Burwell.tech

Gotta Love the Duck! AI is useful when controlled by humans.

Scheduled Local Admin

<#***********************************************************************************************************************
Script Name : TempAdmin.ps1
Location    : "$env:HOMEDRIVE\PowerShell\TempAdmin.ps1"
Purpose     : Sets Temporary admin Locally and removes in the set amount of time with a scheduled task using local 
SYSTEM account non-interactively
Date        : Wednesday, March 18, 2026 9:16:58 AM #Get-date
- Initial version
Date        : Wednesday, March 18, 2026 8:00:00 AM
- Updated   : Updated with extra notes
Author      : Patrick Burwell, www.Burwell.tech
#***********************************************************************************************************************#>
# Define the user and the duration for admin rights
$userName = Read-Host -Prompt 'Username to give rights to'
$durationInDays = 3 #<-- set the number of days manually or set prompt like username

# Calculate the date and time when the user should be removed from the Administrators group
$removalDate = (Get-Date).AddDays($durationInDays)

# You could also change the duration to hours with (Get-Date).AddHours($durationInHours)
# $durationInHours = 1 #<-- set the number of hours manually or set prompt like username
# (Get-Date).AddHours($durationInHours)
# $removalDate = (Get-Date).AddDays($durationInHours)


# Add the user to the Administrators group
Add-LocalGroupMember -Group "Administrators" -Member $userName

# Create a scheduled task to remove the user from the Administrators group after the specified duration
$action = New-ScheduledTaskAction -Execute "PowerShell.exe" -Argument "-NoProfile -WindowStyle Hidden -Command `"Remove-LocalGroupMember -Group 'Administrators' -Member '$userName'`""
$trigger = New-ScheduledTaskTrigger -At $removalDate -Once
$principal = New-ScheduledTaskPrincipal -UserId "SYSTEM" -LogonType ServiceAccount
Register-ScheduledTask -Action $action -Trigger $trigger -Principal $principal -TaskName "RemoveAdminRights_$userName" -Description "Removes admin rights from $userName after $durationInDays days." > $null
Write-Host 'Admin rights given to user', $userName
Write-Host 'Admin rights will be removed in', $durationInDays, 'days on ',$removalDate
SCHTASKS /query /FO List /tn "RemoveAdminRights_$userName" /v

<#
If you caught on you could use AD PowerShell modules in an Active Directory environment to do the same tasks from a scheduled task on a Domain Controller with a Service Account that has the permissions.
If you learn PowerShell you don't need GUI tools. 
You can also set this remotely but I wouldn't recommend it.
#>

Posted

in

, , , , , , , , ,

by

PatrickBurwell

Tags:

, , , , ,

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.