script to check for local user "ITAdmin" if that exists, reset the password and add it to the local administrators group if it does not exist. Create and enable it, add it to the Local Administrators group and give me a report if the task is completed or failed on each client. The password is the same for all clients.
# ===== CONFIG =====
$username = "username"
$password = "P@ssw0rd"
$device = $env:COMPUTERNAME
# Convert password
$securePassword = ConvertTo-SecureString $password -AsPlainText -Force
try {
# Check if user exists
$user = Get-LocalUser -Name $username -ErrorAction SilentlyContinue
if ($user) {
# User exists → reset password + enable
Set-LocalUser -Name $username -Password $securePassword
Enable-LocalUser -Name $username
$action = "EXISTING_USER_UPDATED"
}
else {
# User does not exist → create it
New-LocalUser -Name $username -Password $securePassword -FullName "IT Admin" -Description "TASProvider"
Enable-LocalUser -Name $username
$action = "USER_CREATED"
}
# Ensure member of Administrators group
$isMember = Get-LocalGroupMember -Group "Administrators" -Member $username -ErrorAction SilentlyContinue
if (-not $isMember) {
Add-LocalGroupMember -Group "Administrators" -Member $username
$groupAction = "ADDED_TO_ADMIN_GROUP"
}
else {
$groupAction = "ALREADY_IN_ADMIN_GROUP"
}
# Final verification
$verifyUser = Get-LocalUser -Name $username
$verifyAdmin = Get-LocalGroupMember -Group "Administrators" -Member $username -ErrorAction SilentlyContinue
if ($verifyUser -and $verifyAdmin) {
Write-Output "$device,SUCCESS,$action,$groupAction"
}
else {
Write-Output "$device,FAILED,VERIFICATION_FAILED"
}
}
catch {
Write-Output "$device,FAILED,$($_.Exception.Message)"
}
