Create local admin user with specific name on all current and new servers

Mohammad Falah 20 Reputation points
2023-12-05T11:01:08.91+00:00

I am deploying LAPS and the following is requested:

1- Create new local admin on all servers and manage it by LAPS.

2- Disable the default admin user.

How can I create a new local admin on all current servers (VMs) and the new ones that we will create in future? I have SCCM if i can use it for such thing.

Managing the new user via LASPS is the easy part, but when I tried to create new local admin user using GPO it greyed out the options after checking I found out Microsoft stopped it for security purposes.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,565 questions
Microsoft Configuration Manager
0 comments No comments
{count} votes

Accepted answer
  1. Simon Ren-MSFT 38,181 Reputation points Microsoft Vendor
    2023-12-07T10:33:29.0366667+00:00

    Hi @Mohammad Falah ,

    Thank you for posting in Microsoft Q&A forum.

    ==>I didn't ask for the powershell script I am asking for the way of deploying the powershell script on all domain devices.

    We can deploy the PowerShell script as a package or application.

    For package, create an empty package with a program containing the command line of the script to be run from a share, the script is executed using the local system account of the client computer if run with administrative permissions. So the permissions on the share must allow for "Domain computers" to have read access otherwise it cannot access the script.

    Then deploy it to your collection.

    You can refer to below guide:

    Deploying PowerShell Scripts in SCCM: Application Model vs. Legacy Packages vs. Scripts

    Thanks for your time. Have a nice day!

    Best regards,

    Simon


    If the response is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


1 additional answer

Sort by: Most helpful
  1. Garth Jones 1,666 Reputation points
    2023-12-05T13:30:27.94+00:00

    There are many ways to do this, using PowerShell script, deploy it a a CI, app or even Program.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.