Object -ExpandProperty "Name")
- {
- try{
- #Start remote PSSession to PC
- Write-Host "Attempting to enter PSSession for $c..."
- Enter-PSSession $c
- Write-Host "Success!"
- #Local Built-In Admin Account & account information
- Write-Host "Fetching built-in admin account..."
- $builtinAdmin = Invoke-Command -ComputerName $c -ScriptBlock {Get-LocalUser | ? {$_.SID -like "*-500"}}
- $name = ($builtinAdmin | Select-Object -ExpandProperty "Name").ToLower()
- $isEnabled = $builtinAdmin | Select-Object -ExpandProperty "Enabled"
- if($name -contains "$name"){
- "Built-in account name is $name...let's change it"
- Invoke-Command -ComputerName $c -ScriptBlock {(Rename-LocalUser -Name $using:name -NewName "Administrator")
- }
- if ($isEnabled -eq $True){
- "Built-in account is enabled...let's disable it."
- #Need to run it again to get the new name
- $builtinAdmin = Invoke-Command -ComputerName $c -ScriptBlock {Get-LocalUser | ? {$_.SID -like "*-500"}}
- Invoke-Command -ComputerName $c -ScriptBlock {Disable-LocalUser -Name $Using:builtinAdmin | Select-Object -ExpandProperty "Name"}
- }
- Write-Host "Creating non built-in admin account..."
- Invoke-Command -ComputerName $c -ScriptBlock {
- (New-LocalUser -Name $Using:name -Password $Using:password -PasswordNeverExpires), (Add-LocalGroupMember -Group "Administrators" -Member $Using:name)
- }
- }
- Exit-PSSession
- }
- catch{
- Write-Host "Unable to enter PSSession to $c"
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement