Hey Guys,

So if you get locked out of a users box and you don’t have local admin credentials or in our case, not connected to VPN, heres how to make a simple local admin user with a known password to get into a box on the fly.

Evaluation: exit 1

Remediation: This will drop a local tempuser onto the box of your choice and a password of your choosing. (keep the quotes on the variables)

$scriptblock = {


#user defined variables:


$yourpass = "Password Here"


$yourname = "Name Here"


#


$Password = ConvertTo-SecureString $yourpass -AsPlainText -Force


New-LocalUser $yourname -Password $Password -FullName $yourname -AccountNeverExpires 


Add-LocalGroupMember -Group "Administrators" -Member $yourname


gpupdate /force


}


& “$env:SystemRoot\sysnative\WindowsPowerShell\v1.0\powershell.exe” -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -NonInteractive -Command $scriptblock

Then, make sure you delete that temp user afterwards, or you can run evaluation to see if you left it behind

$scriptblock = {


#user defined variable:


$tempname = "Your Temp Name"


#


$tempuser = Get-LocalUser | where-Object Name -eq $tempname | Measure


if ($tempuser.Count -eq 0) {


     exit 0


} 


else {


     exit 1


}


}


& "$env:SystemRoot\sysnative\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -NonInteractive -Command $scriptblock

And if anything comes back with a exit 1:

$scriptblock = {


#user defined variable:


$tempname = "Your Temp Name"


Get-LocalUser $tempname | Remove-LocalUser


}


& "$env:SystemRoot\sysnative\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -NonInteractive -Command $scriptblock