Unattend Local Admin Account isn't part of Administrators
-
So the unattend you all helped me create is working well and making our life much easier, thank you!
However, today a user helped me discover a problem. My custom local admin account for some reason isn’t accepting the Administrator group. My account add portion of the unattend is:
<UserAccounts>
<LocalAccounts>
<LocalAccount wcm:action=“add”>
<Password>
<Value>notmypassword</Value>
<PlainText>false</PlainText>
</Password>
<Description>Admin Account</Description>
<DisplayName>Admin</DisplayName>
<Group>Administrators</Group>
<Name>localadmin</Name>
</LocalAccount>
</LocalAccounts>
</UserAccounts>Anyone have any idea why it wouldn’t be a member of the Administrator group?
Thanks,
Philip
-
@flipwalker Does the local administrators group start with a capital
A
? Just a guess. I know windows is not case sensitive for usernames. Not sure if the same applies to group names. -
So I found the problem. It was a PEBCAK issue. Essentially I had also instituted a group policy restricting membership of the Local Admin group and had forgotten to add my locally created admin to the group policy. So as soon as it created the user and got domained it immediately removed it from the admin group.
Luckily I had a USB with Kali on it laying around so I just hopped on and elevated privilege on a user so I could fix the problem that had arose.
Sorry for wasting the communities time.
Philip
-
The thread will likely help someone in the future.