troubleshooting Question

Powershell Logon Script Elevation assistance

Avatar of ITguy565
ITguy565Flag for United States of America asked on
Shell ScriptingPowershellWindows Server 2016
7 Comments1 Solution37 ViewsLast Modified:
Experts,

I have a powershell script that has to be run via an elevated powershell prompt.

#Generate Random Password
add-type -AssemblyName System.Web
$Password = "UserAccount1" + [System.Web.Security.Membership]::GeneratePassword(24,8)

#Command/Uncomment Below Statement : to see Password Generated in the Log File
write-log "Password for $($ENV:computername)\UserAccount1 is $($password)"

Function Write-Log {

    
    
        [cmdletbinding()]
    
        Param(
        [Parameter(Position=0)]
        [ValidateNotNullOrEmpty()]
        [string]$Message,
         [Parameter(Position=1)]
        [int]$Level=3,
        [Parameter(Position=2)]
        [string]$Path="$env:temp\PowerShellLog.txt"
    
        )
        
        #Pass on the message to Write-Verbose if -Verbose was detected
        Write-Verbose -Message $Message
        
        #only write to the log file if the $LoggingPreference variable is set to Continue
        if ($LoggingPreference -eq "Continue")
        {
        
            #if a $loggingFilePreference variable is found in the scope
            #hierarchy then use that value for the file, otherwise use the default
            #$path
            if ($loggingFilePreference)
            {
                $LogFile=$loggingFilePreference
            }
            else
            {
                $LogFile=$Path
            }
            
            $script = $MyInvocation.ScriptName.tostring()
            
            if (-not $LogLevel)
            {
                    #Write-Output "[$Level] $(Get-Date) $script $Message" | Out-File -FilePath $LogFile -Append
                    Write-Output "[$Level] $(Get-Date) $Message" | Out-File -FilePath $LogFile -Append
            }
            else
            {
                if ($Level -le $LogLevel)
                {
                    #Write-Output "[$Level] $(Get-Date) $script $Message" | Out-File -FilePath $LogFile -Append
                    Write-Output "[$Level] $(Get-Date) $Message" | Out-File -FilePath $LogFile -Append
                }
            }
        }
    
    } #end function

$scriptname = "script1"
$loggingPreference = "Continue"
$loggingFilePreference = "c:\$($ScriptName)_$(get-date -f yyyy_MM).txt"

Function invoke-Create-UserAccount1-User([switch]$remove){
    #Check for User
    $check = Get-WmiObject Win32_UserAccount -Filter "LocalAccount='true' and Name='UserAccount1'"
    # If Exists
    if ($Check){
        write-log "User Check : UserAccount1 Local User Found";
        $check2 = net localgroup administrators |Select-String -Pattern '^UserAccount1';
        if ($check2.count -ge 1){write-log "UserAccount1 Found in Local Group Administrators"};
        
        #Define Remove Switch
        if ($remove.IsPresent){
            write-log "Remove Switch Triggered : Removing UserAccount1 Account"
            net user UserAccount1 /del
            $check = Get-WmiObject Win32_UserAccount -Filter "LocalAccount='true' and Name='UserAccount1'"
            if (!$Check){write-log "UserAccount1 Account Removed"}
            EXIT    
        } 
        EXIT

#if Doesn't Exist
    }else {
        write-log "User Check : UserAccount1 User Not Found";
        
        #Create User
        write-host "Creating UserAccount1 User"
        net user "UserAccount1" $($password) /add /Y
        $check = Get-WmiObject Win32_UserAccount -Filter "LocalAccount='true' and Name='UserAccount1'"
        if ($Check){write-log "UserAccount1 Account Successfully Created"}
        
        #Add User To Group
        net localgroup administrators UserAccount1 /add
        $check2 = net localgroup administrators |Select-String -Pattern '^UserAccount1'
        if ($check2.count -ge 1){write-log "UserAccount1 Found in Local Group Administrators"}
        Exit
    }
}
invoke-Create-UserAccount1-User

This script needs to be deployed via logon script through a GPO. what is the easiest way to launch it with admin rights where it will function properly?
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 7 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 7 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros