Worklet: Add a local admin user on or off domain

Hey Guys,

So if you get locked out of a users box and you don’t have local admin credentials or in our case, not connected to VPN, heres how to make a simple local admin user with a known password to get into a box on the fly.

Evaluation: exit 1

Remediation: This will drop a local tempuser onto the box of your choice and a password of your choosing. (keep the quotes on the variables)

$scriptblock = {
#user defined variables:
$yourpass = "Password Here"
$yourname = "Name Here"
#
$Password = ConvertTo-SecureString $yourpass -AsPlainText -Force
New-LocalUser $yourname -Password $Password -FullName $yourname -AccountNeverExpires 
Add-LocalGroupMember -Group "Administrators" -Member $yourname
gpupdate /force
}
& “$env:SystemRoot\sysnative\WindowsPowerShell\v1.0\powershell.exe” -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -NonInteractive -Command $scriptblock

Then, make sure you delete that temp user afterwards, or you can run evaluation to see if you left it behind

$scriptblock = {
#user defined variable:
$tempname = "Your Temp Name"
#
$tempuser = Get-LocalUser | where-Object Name -eq $tempname | Measure
if ($tempuser.Count -eq 0) {
     exit 0
} 
else {
     exit 1
}
}
& "$env:SystemRoot\sysnative\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -NonInteractive -Command $scriptblock

And if anything comes back with a exit 1:

$scriptblock = {
#user defined variable:
$tempname = "Your Temp Name"
Get-LocalUser $tempname | Remove-LocalUser
}
& "$env:SystemRoot\sysnative\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -NonInteractive -Command $scriptblock