Create a one or more local admin user using sccm 2111

PerserPolis-1732 1,866 Reputation points
2022-02-04T13:35:38.307+00:00

Hi,

I want to create and deploy on all my machines a local Admin Account.
I have created a TS with Command line and use the following

powershell.exe New-LocalUser -AccountNeverExpires:$true -Password ( ConvertTo-SecureString -AsPlainText -Force 'lUAq') -Name 'localAdmin' -FullName "Local Administrator" -Description "Local Administrator" | Add-LocalGroupMember -Group administrators

If I run it , I get always the error code

Error executing Task Sequence Manager service. Code 0x80004005
Task sequence execution failed with error code 80004005

But If I run the same command line as "Script" with sccm script, it is working. Any Idea?

My second question is the following.

I want to create on all my machines a local admin user with different name on different machine. for example

the machine name is called "test" and the local admin user should be called "testAdmin" and the other machine is called "test2" the local admin user should be called "test2Admin"

Is there anyway to do that in on step?

Regards

Microsoft Configuration Manager Application
Microsoft Configuration Manager Application
Microsoft Configuration Manager: An integrated solution for for managing large groups of personal computers and servers.Application: A computer program designed to carry out a specific task other than one relating to the operation of the computer itself, typically to be used by end users.
498 questions
0 comments No comments
{count} votes

Accepted answer
  1. AllenLiu-MSFT 46,531 Reputation points Microsoft Vendor
    2022-02-11T03:38:50.287+00:00

    Hi, @PerserPolis-1732

    Do you mean: if the user name is User1, then the FullName will be "User1 administrator".

    $a=$env:username+"Admin"
    $b=$env:username+" Administrator"
    New-LocalUser -AccountNeverExpires:$true -Password ( ConvertTo-SecureString -AsPlainText -Force 'password') -Name $a -FullName $b -Description "Local Administrator" | Add-LocalGroupMember -Group administrators.


7 additional answers

Sort by: Most helpful
  1. AllenLiu-MSFT 46,531 Reputation points Microsoft Vendor
    2022-02-07T07:37:38.08+00:00

    Hi, @PerserPolis-1732

    Thank you for posting in Microsoft Q&A forum.

    When we run the command line in the TS, have we choose "Bypass" for PowerShell execution policy?
    And specify an account for "Run this step as the following account"?

    We can use $env:computername to get the machine name, you may try to use $env:computername+"Admin" to name your admin account.


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  2. PerserPolis-1732 1,866 Reputation points
    2022-02-07T12:08:42.527+00:00

    Hi,

    I dont understand your question and your solution. Could you please explain more about $env:computername+"Admin"? Do you have a example?
    I dont want to rename my Administrator Account. I want to create a new one with different Account name and different machine.

    As I above mentions, the local user should be called for example as following.

    the first machine is called "test1" and the local user should be called here "dummyAdmin"
    the second machine is called "test2" and the local user should be called here "DavidAdmin"
    the third machine is called "test3" and the local user should be called here "JanAdmin"

    Is that possible? I know it is not easy

    Regards

    0 comments No comments

  3. AllenLiu-MSFT 46,531 Reputation points Microsoft Vendor
    2022-02-08T08:09:57.06+00:00

    Hi, @PerserPolis-1732

    I'm sorry I do not make it clear, when we run powershell in task sequence, we can choose "Bypass" and "Run as account" like below:
    172148-1.png

    And you may use below script to create local admin based on the machine name.

    $a=$env:computername+"Admin"  
      
    New-LocalUser -AccountNeverExpires:$true -Password ( ConvertTo-SecureString -AsPlainText -Force 'User@123') -Name $a -FullName "Local Administrator" -Description "Local Administrator" | Add-LocalGroupMember -Group administrators  
    

    172162-2.png

    0 comments No comments

  4. PerserPolis-1732 1,866 Reputation points
    2022-02-08T08:56:14.103+00:00

    Hi Thanks for our replay. I did run that script with TS, it is working,

    I have changed the script as following:

    $a=$env:username+"Admin"
    New-LocalUser -AccountNeverExpires:$true -Password ( ConvertTo-SecureString -AsPlainText -Force 'password') -Name $a -FullName "Local Administrator" -Description "Local Administrator" | Add-LocalGroupMember -Group administrators.

    If I run that above script locally on the machine, it is working and create "domain user+Admin"

    If I deploy my TS to the same machine, it created a user name called "AdministratorAdmin"

    Any Idea why?

    thank you for help

    Regards

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.