If you ever find yourself wanting to create a local user based on something super specific (like Serial Number) then this post is for you.
First you need your script:
#
#Created by Ami Casto Twitter:@MDTPro Blog:http://amicasto.com
#
#This script will create a local user account based on Serial Number, set the password to never expire, prevent user from changing the password, and add it to the Local Admin Group
#
#Make it all clean - this could be commented out if unwanted
#
$Error.clear() # Clear errors
$startupVariables=””
#
#Queries Win32_Bios for Serial Number and pulls out the serial number to return it on a single line which gets captured as a variable
#
$SN = gwmi win32_bios | Select-Object -Expandproperty SerialNumber
#
# $SN now equals the hardware's Serial Number and this variable is used to create a user account, set a password, and prevent that user from changing it
#
net user $SN P@ssw0rd /add /passwordchg:no
#
#This step sets the password to never expire
#
wmic useraccount where "name='$SN'" set passwordexpires=false
#
#This step adds the newly created account to the Local Admin group
#
net localgroup administrators $SN /add
#
Just copy/paste and save it as user.ps1 in the Scripts folder.
In MDT, open your preferred task sequence and create a new group where you would like the step to go. Since this account is a local user and won’t be able to access anything specific to the deployment anyway, I’m adding the account near the end.
Notice that I call on it this way %SCRIPTROOT%\user.ps1 . You could create a separate folder within the scripts folder, but you’ll have to remember to include that in the path as well, otherwise your deployment will fail.
And, Success!
Disclaimer: It is very important that you pick a property that is short and doesn’t have special characters. So I wouldn’t do this on a VM for example, I’d pick something from win32_bios such as model.
If you want to make this work on a Intel NUC, then you need to read my post about how to assign a Serial Number for your NUC.