how to use net user <add account> from XML file in powershell to deploy accounts

Question

Hello,

So I have created the following lines from machine A and wish to add that account on machine B

Machine A:

$secureStringPassword = ConvertTo-SecureString -String 'supersecret' -AsPlainText -Force  
$credential = [PSCredential]::new( 'lab', $secureStringPassword )   
$credential = New-Object -TypeName PSCredential -ArgumentList 'lab', $secureStringPassword  
$credential | Export-Clixml D:\test4\mycredential.xml  

Machine B:
In another powershell script where I deploy the accounts I have the following code:

 ## <PERFORM INSTALLATION TASKS HERE>  
            $group = "Administrators"  
            $Username = "lab"       
            $credential = [Xml] (Get-Content -Path "$ScriptDirectory\SupportFiles\mycredential.xml")       
            $RegPath = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"  
  
            $adsi = [ADSI]"WinNT://$env:COMPUTERNAME"  
            $existing = $adsi.Children | where {$_.SchemaClassName -eq 'user' -and $_.Name -eq $Username }  
  
               if ($existing -eq $null) {  
  
                  & NET USER $Username $Password /add /y /expires:never  
                  & NET LOCALGROUP $group $Username /add  
                  }  
                   else { $existing.SetPassword($Password) }  
                    & WMIC USERACCOUNT WHERE "Name='$Username'" SET PasswordExpires=FALSE  
                    $RegPath = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"  
                    Set-ItemProperty -Path "$RegPath" -Name "AutoAdminLogon" -Value "1"  
                    Set-ItemProperty -Path "$RegPath" -Name "DefaultUsername" -Value "$Username"   
                    Set-ItemProperty -Path "$RegPath" -Name "DefaultPassword" -Value "$Pass"  

How can I add the xml file so it fits the script? If I keep the $Username = "lab" the deployment works I can access Windows.
But if I remove that line and replace $credential with $Username it does not work

I also tried to replace $Username $Password with $credential but it didn't work.

Answer 1

I'm not sure if I follow you @Rich Matheisen

on machine B (the client) will use the credentials from customsettings.ini (MDT server). When I start the deployment, machine B already have the build account credentials from machine A (MDT server)?
on machine B, I have exported the same build account (same username and password according to customsettings.ini) to a XML file.

In the script, I have added:

             #$group = "Administrators"  
             #$Username = "lab"       
             $credential = [Xml] (Get-Content -Path "$ScriptDirectory\SupportFiles\MDT_BA.xml")    

I also tried to add a second line in the script

$credential = [Xml] (Get-Content -Path "$ScriptDirectory\SupportFiles\mycredential.xml")  < this contains account 'lab' and password 'supersecret'  

Thank you!

Answer 2

You cannot use content encrypted by user "A" on machine "A" on machine "B". The encryption keys on the two machines are not the same.

Create the credential for user "X" (the user that has the necessary permission to do the work in the script) on machine "B" before running the script. Export that credential to a file, secure the file so the account used to run the script and user "X" can access the file (to create a new credential if the password changes), and use that file as the source of the credential.