troubleshooting Question

Powershell Logon Script Elevation assistance

Avatar of ITguy565
ITguy565Flag for United States of America asked on
PowershellWindows Server 2016Shell Scripting
7 Comments1 Solution37 ViewsLast Modified:
Experts,

I have a powershell script that has to be run via an elevated powershell prompt.

#Generate Random Password
add-type -AssemblyName System.Web
$Password = "UserAccount1" + [System.Web.Security.Membership]::GeneratePassword(24,8)

#Command/Uncomment Below Statement : to see Password Generated in the Log File
write-log "Password for $($ENV:computername)\UserAccount1 is $($password)"

Function Write-Log {

    
    
        [cmdletbinding()]
    
        Param(
        [Parameter(Position=0)]
        [ValidateNotNullOrEmpty()]
        [string]$Message,
         [Parameter(Position=1)]
        [int]$Level=3,
        [Parameter(Position=2)]
        [string]$Path="$env:temp\PowerShellLog.txt"
    
        )
        
        #Pass on the message to Write-Verbose if -Verbose was detected
        Write-Verbose -Message $Message
        
        #only write to the log file if the $LoggingPreference variable is set to Continue
        if ($LoggingPreference -eq "Continue")
        {
        
            #if a $loggingFilePreference variable is found in the scope
            #hierarchy then use that value for the file, otherwise use the default
            #$path
            if ($loggingFilePreference)
            {
                $LogFile=$loggingFilePreference
            }
            else
            {
                $LogFile=$Path
            }
            
            $script = $MyInvocation.ScriptName.tostring()
            
            if (-not $LogLevel)
            {
                    #Write-Output "[$Level] $(Get-Date) $script $Message" | Out-File -FilePath $LogFile -Append
                    Write-Output "[$Level] $(Get-Date) $Message" | Out-File -FilePath $LogFile -Append
            }
            else
            {
                if ($Level -le $LogLevel)
                {
                    #Write-Output "[$Level] $(Get-Date) $script $Message" | Out-File -FilePath $LogFile -Append
                    Write-Output "[$Level] $(Get-Date) $Message" | Out-File -FilePath $LogFile -Append
                }
            }
        }
    
    } #end function

$scriptname = "script1"
$loggingPreference = "Continue"
$loggingFilePreference = "c:\$($ScriptName)_$(get-date -f yyyy_MM).txt"

Function invoke-Create-UserAccount1-User([switch]$remove){
    #Check for User
    $check = Get-WmiObject Win32_UserAccount -Filter "LocalAccount='true' and Name='UserAccount1'"
    # If Exists
    if ($Check){
        write-log "User Check : UserAccount1 Local User Found";
        $check2 = net localgroup administrators |Select-String -Pattern '^UserAccount1';
        if ($check2.count -ge 1){write-log "UserAccount1 Found in Local Group Administrators"};
        
        #Define Remove Switch
        if ($remove.IsPresent){
            write-log "Remove Switch Triggered : Removing UserAccount1 Account"
            net user UserAccount1 /del
            $check = Get-WmiObject Win32_UserAccount -Filter "LocalAccount='true' and Name='UserAccount1'"
            if (!$Check){write-log "UserAccount1 Account Removed"}
            EXIT    
        } 
        EXIT

#if Doesn't Exist
    }else {
        write-log "User Check : UserAccount1 User Not Found";
        
        #Create User
        write-host "Creating UserAccount1 User"
        net user "UserAccount1" $($password) /add /Y
        $check = Get-WmiObject Win32_UserAccount -Filter "LocalAccount='true' and Name='UserAccount1'"
        if ($Check){write-log "UserAccount1 Account Successfully Created"}
        
        #Add User To Group
        net localgroup administrators UserAccount1 /add
        $check2 = net localgroup administrators |Select-String -Pattern '^UserAccount1'
        if ($check2.count -ge 1){write-log "UserAccount1 Found in Local Group Administrators"}
        Exit
    }
}
invoke-Create-UserAccount1-User

Open in new window


This script needs to be deployed via logon script through a GPO. what is the easiest way to launch it with admin rights where it will function properly?
ASKER CERTIFIED SOLUTION
Join our community to see this answer!
Unlock 1 Answer and 7 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 7 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros