How do I properly create a random password or initial password when I creating an local admin account using PS

PerserPolis-1732 1,326

Hi,

I have a script creating new local user account . Now I want to create a random password Or a initial password when I create a new local user account

that is the script

$UserLogon = Get-WinEvent -LogName 'Microsoft-Windows-User Profile Service/Operational' `
| Where-Object {$_.Id -eq 2} | Select-Object -First 1

$LastUser = Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\$($UserLogon.UserId.Value)" -Name "ProfileImagePath"
$substringIndex = $LastUser.ProfileImagePath.LastIndexOf("\") + 1
$LastUserName = $LastUser.ProfileImagePath.Substring($substringIndex)
$a=$LastUserName+"Admin"
New-LocalUser -AccountNeverExpires:$true -Password ( ConvertTo-SecureString -AsPlainText -Force 'password') -Name $a -FullName "Local Administrator" -Description "Local Administrator" | Add-LocalGroupMember -Group administrators

regards

sok 11 Reputation points

2022-02-14T14:48:36.263+00:00
You could try something like this:

ConvertTo-SecureString (-join([char[]](33..122) | Get-Random -Count 10)) -AsPlainText -Force

Accepted answer

Andreas Baumgarten 96,266 Reputation points MVP

2022-02-16T14:48:04.197+00:00
Hi @PerserPolis-1732 ,

remove this line:

$result = $a + "," + $password

and add these lines instead:

$hostname = $Env:COMPUTERNAME $result = $hostname + "," + $a + "," + $password

As this thread is getting a little messy, maybe you should open a new question if there is something else you need.

----------

(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards
Andreas Baumgarten
Please sign in to rate this answer.
PerserPolis-1732 1,326 Reputation points

2022-02-16T14:59:14.107+00:00

super thank you so much
Sign in to comment

4 additional answers

Rich Matheisen 44,776

Here's a password generator that works pretty well:

Function GeneratePassword {
    [CmdletBinding()]
    param(
        [Parameter(ValueFromPipeline=$false)]
            [ValidateRange(1,256)]
            [int]$PWLength = 16,
        [Parameter(ValueFromPipeline=$false)]
            [char[]]$CharSet1 = 'abcdefghiklmnoprstuvwxyz'.ToCharArray(),
        [Parameter(ValueFromPipeline=$false)]
            [char[]]$CharSet2 = 'ABCDEFGHKLMNOPRSTUVWXYZ'.ToCharArray(),
        [Parameter(ValueFromPipeline=$false)]
            [char[]]$CharSet3 = '1234567890'.ToCharArray(),
        [Parameter(ValueFromPipeline=$false)]
            [char[]]$CharSet4 = '!"$%&/()=?}][{@#*+'.ToCharArray(),
        [Parameter(ValueFromPipeline=$false)]
            [ValidateRange(0,256)]
            [int]$Set1Num = 8,
        [Parameter(ValueFromPipeline=$false)]
            [ValidateRange(0,256)]
            [int]$Set2Num = 3,
        [Parameter(ValueFromPipeline=$false)]
            [ValidateRange(0,256)]
            [int]$Set3Num = 2,
        [Parameter(ValueFromPipeline=$false)]
            [ValidateRange(0,256)]
            [int]$Set4Num = 3
    )

        $password =  $CharSet1 | Get-Random -Count $Set1Num
        $password += $CharSet2 | Get-Random -Count $Set2Num
        $password += $CharSet3 | Get-Random -Count $Set3Num
        $password += $CharSet4 | Get-Random -Count $Set4Num

        Write-Verbose "Initial password: $(-join $password)"

        $Password = -join ($password | Get-Random -Count $PWLength)

        Write-Verbose "Final   password: $Password"

        Write-Output $password
}

<#
$LcAlpha = 'abcdefghiklmnoprstuvwxyz'.ToCharArray()
$UcAlpha = 'ABCDEFGHKLMNOPRSTUVWXYZ'.ToCharArray()
$Numbers = '1234567890'.ToCharArray()
$NonAlphaNum = '!"$%&/()=?}][{@#*+'.ToCharArray()

# 8 character password, 5 lower-case, 1 upper-case, 1 digit, 1 punctuation
GeneratePassword -Verbose 8 $LcAlpha $UcAlpha $Numbers $NonAlphaNum 5 1 1 1

# 16 character password, 8 lower-case, 3 upper-case, 2 digit, 3 punctuation
GeneratePassword -Verbose
#>

PerserPolis-1732 1,326 Reputation points

2022-02-15T10:43:22.257+00:00

Hi,

how to add your script in my script?

$UserLogon = Get-WinEvent -LogName 'Microsoft-Windows-User Profile Service/Operational' `
| Where-Object {$_.Id -eq 2} | Select-Object -First 1

$LastUser = Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\$($UserLogon.UserId.Value)" -Name "ProfileImagePath"
$substringIndex = $LastUser.ProfileImagePath.LastIndexOf("\") + 1
$LastUserName = $LastUser.ProfileImagePath.Substring($substringIndex)
$a=$LastUserName+"Admin"
$user = New-LocalUser -AccountNeverExpires:$true -Password ( ConvertTo-SecureString -AsPlainText -Force 'password') -Name $a -FullName $a -Description "Local Administrator"
Add-LocalGroupMember -Group administrators -Member $user

thanks

Rich Matheisen 44,776

Add lines 1 - 41 to the top of your script.

Then, in your script add one line, and change one line:

$a=$LastUserName+"Admin"
$pw = GeneratePassword    # this will get you a 16 character pseudo-ramdom password with 8 lower-case, 3 upper-case, 2 digit, and 3 punctuation characters
$user = New-LocalUser -AccountNeverExpires:$true -Password ( ConvertTo-SecureString -AsPlainText -Force $pw) -Name $a -FullName $a -Description "Local Administrator"

PerserPolis-1732 1,326 Reputation points

2022-02-16T07:47:53.487+00:00

Hi,

It seems to work. But how can I know or see the generated password? I want to deploy to 100 different machines and it created 100 new users.
Is there possible to write the password and the username to a csv file and the csv file have not be overwritten, if I run the script several time

Regards
Rich Matheisen 44,776 Reputation points

2022-02-16T15:31:19.8+00:00

How are you creating the new local accounts? Are you running the script on your workstation? Or are you logging on to the new machine and running the script?

Are you going to collect the information by having the script update the data at a central location? Or are you going just write the information to the local machine?

PerserPolis-1732 1,326 Reputation points

2022-02-14T14:52:49.9+00:00

Hi sok,

Sorry how to get the password?

Regards
Please sign in to rate this answer.
sok 11 Reputation points

2022-02-14T15:02:32.467+00:00

You can save the output in a variable, or save it to file, either way will work.

PerserPolis-1732 1,326 Reputation points

2022-02-14T15:04:46.813+00:00

could you send me a example on the command line?

sok 11 Reputation points

2022-02-14T15:20:32.133+00:00

$NewPsw = ConvertTo-SecureString (-join([char[]](33..122) | Get-Random -Count 10)) -AsPlainText -Force ConvertTo-SecureString (-join([char[]](33..122) | Get-Random -Count 10)) -AsPlainText -Force | Out-Variable Somename

I would try to avoid, if I can, saving passwords in text files...
ConvertTo-SecureString (-join(char[] | Get-Random -Count 10)) -AsPlainText -Force | Out-File C:\psw.txt -Append

PerserPolis-1732 1,326 Reputation points

2022-02-15T11:37:53.653+00:00

I did try the both, it does not work
Sign in to comment
Andreas Baumgarten 96,266 Reputation points MVP

2022-02-14T16:09:37.627+00:00

Hi @PerserPolis-1732 ,

Maybe this helps:
https://github.com/abaumgarten42/Useful_PSscripts/blob/main/Generate-RandomPassword/Generate-RandomPassword.ps1

----------

(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards
Andreas Baumgarten
Please sign in to rate this answer.
PerserPolis-1732 1,326 Reputation points

2022-02-15T10:44:00.517+00:00

Hi,

how to add that script in my script?

$UserLogon = Get-WinEvent -LogName 'Microsoft-Windows-User Profile Service/Operational' `
| Where-Object {$_.Id -eq 2} | Select-Object -First 1

$LastUser = Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\$($UserLogon.UserId.Value)" -Name "ProfileImagePath"
$substringIndex = $LastUser.ProfileImagePath.LastIndexOf("\") + 1
$LastUserName = $LastUser.ProfileImagePath.Substring($substringIndex)
$a=$LastUserName+"Admin"
$user = New-LocalUser -AccountNeverExpires:$true -Password ( ConvertTo-SecureString -AsPlainText -Force 'password') -Name $a -FullName $a -Description "Local Administrator"
Add-LocalGroupMember -Group administrators -Member $user

Regards

Andreas Baumgarten 96,266 Reputation points MVP

2022-02-15T13:19:46.09+00:00

Hi @PerserPolis-1732 ,

just add the script at the beginning of you script.

Replace this line of your script:

$user = New-LocalUser -AccountNeverExpires:$true -Password ( ConvertTo-SecureString -AsPlainText -Force 'password') -Name $a -FullName $a -Description "Local Administrator"

with this line:

$user = New-LocalUser -AccountNeverExpires:$true -Password ( ConvertTo-SecureString -AsPlainText -Force $password) -Name $a -FullName $a -Description "Local Administrator"

Please give this a try.

Btw. the variable $password (in line 23 in my script) contains the value pf the password, if you want to know the password for later use.

----------

(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards
Andreas Baumgarten

PerserPolis-1732 1,326 Reputation points

2022-02-15T13:32:50.107+00:00

Hi again

It is working. If I run script manually on one machine I see the password displayed. But I wanna to deploy it to 100 machines. As you know the script created 100 different usernames on different machines.

How can I know which password is for which user ?

Thanks again for help

Regards

Andreas Baumgarten 96,266 Reputation points MVP

2022-02-15T16:50:15.007+00:00

Hi @PerserPolis-1732 ,

write the output of username and password in a txt file.

Something like this:

# $a should contain the username # $password should contain the password $result = $a + "," + $password Out-File -FilePath pw.txt -InputObject $result

----------

(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards
Andreas Baumgarten

PerserPolis-1732 1,326 Reputation points

2022-02-16T08:11:36.37+00:00

Hi Andreas,

Sorry again, can I use the output file with Export-CSV?
The file should be a csv file.

Regards

Andreas Baumgarten 96,266 Reputation points MVP

2022-02-16T08:44:26.383+00:00

Hi @PerserPolis-1732 ,

the output is comma-separated anyway.
Just us a different name for the file -> pw.txt -> pw.csv

----------

(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards
Andreas Baumgarten

PerserPolis-1732 1,326 Reputation points

2022-02-16T09:01:22.8+00:00

Hi again,

I know it and I did changed it to pw,csv. But it shows me not in separated table

regards

Andreas Baumgarten 96,266 Reputation points MVP

2022-02-16T09:10:26.537+00:00

Please take a look here: https://support.microsoft.com/en-us/office/import-or-export-text-txt-or-csv-files-5250ac4c-663c-47ce-937b-339e391393ba#ID0EBBN=Newer_versions

This explains how to open a CSV file in Excel.

(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards
Andreas Baumgarten

PerserPolis-1732 1,326 Reputation points

2022-02-16T09:18:26.257+00:00

super support

PerserPolis-1732 1,326 Reputation points

2022-02-16T11:38:48.193+00:00

Hi again,

Sorry for question again. I find out if I run the script first time, it created a pw.csv, if run it again for other user, it is overwriting the pw.csv.
It should add the new username and password in pw.csv.

Do you have any Idea?

Thank you so much

Regards

Andreas Baumgarten 96,266 Reputation points MVP

2022-02-16T12:15:20.33+00:00

Please modify this line Out-File -FilePath pw.txt -InputObject $result like this Out-File -FilePath pw.txt -InputObject $result -Append .

(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards
Andreas Baumgarten

PerserPolis-1732 1,326 Reputation points

2022-02-16T12:28:03.16+00:00

let me please check
Sign in to comment
PerserPolis-1732 1,326 Reputation points

2022-02-16T12:47:15.723+00:00

Hi Andres,

the script works now fine.

Thanks a lot
Please sign in to rate this answer.

0 comments No comments
Sign in to comment