Create and hide a local admin

It was recommended by Kaseya that you create a local user on your endpoints and set that as the agent credentials.

This script creates a username, makes it a local administrator, makes sure the password never expires, and sets the account so that it doesn’t show up on the fast user switching screen for those machines that use the welcome screen.

First, create open notepade and create the following VBS:

‘ nopwdexp.vbs
‘ Windows NT/2000/XP/2003 Administration Script

‘ Turns off password expiry for the specified account

‘ Usage: cscript //nologo nopwdexp.vbs /domain:domainname /user:username

‘ Written by Mark Wilson, 10 September 2004

‘ This script is provided as is without warranty of any kind. Mark Wilson
‘ further disclaims all implied warranties including, without limitation, any
‘ implied warranties of merchantability or of fitness for a particular purpose.
‘ The entire risk arising out of the use or performance of the script including
‘ any associated documentation remains with the user of the script.

Option Explicit
On Error Resume Next
‘ Set constants
Const ufDONT_EXPIRE_PASSWD = &H10000
‘ Set variables
Dim colNamedArguments
Dim strDomain, strUser
‘ Read command line named arguments
Set colNamedArguments = WScript.Arguments.Named
‘ Report missing domain argument
If colNamedArguments.Exists(“domain”) Then
WScript.Echo “Missing argument: /domain:domainname”
End If
‘ Report missing user argument
If colNamedArguments.Exists(“user”) Then
WScript.Echo “Missing argument: /user:username”
End If
PasswordNeverExpires strDomain, strUser
Sub PasswordNeverExpires(domainname, username)
‘ Sets the do not expire password flag if not already set
Dim objUser, objUserFlags
‘ Read user properties
Set objUser = GetObject(“WinNT://” & domainname & “/” & username & “,user”)
‘ Examine flags set against account
objUserFlags = objUser.Get(“UserFlags”)
‘ If password expiry is allowed, then set password never to expire.
If (objUserFlags And ufDONT_EXPIRE_PASSWD) = 0 Then
‘ Password does expire
‘ WScript.Echo objUserFlags
objUserFlags = objUserFlags Or ufDONT_EXPIRE_PASSWD
‘ WScript.Echo objUserFlags
objUser.Put “UserFlags”, objUserFlags
WScript.Echo domainname & “” & username & ” password has been set never to expire.”
‘ Password does not expire
‘ WScript.Echo objUserFlags
WScript.Echo domainname & “” & username & ” password was already set never to expire.”
End If
End Sub
Sub Usage()
‘ Reports the correct command line syntax
Wscript.Echo VbCr
WScript.Echo “nopwdexp.vbs”
Wscript.Echo VbCr
WScript.Echo “Usage: cscript //nologo nopwdexp.vbs /domain:domainname /user:username”
End Sub

Make sure the file is named nopwbexp.vbs, and upload it to your kaseya server.

Then import this scritp, making sure to edit the username and password as applicable:

Script Name: Create and hide local admin

Script Description: This script creates and then hides a local administrator account.

This script should be run on every new Managed Services machine, unless you’re using a domain admin credential.

IF True
Execute Shell Command – (Continue on Fail)
Parameter 1 : net user /add *USERNAME*
Parameter 2 : 1
OS Type : 0
Execute Shell Command – (Continue on Fail)
Parameter 1 : net user *USERNAME* *PASSWORD*
Parameter 2 : 1
OS Type : 0
Execute Shell Command – (Continue on Fail)
Parameter 1 : net localgroup Administrators *USERNAME* /add
Parameter 2 : 1
OS Type : 0
Write File – (Continue on Fail)
Parameter 1 : c:tempnopwdexp.vbs
Parameter 2 : VSASharedFilesnopwdexp.vbs
OS Type : 0
Execute Shell Command – (Continue on Fail)
Parameter 1 : wscript //B c:tempnopwdexp.vbs /domain:%computername% /user:peadmin
Parameter 2 : 1
OS Type : 0
Set Registry Value – (Continue on Fail)
Parameter 1 : HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonSpecialAccountsuserListpeadmin
Parameter 2 : 0
Parameter 3 : REG_DWORD
OS Type : 0

This script runs quickly. After it’s run, set the agent credentials in the Agent tab, and you’re good to go!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s