Jump to content

AutoLocalAdmin Local Administrative Account enforcement


Recommended Posts

Here's a little routine that will create a random password, store that password with a username (specified in script global @username@) and a timestamped title in a client's passwords, then uses that set of credentials to create a local administrator account on a Windows device. It's meant to be repetitively scheduled on devices that you want to enforce the existence of the local administrator account upon. Each time the script runs, it checks the age of the stored credentials and, if over the number of days specified in script global @ClientPwMaxAgeInDays@, rolls the password specified in the client passwords. Old credentials are retained in client passwords (with timestamped titles), so the client EDF and computer EDF that is created can be used to check state of the account and cross-ref what password should be used. Will also only update the timestamp in the computer EDF after testing that the specified account has been properly set and added to local admins.

image.png.40dd3968df1c3c06133dd1fa547cd608.png

image.png.e38375f8de61dd3c582fc39097be5973.png

image.png.10e3744224f9fc5a817f2498e6791b76.png 

image.png.83449d59e1a79ad243ad07dd9e361583.png

Script should import to Scheduled Commands folder.

Feedback welcomed!

Set AutoLocalAdmin Account.xml

Edited by MetaMSP
blur confidential info
  • Thanks 1
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...