Below you will find PowerShell scripts that will create a local administrative account with adequate remote administration capabilities. This script is only necessary if there is no Windows domain or a cloud hosted domain such as Azure or AWS. Instructions for removal of the administrative account once inventory has been completed, are included at the bottom.
Please ensure that you have verified your execution policy to allow for PowerShell scripts in your environment.
Creating the block_svc account
With Notepad open, copy and paste the code below and save it as block.ps1.
# Get the ID and security principal of the current user account $myWindowsID=[System.Security.Principal.WindowsIdentity]::GetCurrent() $myWindowsPrincipal=new-object System.Security.Principal.WindowsPrincipal($myWindowsID) # Get the security principal for the Administrator role $adminRole=[System.Security.Principal.WindowsBuiltInRole]::Administrator # Check to see if we are currently running "as Administrator" if ($myWindowsPrincipal.IsInRole($adminRole)) { # We are running "as Administrator" - so change the title and background color to indicate this $Host.UI.RawUI.WindowTitle = $myInvocation.MyCommand.Definition + "(Elevated)" $Host.UI.RawUI.BackgroundColor = "DarkBlue" clear-host } else { # We are not running "as Administrator" - so relaunch as administrator # Create a new process object that starts PowerShell $newProcess = new-object System.Diagnostics.ProcessStartInfo "PowerShell"; # Specify the current script path and name as a parameter $newProcess.Arguments = $myInvocation.MyCommand.Definition; # Indicate that the process should be elevated $newProcess.Verb = "runas"; # Start the new process [System.Diagnostics.Process]::Start($newProcess); # Exit from the current, unelevated, process exit } # Continuation of admin script # write to screen Write-Host "This execuatable will create a local Administrator account (block_svc) and also add the 'LocalAccountTokenFilterPolicy' registry key" Write-Host "" Write-Host "Please ensure the Execution Policy allows remote scripts (Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass)" Read-Host "Press Enter to Continue" New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "LocalAccountTokenFilterPolicy" -Value "1" -PropertyType "DWORD" #Request user to type password $Password = Read-Host "Please enter the desired password (please match the device's required complexity)" # convert the provided password to a secure password $SecurePassword = convertto-securestring $Password -asplaintext -force # delete plain text password from memory Remove-Variable Password # create user New-LocalUser block_svc -Password $SecurePassword -Description "Block64 service account (manually created)" # delete secure text password from memory Remove-Variable SecurePassword # disable user password reset prompt Set-LocalUser block_svc -PasswordNeverExpires 1 # add user to the local administrator's group Add-LocalGroupMember -Group "Administrators" -Member block_svc # wait for user input to see if any errors arise Read-Host "Account has been created. Please press enter to exit"
Right-click the block.ps1 file and run as administrator.
When prompted, enter a password for the new account.
The user block_svc
has been created.
Enter this credential into the Block 64 Discovery Application or BlockBox Virtual Appliance to inventory devices that contain this new credential by leaving the domain field blank, the username block_svc and the password used during the script.
A firewall rule should also be created on the desired endpoint that opens access to the ports outlined here. Ensure that the WMI & RPC services are enabled for incoming traffic from the host machine IP and File and Printer Sharing.
Removing the account
With PowerShell open as administrator, copy and paste the code below and press Enter.
Remove-LocalUser -Name "block_svc"