Creating multiple local users accounts from a csv file using PowerShell then add to the Administrators group

# This script will create multiple local user accounts using the content of a 
# csv file and then add them to the local Administrators group.

<# example CSV layout to be saved as C:\Temp\Users.csv

UserName,FullName,Description

JBloggs,Joe Bloggs,Blogger

JDoe,Jane Doe, Dough Maker

#>

$strComputer=$env:computername

# Import CSV to $AllUsers

$AllUsers = Import-CSV "C:\Temp\Users.csv"

# Set temp password

$TempPassword = "P@ssword1"

foreach ($User in $AllUsers)

      {

      write-host Creating user account $user.Username

      $objOU = [adsi]"WinNT://."

      # Create user account

      $objUser = $objOU.Create("User", $User.Username)

      # Set password

      $objuser.setPassword($TempPassword)

      # Set FullName

      $objUser.FullName = $User.FullName

      # Set Description

      $objUser.Description = $User.Description

     

      # User must change password on next log on

      $objuser.PasswordExpired = 1

      # Save the info

      $objuser.SetInfo()

      # Add each user account to local Administrators group

      $computer = [ADSI]("WinNT://" + $strComputer + ",computer")

      $group = $computer.psbase.children.find("Administrators") 

      $group.Add("WinNT://" + $strComputer + "/" + $user.Username) 

      }

Grant SQL Server account access to Lock Pages in Memory using PowerShell

I was recently tasked by DevonDBA to automate granting a SQL server account the ability to Lock Pages in Memory using a PowerShell Script, this is what I came up with,

# Search for then add SQL group to SecPol and also grant an account to Lock Pages in Memory

# Variables used - change as required

$TempLocation = "C:\Temp"

$SQLServiceAccount = "ServerName\SQLAccount" #Account used for the SQL Service

$SQLInstance = "MSSQLSERVER"

# Variables that you don't need to change

# This is the line we need to change in the cfg file

$ChangeFrom = "SeManageVolumePrivilege = "

$ChangeFrom2 = "SeLockMemoryPrivilege = "

# Build the new line using local computername (needs the ` to escape the $)

$ChangeTo = "SeManageVolumePrivilege = SQLServerSQLAgentUser$" + $env:computername + "`$" + "$SQLInstance,"

$ChangeTo2 = "SeLockMemoryPrivilege = $SQLServiceAccount,"

# Check if temp location exists and create if it doesn't

IF ((Test-Path $TempLocation) -eq $false)

{

New-Item -ItemType Directory -Force -Path $TempLocation

Write-Host "Folder $TempLocation created"

}

# Set a name for the Security Policy cfg file.

$fileName = "$TempLocation\SecPolExport.cfg"

#export currect Security Policy config

Write-Host "Exporting Security Policy to file"

secedit /export /cfg $filename

# Use Get-Content to change the text in the cfg file and then save it

(Get-Content $fileName) -replace $ChangeFrom, $ChangeTo | Set-Content $fileName

# As the line for SeLockMemoryPrivilege only exists if there is something already in the group

# this will check for it and add your $SQLServiceAccount or use Add-Contect to append SeLockMemoryPrivilege and your $SQLServiceAccount

IF ((Get-Content $fileName) | where { $_.Contains("SeLockMemoryPrivilege") })

{

Write-Host "Appending line containing SeLockMemoryPrivilege with $SQLServiceAccount"

(Get-Content $fileName) -replace $ChangeFrom2, $ChangeTo2 | Set-Content $fileName

}

else

{

Write-Host "Adding new line containing SeLockMemoryPrivilege"

Add-Content $filename "`nSeLockMemoryPrivilege = $SQLServiceAccount"

}

# Import new Security Policy cfg (using '1> $null' to keep the output quiet)

Write-Host "Importing Security Policy..."

secedit /configure /db secedit.sdb /cfg $fileName 1> $null

Write-Host "Security Policy has been imported"