Clear-Host $Account = "SCCMAdmin" $Password = "LetMeIn99$" # CREATE USER cmd /c "net user $Account $Password /add /comment:""SCCM Service Account"" " # SET ACCOUNT TO NEVER EXPIRE cmd /c "WMIC USERACCOUNT WHERE ""Name='$Account'"" SET PasswordExpires=FALSE" # ADD ACCOUNT TO ADMIN GROUP cmd /c "net localgroup ""Administrators"" $Account /add" # ADD ACCOUNT TO REMOTE GROUP cmd /c "net localgroup ""ConfigMgr Remote Control Users"" $Account /add" # ENABLE SECURE ATTENTION SEQUENCE - used by SCCM to allow control-alt-delete # NOTE - this setting will not trigger the GP in GPEDIT.msc, but will still work # 0 - None # 1 - Services # 2 - Ease of Access applications # 3 - Services and Ease of Access applications cmd /c "reg delete ""HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\System"" /v SoftwareSASGeneration /reg:32 /f" Start-Sleep -s 1 cmd /c "reg add ""HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\System"" /v SoftwareSASGeneration /t REG_DWORD /d 3 /reg:32 /f"
Note: There is a pure PowerShell method to doing all of the above, except it is stupid. Not too sure if Microsoft even uses PowerShell, but many of their CmdLets are an exercise in insanity.