Most common automation requests and how to solve them: Ep 3
 
                  
                  In today’s blog about common automation questions from our partners, I’m going to look at account creation.
I recently received this question from one of our partners: I want to create a local admin account on my end customer’s devices. What do you recommend?
I actually get this request quite a lot. User management—and specifically maintaining a local administrative account on your managed end devices—is important because it helps ensure you deliver quality services. But what do you do when you try to connect to your remote user only to discover that your account doesn’t exist, either because it wasn’t created or because it was removed or disabled by the end user who didn’t know what it was? You’re stuck scrambling to create it on the fly, and that is definitely a delay you don’t want to impose on the end user.
To solve this problem, we cover a very simple policy in the Automation Boot Camp (Advanced) which allows us to create a local user and ensure that if it gets disabled, removed from the admin group, or tampered with, it will get recreated and/or fixed.
The way the policy works is quite simple:
- It takes the desired username and password as parameters, then it checks if the user already exists. If it doesn’t, it will then create it.
- After that, it will get everyone in the “Administrators” group. (Note the group name ‘’Administrators’’ is language dependent and may need to be changed if your end user’s devices are not in English. For example, in French, it would be “Administrateurs.”)
- Once it has the list of admins, it checks if our desired user is in it. If they are not, the policy will add them back in.
- Once this is done, we can have the policy unlock the account in case someone locked it out.
- Finally, we can have the policy enable the user in case someone disabled them.
Another thing that was suggested by a partner was to add a ‘’set local user password’’ object, which resets the password to the desired default. This helps in cases where the GPO allows it, if someone inadvertently changed the password to something else.
You can find the policy at: https://me.n-able.com/s/
It is also available in the automation cookbook at https://www.n-able.com/automation-cookbook, along with over 400 other policies and monitoring.
Marc-Andre Tanguay is head automation nerd at N‑able. You can follow him on Twitter at @automation_nerd.
