Link to home
Start Free TrialLog in
Avatar of Isaias Perez
Isaias PerezFlag for United States of America

asked on

Powershell Script - Change Password in Clear Text

Is there a way to change this local admin script so that the password is not in clear text but rather a hash or more secure? So for Example if my default local admin password is Welcome1$ and i want to keep it that way but yet not show this in clear text how can i alter this script to change that? I am planning on pushing this script via Intune to all my newly enrolled machines. 

$Username = "Admin"
$Password = 'Welcome1'

$group = "Administrators"

$adsi = [ADSI]"WinNT://$env:COMPUTERNAME"
$existing = $adsi.Children | where {$_.SchemaClassName -eq 'user' -and $_.Name -eq $Username }

if ($existing -eq $null) {

    Write-Host "Creating new local user $Username."
    & NET USER $Username $Password /add /y /expires:never
    
    Write-Host "Adding local user $Username to $group."
    & NET LOCALGROUP $group $Username /add

}
else {
    Write-Host "Setting password for existing local user $Username."
    $existing.SetPassword($Password)
}

Write-Host "Ensuring password for $Username never expires."
& WMIC USERACCOUNT WHERE "Domain='$env:ComputerName'AND Name='$usr'" SET PasswordExpires=FALSE

Open in new window

Avatar of Qlemo
Qlemo
Flag of Germany image
Making the script portable with an encrypted password is an issue. All you can do is to obfuscate the password, and make it more hard to read. Portable encryption requires to use a "salt" value also needed to be in the script, and so it is not really secret.
ASKER CERTIFIED SOLUTION
Avatar of Shaun Vermaak
Shaun Vermaak
Flag of Australia image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial