Inspired by:
Michael Mardahl | https://www.iphase.dk
Jordan Russel | http://www.jrsoftware.org/
Sources:
https://www.iphase.dk/local-administrators-on-aad-joined-devices/
http://www.jrsoftware.org/
https://www.exemsi.com/download/
Create a folder named Add_Local_Admin
In Add_Local_Admin create three folders:
_Inno
_Intunewin
Install
Download PSAppDeployToolkit and extract
Copy Toolkit files to Install
Create a Add_Local_Admin.ps1 file and save in Add_Local_Admin\Install\Files
New-LocalUser -Name "Admin" -Description "Admin." -NoPassword
net user Admin PASSWORD123@
wmic useraccount where "Name='Admin'" set PasswordExpires=false
net user "Admin" /PasswordChg:No
Add-LocalGroupMember -Group "Administrators" -Member "Admin"
Change on line 2 PASSWORD123@ to what password you want
Create a Unistall.ps1 file and save in Add_Local_Admin\Install\Files
|
1 2 |
Remove-LocalGroupMember -Group "Administrators" -Member "Admin" Remove-LocalUser -Name "Admin" |
Edit in the Add_Local_Admin\Install the Deploy-Application.ps1 file
Line: 64 to 76
Add # on line 120
Add # on line 123
Add # on line 160
Add # on line 163
Add below line 140 the script.
|
1 2 3 4 5 6 |
$destinationFolder = join-path $envProgramFilesX86 "\Add_Local_Admin" New-Folder -Path $destinationFolder Copy-File -Path "$dirFiles\*.*" -Destination $destinationFolder\Files $myParameters = '-ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -File "{0}"' -f "$destinationFolder\Files\Add_Local_Admin.ps1" Execute-Process -Path 'powershell.exe' -Parameters $myParameters -WindowStyle 'hidden' Remove-Item -Path "$destinationFolder\Files\Add_Local_Admin.ps1" |
Below line 185 add the below code
|
1 2 3 |
$destinationFolder = join-path $envProgramFilesX86 "\Add_Local_Admin" $myParameters = '-ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -File "{0}"' -f "$destinationFolder\Files\Unistall.ps1" Execute-Process -Path 'powershell.exe' -Parameters $myParameters -WindowStyle 'hidden' |
Making Add_Local_Admin.exe
Download Inno Setup and install the software
Create in Notepad++ a file Add_Local_Admin.iss and save to _Inno folder
Copy and paste the below code
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
; Script generated by the Inno Script Studio Wizard. ; SEE THE DOCUMENTATION FOR DETAILS ON CREATING INNO SETUP SCRIPT FILES! [Setup] ; NOTE: The value of AppId uniquely identifies this application. ; Do not use the same AppId value in installers for other applications. ; (To generate a new GUID, click Tools | Generate GUID inside the IDE.) AppId={ AppName=Add_Local_Admin AppVersion=1.0 AppPublisher=knowledgebase.it AppPublisherURL=https://knowledgebase.it AppSupportURL=https://knowledgebase.it AppUpdatesURL=https://knowledgebase.it DefaultDirName={autopf}\Add_Local_Admin DisableDirPage=yes DefaultGroupName=Add_Local_Admin DisableProgramGroupPage=yes OutputDir="C:\Add_Local_Admin\_Intunewin" OutputBaseFilename=Add_Local_Admin Compression=lzma SolidCompression=yes [Files] Source: "C:\Add_Local_Admin\Install\*"; DestDir: "{app}"; Flags: ignoreversion recursesubdirs createallsubdirs ; NOTE: Don't use "Flags: ignoreversion" on any shared system files [Run] Filename: "{app}\Deploy-Application.exe"; Parameters: "Install"; WorkingDir: "{app}"; Flags: waituntilterminated hidewizard runhidden [UninstallRun] Filename: "{app}\Deploy-Application.exe"; Parameters: "Uninstall"; WorkingDir: "{app}"; Flags: waituntilterminated hidewizard runhidden [UninstallDelete] Type: filesandordirs; Name: "{app}*" |
Open Inno Setup Compiler and generate a App id on line 8
Run the script (F9)
Making Add_Local_Admin.intunewin
Create a install.cmd file and save in Add_Local_Admin\_Intunewin
|
1 |
Add_Local_Admin.exe /VERYSILENT /SUPPRESSMSGBOXES |
Create a Uninstall.cmd file and save in Add_Local_Admin\_Intunewin
|
1 2 3 4 |
@ECHO OFF SET ThisScriptsDirectory=%~dp0 SET PowerShellScriptPath=%ThisScriptsDirectory%Unistall.ps1 PowerShell -NoProfile -ExecutionPolicy Bypass -Command "& {Start-Process PowerShell -ArgumentList '-NoProfile -ExecutionPolicy Bypass -File ""%PowerShellScriptPath%""' -Verb RunAs}"; |
Create a Uninstall.ps1 file and save in Add_Local_Admin_Intunewin
|
1 2 |
$program = "C:\Program Files (x86)" & $program\Add_Local_Admin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES |
Download IntuneWinAppUtil.exe
Open cmd with admin rights and go to IntuneWinAppUtil.exe
Upload Add_Local_Admin.intunewin
https://portal.azure.com/#blade/Microsoft_Intune_Apps/MainMenu/1/selectedMenuItem/Overview
Microsoft Intune > Client apps > Apps
App type: Windows app (Win32)
Name: Add_Local_Admin
Description: Add a Admin user to Administrators Group
Pubisher: Knowledgebase
Category: Computer management
Display this as a featured app in the Company Portal: Yes or No
Upload a logo
Wait for complete upload
Install command: Install.cmd
Unistall command: Uninstall.cmd
Install behavior: System
Operating system architecture: 64-bit
Minimum operating system: Windows 10 1607
Detection rules>
Rule type: File
Path: C:\Program Files (x86)\
File or folder: Add_Local_Admin
Detection method: File or folder exists
Associated with a 32-bit app on 64-bit clients: Yes
Assign a group in Assignments