The below code will prompt the user for the password but I want to insert a password in the script (hidden would be preferable). Therefore, the script will run with user inervention and will create and add the user to the admin group.
$Password = Read-Host -asSecureString
New-LocalUser -Name User -password $Password
Add-LocalGroupMember -Group "Administrators" -Member User
I modified the script to the below, however I received a secure script error:
New-LocalUser -Name User -password Password
Add-LocalGroupMember -Group "Administrators" -Member User
You can use ConvertTo-SecureString -AsPlainText -Force to convert a string value to a [SecureString] instance:
$Password = "th3d3f4ultP4$$W0rd!!!" |ConvertTo-SecureString -AsPlainText -Force
You can also try something like this (even leaving off the -UserName User on the Get-Credential if you want to prompt for both user and password:
# will prompt for password, store as secure string
$cred = Get-Credential -UserName User
New-LocalUser -Name $cred.UserName -Password $cred.Password
Add-LocalGroupMember -Group "Administrators" -Member $cred.UserName
Related
How does one connect anonymously to an SMB share in powershell using New-PSDrive?
I've tried omitting the -Credential param but this seems to use the currently logged in user. This works when I test using a domain account, however the problem is for normal operation the currently logged in user is a local kiosk user for assigned access that the domain file server does not recognize.
I've also tried using the following, however it prompts for user input. As this is run as a scheduled task for background operation - this is unacceptable.
$Credentials = Get-Credential -UserName 'NTAUTHORITY\Anonymous Logon'
New-PSDrive -ErrorAction Stop -PSProvider "FileSystem" -Root "$RemoteFolder" -Name "$RemoteDriveLetter" -Credential $Credentials -Persist -Scope Global | Out-Null
I have enabled the local security policy option on the file server for "Network access: Let Everyone permissions apply to anonymous users".
How do I utilize the "anonymous" user connection with New-PSDrive?
-- edit --
I've also tried this
$Credentials = [pscredential]::Empty
New-PSDrive -ErrorAction Stop -PSProvider "FileSystem" -Root "$RemoteFolder" -Name "$RemoteDriveLetter" -Credential $Credentials -Persist -Scope Global | Out-Null
However, the output is:
>> TerminatingError(New-PSDrive): "The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: The specified network password is not correct"
The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: The specified network password is not correct
Anonymous mounts use an 'empty' user and password for the credential block so you can do the same.
This works for me and allows file creation on the share:
$User = " " # Create 'empty' username
$PWord = ConvertTo-SecureString -String " " -AsPlainText -Force
$Credentials = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, $PWord
New-PSDrive -PSProvider "FileSystem" -Root "$RemoteFolder" -Name "$RemoteDriveLetter" -Credential $Credentials -Persist -Scope Global | Out-Null
I have a PowerShell script that creates a local user and adds to the Admin group it's working when I'm running it but I've made an exe file from it. after execution, nothing happens
$UserName = Read-Host "UserName"
$UserPassword = Read-Host "Password" -AsSecureString
New-LocalUser -Name $UserName -Password $UserPassword -description 'NewUser'
Add-LocalGroupMember -Group "Administrators" -Member ("$UserName") -Verbose
I've made exe file using the "PS2exe" module and "iexpress" can somebody help to fix it or create Log files for this exe
I need to be able to allow users from a remote domain to change their password and I cannot install RSAT tools and the machine they will be working on.
I have tried an Invoke-Command passing domain admin credentials to run some code on a domain controller however I cannot get Invoke-Command to authenticate.
$InvUsername = "admin"
$InvPassword_Text = "adminpassword"
$InvPassword = ConvertTo-SecureString -AsPlainText $InvPassword_Text -Force
$InvCreds = New-Object System.Management.Automation.PSCredential -ArgumentList $InvUsername,$InvPassword
$InvSession = New-PSSession -ComputerName 'DC01.domain.co.uk' -Credential $InvCreds
New-PSSession -ComputerName 'DC01.domain.co.uk' -Credential $InvCreds
New-PSSession : [DC01.domain.co.uk] Connecting to remote server DC01.domain.co.uk failed with the following error message : The user name or password is incorrect.
The password is not incorrect BTW.
Do you need to create a new remote PowerShell session to do it? Are you able to contact one of the domain controllers directly?
You could try using .NET's DirectoryEntry and passing credentials. If you know the distinguishedName of the account:
$user = New-Object System.DirectoryServices.DirectoryEntry("LDAP://CN=user,DC=example,DC=com", $username, $password)
$user.Invoke("SetPassword","NewPassword123")
You may also have to tell it to explicitly connect through the LDAPS (LDAP over SSL) port like this:
$user = New-Object System.DirectoryServices.DirectoryEntry("LDAP://DC01.domain.co.uk:636/CN=user,DC=example,DC=com", $username, $password)
But that also assumes that LDAPS is setup correctly with a certificate your computer trusts.
I am trying to import a certificate on a VM.
I am doing the following script:
Start-VM -Name $NewVmName
Copy-VMFile -Name $NewVmName -SourcePath ".\certificate.pfx" -DestinationPath "C:\certificate.pfx" -CreateFullPath -FileSource Host
$Password = "test" | ConvertTo-SecureString -asPlainText -Force
Invoke-Command -VMName $NewVmName -Credential $LocalCredential -ScriptBlock {
Import-PfxCertificate -FilePath "C:\certificate.pfx" -CertStoreLocation Cert:\LocalMachine\My -Password $Password
}
So the certificate store location is indicated. However, when I run this script, Windows prompts me to know in which store I want to import the certificate:
How come? what do I do wrong? I want the certificate to be imported without any user interactions of course.
Thanks!
Running PowerShell version 5.0 on Windows 10 Build 10240. I need to obtain a PSCredential instance that contains the LocalSystem context. How can I achieve this?
https://msdn.microsoft.com/en-us/library/windows/desktop/ms684190(v=vs.85).aspx
From the documentation you linked to:
This account does not have a password. If you specify the LocalSystem account in a call to the CreateService or ChangeServiceConfig function, any password information you provide is ignored.
So, just supply "any password information" in the pscredential constructor:
$Username = "NT AUTHORITY\SYSTEM"
$Password = "whatever you feel like" | ConvertTo-SecureString -AsPlainText -Force
$LocalSystemCreds = New-Object -TypeName pscredential -ArgumentList $Username,$Password