starred/CIPP

Fork 0

mirror of https://github.com/KelvinTegelaar/CIPP.git synced 2026-04-25 16:26:09 +03:00

[GH-ISSUE #3756] [Feature Request]: Local admin creation standard through Powershell / WIN32 app #1666

New issue

Closed

opened 2026-03-02 13:46:04 +03:00 by kerem · 2 comments

kerem commented

2026-03-02 13:46:04 +03:00

Owner

Originally created by @AllincoSystems on GitHub (Mar 7, 2025).
Original GitHub issue: https://github.com/KelvinTegelaar/CIPP/issues/3756

Please confirm:

I have searched existing feature requests (open and closed) and found no duplicates.
**me or my organization is currently an active sponsor of the product at the $99,- level.

Problem Statement

Admittedly I am not sure about the exact logistics involved for this, but there are use cases where you don't wish to use the default administrator for LAPS, and you wish to create a local admin account instead.

Powershell seems the most convenient method for this, something like this.

However, as far as I can tell there is no way to currently add this to a standard, or anything similar.
OMA URI is the only method I can find through intune policies but it gives an error in CIPP + it will be deprecated.

Could CIPP make the above or similar into a standard where we can provide the account name and enforce it on all tenants?

Benefits for MSPs

Would make it easier and quicker to apply LAPS policies with new local admin account creation.

Value or Importance

It's nice-to-have, in my opinion. It saves time and I think it adds value in the sense that MSPs can use a different local admin account from the default.

PowerShell Commands (Optional)

Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope Process -Force

$password = -join ((65..90) + (97..122) + (48..57) | Get-Random -Count 10 | ForEach-Object {[char]$_})
$Username = ""
$User = New-LocalUser -Name $Username -Password (ConvertTo-SecureString -String $password -AsPlainText -Force) -PasswordNeverExpires
$Group = Get-LocalGroup -Name "Administrators"

Add-LocalGroupMember -Group $Group -Member $User

That's the gist of what I got haha. I'm not too familiar personally.

Originally created by @AllincoSystems on GitHub (Mar 7, 2025). Original GitHub issue: https://github.com/KelvinTegelaar/CIPP/issues/3756 ### Please confirm: - [x] **I have searched existing feature requests** (open and closed) and found no duplicates. - [x] **me or my organization is currently an active sponsor of the product at the $99,- level. ### Problem Statement Admittedly I am not sure about the exact logistics involved for this, but there are use cases where you don't wish to use the default administrator for LAPS, and you wish to create a local admin account instead. Powershell seems the most convenient method for this, something like this. However, as far as I can tell there is no way to currently add this to a standard, or anything similar. OMA URI is the only method I can find through intune policies but it gives an error in CIPP + it will be deprecated. Could CIPP make the above or similar into a standard where we can provide the account name and enforce it on all tenants? ### Benefits for MSPs Would make it easier and quicker to apply LAPS policies with new local admin account creation. ### Value or Importance It's nice-to-have, in my opinion. It saves time and I think it adds value in the sense that MSPs can use a different local admin account from the default. ### PowerShell Commands (Optional) Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope Process -Force $password = -join ((65..90) + (97..122) + (48..57) | Get-Random -Count 10 | ForEach-Object {[char]$_}) $Username = "" $User = New-LocalUser -Name $Username -Password (ConvertTo-SecureString -String $password -AsPlainText -Force) -PasswordNeverExpires $Group = Get-LocalGroup -Name "Administrators" Add-LocalGroupMember -Group $Group -Member $User That's the gist of what I got haha. I'm not too familiar personally.

kerem

2026-03-02 13:46:04 +03:00

closed this issue
added the
enhancement

no-priority
labels

kerem commented

2026-03-02 13:46:04 +03:00

Author

Owner

@mruiterHU commented on GitHub (Mar 7, 2025):

I second this request (Sponsord)! Would be a great addition to streamline our LAPS deployment!

@mruiterHU commented on GitHub (Mar 7, 2025): I second this request (Sponsord)! Would be a great addition to streamline our LAPS deployment!

kerem commented

2026-03-02 13:46:04 +03:00

Author

Owner

@KelvinTegelaar commented on GitHub (Mar 7, 2025):

You can use a custom choco or winget package for this: https://docs.chocolatey.org/en-us/features/create-packages/

@KelvinTegelaar commented on GitHub (Mar 7, 2025): You can use a custom choco or winget package for this: https://docs.chocolatey.org/en-us/features/create-packages/

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/CIPP#1666

No description provided.

Rows
Columns