Powershell Script - Change Password in Clear Text

Isaias Perez
Isaias Perez used Ask the Experts™
on
Is there a way to change this local admin script so that the password is not in clear text but rather a hash or more secure? So for Example if my default local admin password is Welcome1$ and i want to keep it that way but yet not show this in clear text how can i alter this script to change that? I am planning on pushing this script via Intune to all my newly enrolled machines.

$Username = "Admin"
$Password = 'Welcome1'

$group = "Administrators"

$adsi = [ADSI]"WinNT://$env:COMPUTERNAME"
$existing = $adsi.Children | where {$_.SchemaClassName -eq 'user' -and $_.Name -eq $Username }

if ($existing -eq $null) {

    Write-Host "Creating new local user $Username."
    & NET USER $Username $Password /add /y /expires:never
    
    Write-Host "Adding local user $Username to $group."
    & NET LOCALGROUP $group $Username /add

}
else {
    Write-Host "Setting password for existing local user $Username."
    $existing.SetPassword($Password)
}

Write-Host "Ensuring password for $Username never expires."
& WMIC USERACCOUNT WHERE "Domain='$env:ComputerName'AND Name='$usr'" SET PasswordExpires=FALSE

Open in new window

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Qlemo"Batchelor", Developer and EE Topic Advisor
Top Expert 2015

Commented:
Making the script portable with an encrypted password is an issue. All you can do is to obfuscate the password, and make it more hard to read. Portable encryption requires to use a "salt" value also needed to be in the script, and so it is not really secret.
Senior Consultant
Awarded 2017
Distinguished Expert 2018
Commented:

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial