How To Create a Local Admin Account with Powershell

how-to-create-a-local-admin-account-with-powershell

If not well designed or managed, User and Administrator privilege separation for users/system administrators on a Windows OS can be painful for both sides. Indeed, Windows OS doesn’t have a simple and neat management like a SUDO on Linux OS, but settings need to be tailored with GPO or at least with different users.

Regular user accounts (e.g. Domain Users) should not be a member of the local administrators group for a security point of view.

Using separate users: a standard one and an admin member of the local administrators group is at least a good way to mitigate the risk of potential/malicious/accidental damage to the system. It doesn’t matter if most of the today’s threats can deal with the regular user context.

Nothing new if you’re familiar with the least privilege access, if is something you’ve never think about it… Well, I can use a simple effective analogy for allowing user with local admin rights on their workstation.. it’s like to let them run with the scissors all the time… is it worthy or simply asking for trouble?

Continue reading “How To Create a Local Admin Account with Powershell”

PowerShell and Power Options

Systems Administrators love to use feature-rich tools to set up and manage their devices on the network with the desired configuration starting from Group Policy to MS ConfigMgr / System Center Configuration Manager(SCCM). These solutions are robust, complex and but they can be also very expensive to maintain and implement correctly in every scenario.

In this article, we will play with Power Options and with Powershell.

What PowerShell is bringing to the table is, first of all, being included in the OS (for free) and can be used either for simple or complex scenarios depending on your capabilities. This degree of the flexibility to check if everything is working as expected in few lines of code and even to correct issues quickly it depends on the software developer or system engineer that writes the code. Continue reading “PowerShell and Power Options”