Need to create and add a user then add to the local administrators account

I need a script or command to create a local user and add it to the local administrator's group on remote machines.  Can this be done?  I can not do this via GPO because it's blocked so I need a back door.

I have this so far net user /add account password
net localgroup administrators account /add
WellingtonISAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Alex Green3rd Line Server SupportCommented:
0
WellingtonISAuthor Commented:
It needs to be done remotely..
I have this so far
net user /add account password
net localgroup administrators account /add
0
bbaoIT ConsultantCommented:
then you need PEXEC to run NET USER on a remote host. check below official link for details.

https://docs.microsoft.com/en-us/sysinternals/downloads/psexec
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

Alex Green3rd Line Server SupportCommented:
I would stay away from psexec since Wannacry uses it, ultimately I do have a question, why can't you use GPO?  You say it's blocked but you must have other GPO's in your company.
0
WellingtonISAuthor Commented:
Long story... But basically I'm sneaking in a backdoor
0
Alex Green3rd Line Server SupportCommented:
what backdoor?
0
David Johnson, CD, MVPOwnerCommented:
Microsoft blocked it via gpo as it was a security hole that they plugged.

About malicious software using psexec so stay away from it. Malicious software uses pdf scripting, office documents using vba macro's, powershell, vbscript, batch files, Bank Robbers leave the scene of the crime using a car so no one should use a car? You can kill someone with a hammer, so carpenters should not use hammers?
A legitimate admin should not need a backdoor so this would have to be approved by company policy
0
McKnifeCommented:
@WellingtonIS:

Using psexec requires open ports. This is not recommended. Using a script like your two lines is possible, but will leave the administrator password the same anywhere - that should not be done, it's very dangerous!

I would offer consultancy if you told me what you are using the account for (detailed scenarios, please) and I have also an article for you about safe support user setups: https://www.experts-exchange.com/articles/18180/A-concept-for-safe-user-support.html
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Powershell

From novice to tech pro — start learning today.