Need to create and add a user then add to the local administrators account

WellingtonIS
WellingtonIS used Ask the Experts™
on
I need a script or command to create a local user and add it to the local administrator's group on remote machines.  Can this be done?  I can not do this via GPO because it's blocked so I need a back door.

I have this so far net user /add account password
net localgroup administrators account /add
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Author

Commented:
It needs to be done remotely..
I have this so far
net user /add account password
net localgroup administrators account /add
IT Consultant
Commented:
then you need PEXEC to run NET USER on a remote host. check below official link for details.

https://docs.microsoft.com/en-us/sysinternals/downloads/psexec
Exploring SharePoint 2016

Explore SharePoint 2016, the web-based, collaborative platform that integrates with Microsoft Office to provide intranets, secure document management, and collaboration so you can develop your online and offline capabilities.

AlexSenior Infrastructure Analyst

Commented:
I would stay away from psexec since Wannacry uses it, ultimately I do have a question, why can't you use GPO?  You say it's blocked but you must have other GPO's in your company.

Author

Commented:
Long story... But basically I'm sneaking in a backdoor
AlexSenior Infrastructure Analyst

Commented:
what backdoor?
Top Expert 2016

Commented:
Microsoft blocked it via gpo as it was a security hole that they plugged.

About malicious software using psexec so stay away from it. Malicious software uses pdf scripting, office documents using vba macro's, powershell, vbscript, batch files, Bank Robbers leave the scene of the crime using a car so no one should use a car? You can kill someone with a hammer, so carpenters should not use hammers?
A legitimate admin should not need a backdoor so this would have to be approved by company policy
Distinguished Expert 2018

Commented:
@WellingtonIS:

Using psexec requires open ports. This is not recommended. Using a script like your two lines is possible, but will leave the administrator password the same anywhere - that should not be done, it's very dangerous!

I would offer consultancy if you told me what you are using the account for (detailed scenarios, please) and I have also an article for you about safe support user setups: https://www.experts-exchange.com/articles/18180/A-concept-for-safe-user-support.html

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial