Create a local Adminaccount with Powershell - Powershell 32 bit

PowerShell Help
1

Hello all,

I am relatively new to Powershell scripting and needed help with the following question. For the experienced programmers certainly an easy one.
Background to the request: Our software distribution unfortunately only allows 32 bit Powershell to be run. The command I want to execute was
by an ALIAS and the call of the 64 bit Powershell. The goal is to create a local admin account on a client PC for emergencies where
where a access via remote login ist no longer posssible. i have tried to execute the following command in a 32 bit Powershell:

Set-Alias Start-PowerShell64 “$env:windir\sysnative\WindowsPowerShell\v1.0\powershell.exe”
Start-PowerShell64 Set-ExecutionPolicy -ExecutionPolicy Bypass
Start-PowerShell64 New-LocalUser -Name ‘NewAdminUser’ -Password (Start-PowerShell64 convertto-securestring “12345678” -asplaintext -force)
Start-PowerShell64 Add-LocalGroupMember -Group “Administratoren” -Member “NewAdminUser”

Unfortunately, when running the New-Localuser command on the -Password parameter, the command fails with the following error message:

New-LocalUser : The “Password” parameter cannot be bound. The value “System.Security.SecureString” of type
“System.String” cannot be converted to “System.Security.SecureString” type.
In line:1 character:44

  • … w-LocalUser -Name NewAdminUser -Password System.Security.SecureString
  •   + CategoryInfo : InvalidArgument: (:) [New-LocalUser], ParameterBindingException
  + FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Microsoft.PowerShell.Commands.NewLocalUserCommand

Of course there are other ways to create a local admin account, however I would be interested in the solution to this problem.
Thank you very much for your help.

2

Alexander,
Welcome to the forum. :wave:t4:

First of all … when you post code, sample data, console output or error messages please format it as code using the preformatted text button ( </> ). Simply place your cursor on an empty line, click the button and paste your code.

Thanks in advance

How to format code in PowerShell.org <---- Click :point_up_2:t4: :wink:

You never know. Sometime an issue is way more complec than it may seem to be in the first place.

Wow. Why that? We have 2022! You may consider updating to a more grown up software distribution solution.

“ALIAS”? A PowerShell alias? if “yes”, what and why?

Why?

… now it get’s confusing … :wink:

You may explain what you ACTUALLY want to achieve instead of the steps you think you have to do to acomplish what you need. … the bigger picture if you want. :wink:

In general: you should be able to run any command regardless of the “bitness” of the PowerShell console. Builtin cmdlets should run without any issue.

Now … your code:

You should not use aliasses in scripts - that’s considered very bad style and makes your code harder to read and harder to maintain or troubleshoot if necessary.

That’s going to start a PowerShell console and doing actually nothing with it. At least nothing useful for you in this case. :wink: And why changing the Exection Policy? Since you don’t want to run scripts you don’t need to deal with the execution policy. :wink:
You may run

PowerShell /?

to learn how to start PowerShell sessions and what you can do with it.

That’s starting another new, independend PowerShell console. Inside this instance you call a cmdlet and for the -Passwort parameter you start a new, independend PowerShell console which will outputs a secure string object TOGETHER with everything else a newly started POwerShell console outputs by default. :wink:

… another new, independend PowerShell console …

Something like this should actually be enough

  $Passwort = ConvertTo-SecureString '12345678' -AsPlainText -Force
  New-LocalUser -Name 'NewAdminUser' -Password $Passwort
  Add-LocalGroupMember -Group 'Administratoren' -Member 'NewAdminUser'

But if you insist to run it in a 64 bit PowerShell you may try it like this:

$ScriptBlock = {
    $Passwort = ConvertTo-SecureString '12345678' -AsPlainText -Force
    New-LocalUser -Name 'NewAdminUser' -Password $Passwort
    Add-LocalGroupMember -Group 'Administratoren' -Member 'NewAdminUser'
}
& "$env:windir\sysnative\WindowsPowerShell\v1.0\powershell.exe" -command $ScriptBlock
3

Hi Olaf,

thank you very much for your feedback and the effort to understand my problem. The software distribution is unfortunately a fixed size and currently not changeable.

Your code runs without problems in a 64bit powershell. Unfortunately it does not work when I try it in a 32bit powershell. It always hangs on a parameter. I already tried to create and set the password in different lines:

Set-Alias Start-PowerShell64 "$env:windir\sysnative\WindowsPowerShell\v1.0\powershell.exe"
$Passwort = Start-PowerShell64 ConvertTo-SecureString '12345678' -AsPlainText -Force
Start-PowerShell64 New-LocalUser -Name 'NewAdminUser' -NoPassword
$UserAccount = Start-PowerShell64 Get-LocalUser -Name "NewAdminUser"
$UserAccount | Start-PowerShell64 Set-LocalUser -Password $Passwort

but the result is the same (tried in Powershell 32bit):

The Password parameter cannot be bound. The value “System.Security.SecureString” of type
“System.String” type cannot be converted to “System.Security.SecureString” type.

The Problem is the “Password” Parameter from the Function Get-LocalUser and Set-LocalUser.

The goal for this is to create a tempory adminaccount for clients with a expired password for the local admin and no connection to the domain (homeoffice).
Yes, this should not happen, but has happened a few times now.

4

I have learned something today too … thank you for that. :wink:

I actually did not know that there are differences in the availability of cmdlets in 32 bit and 64 bit. :man_shrugging:t4:

I forgot the call operator in my code suggestion above. I updated it and tested it and it works like this. Try it again, please.

5

Thank you very much for your help Olaf. Its working :grinning: