I have a PowerShell script that creates a local user and adds to the Admin group it's working when I'm running it but I've made an exe file from it. after execution, nothing happens
$UserName = Read-Host "UserName"
$UserPassword = Read-Host "Password" -AsSecureString
New-LocalUser -Name $UserName -Password $UserPassword -description 'NewUser'
Add-LocalGroupMember -Group "Administrators" -Member ("$UserName") -Verbose
I've made exe file using the "PS2exe" module and "iexpress" can somebody help to fix it or create Log files for this exe
Related
How does one connect anonymously to an SMB share in powershell using New-PSDrive?
I've tried omitting the -Credential param but this seems to use the currently logged in user. This works when I test using a domain account, however the problem is for normal operation the currently logged in user is a local kiosk user for assigned access that the domain file server does not recognize.
I've also tried using the following, however it prompts for user input. As this is run as a scheduled task for background operation - this is unacceptable.
$Credentials = Get-Credential -UserName 'NTAUTHORITY\Anonymous Logon'
New-PSDrive -ErrorAction Stop -PSProvider "FileSystem" -Root "$RemoteFolder" -Name "$RemoteDriveLetter" -Credential $Credentials -Persist -Scope Global | Out-Null
I have enabled the local security policy option on the file server for "Network access: Let Everyone permissions apply to anonymous users".
How do I utilize the "anonymous" user connection with New-PSDrive?
-- edit --
I've also tried this
$Credentials = [pscredential]::Empty
New-PSDrive -ErrorAction Stop -PSProvider "FileSystem" -Root "$RemoteFolder" -Name "$RemoteDriveLetter" -Credential $Credentials -Persist -Scope Global | Out-Null
However, the output is:
>> TerminatingError(New-PSDrive): "The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: The specified network password is not correct"
The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: The specified network password is not correct
Anonymous mounts use an 'empty' user and password for the credential block so you can do the same.
This works for me and allows file creation on the share:
$User = " " # Create 'empty' username
$PWord = ConvertTo-SecureString -String " " -AsPlainText -Force
$Credentials = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, $PWord
New-PSDrive -PSProvider "FileSystem" -Root "$RemoteFolder" -Name "$RemoteDriveLetter" -Credential $Credentials -Persist -Scope Global | Out-Null
I'm trying to create a command to add a domain user to the local administrator group. I already have the command to do it:
Add-LocalGroupMember -Group "Administrators" -Member domain\user
or
net localgroup Administrators Domain\user /add
But I need to ask the user to insert him credentials when run the script. How do I do this?
Get-Credential is what you want:
$cred = Get-Credential
This will prompt the user to enter their username and password in a secure fashion. However...
You can't add a user to a group you aren't a member of, or at least have permissions delegated to manage members of that group (such as local Administrators). If the running user could do this already, entering their credentials wouldn't be required.
If the running user were already in Administrators, you would not need this either, just provide the target principal name (since adding yourself to the Administrators group requires that you already be in Administrators) and make sure your session is elevated.
Honestly, just use a Restricted Groups GPO to control domain users and their local group status. You don't want local users able to manage their local admin group in most situations anyways. If someone does change the membership, the change will gracefully revert on the next gpupdate interval.
You can use:
$Credentials = Get-Credential
It will give you windows login window.
Also there is a way to extract that data like this:
$Credentials = Get-Credential
$Credentials.Password | ConvertFrom-SecureString | Set-Content C:\test\password.txt
$Username = $Credentials.Username
$Password = Get-Content “C:\test\password.txt” | ConvertTo-SecureString
$Credentials = New-Object System.Management.Automation.PSCredential $Username,$Password
There is more in here:
https://sysadminguides.org/2017/05/02/how-to-pass-credentials-in-powershell/
Hope it helps ;-)
The below code will prompt the user for the password but I want to insert a password in the script (hidden would be preferable). Therefore, the script will run with user inervention and will create and add the user to the admin group.
$Password = Read-Host -asSecureString
New-LocalUser -Name User -password $Password
Add-LocalGroupMember -Group "Administrators" -Member User
I modified the script to the below, however I received a secure script error:
New-LocalUser -Name User -password Password
Add-LocalGroupMember -Group "Administrators" -Member User
You can use ConvertTo-SecureString -AsPlainText -Force to convert a string value to a [SecureString] instance:
$Password = "th3d3f4ultP4$$W0rd!!!" |ConvertTo-SecureString -AsPlainText -Force
You can also try something like this (even leaving off the -UserName User on the Get-Credential if you want to prompt for both user and password:
# will prompt for password, store as secure string
$cred = Get-Credential -UserName User
New-LocalUser -Name $cred.UserName -Password $cred.Password
Add-LocalGroupMember -Group "Administrators" -Member $cred.UserName
I am trying to import a certificate on a VM.
I am doing the following script:
Start-VM -Name $NewVmName
Copy-VMFile -Name $NewVmName -SourcePath ".\certificate.pfx" -DestinationPath "C:\certificate.pfx" -CreateFullPath -FileSource Host
$Password = "test" | ConvertTo-SecureString -asPlainText -Force
Invoke-Command -VMName $NewVmName -Credential $LocalCredential -ScriptBlock {
Import-PfxCertificate -FilePath "C:\certificate.pfx" -CertStoreLocation Cert:\LocalMachine\My -Password $Password
}
So the certificate store location is indicated. However, when I run this script, Windows prompts me to know in which store I want to import the certificate:
How come? what do I do wrong? I want the certificate to be imported without any user interactions of course.
Thanks!
I'm trying to write a batch script to automatically change the password of an active directory user.
The:
net user <user> /domain <password>
where <user> & <password> are a user and password of some user on the domain.
Results in:
The request will be processed at a domain controller for
domain .
System error 5 has occurred.
Access is denied.
Edit:
I just found out that you need to be the domain controller to be able to run the command.
Is the a way to change a user's password without being the domain controller?
IT Admins with permissions to change passwords can use the QAD Powershell cmdlets to change passwords for accounts. Here’s an example of the Powershell command to run:
Set-QADUser -Identity <account_name> -Proxy -UserPassword <new_password>
For users without elevated permissions to set passwords on other accounts, there is still a Powershell option. You will need to have the Microsoft ActiveDirectory powershell module installed and know the previous password. Here’s some sample code how to accomplish this:
Set-ADAccountPassword -Identity <ADAccount>
This will then prompt for the previous password, and then ask for the new password twice.
For example if you want your process perform automatically:
Set-ADAccountPassword -Identity $username -OldPassword (ConvertTo-SecureString -AsPlainText $oldPass -Force) -NewPassword (ConvertTo-SecureString -AsPlainText $newPass -Force)