Need to enroll about 20 non-AD Windows Server 20012 r2 VMs into Orion via WMI, and for that, need to add local user or service accounts to them in a uniform and repeatable way.
Was initially thinking of doing it remotely (via a remote PowerShell execution, e.g. PSSession) but that seems counter-productive: involves quite a bit of manual work (establishing trust, enabling https-based WinRM, etc.).
Pivoted to putting together a PowerShell script and executing it locally on target systems. (Yes, domain-joining those system would make it so much easier - yet that's not an option for now.)
The systems run PowerShell 4.0. This means the Microsoft.PowerShell.LocalAccounts module with its "Get-LocalUser" is not option. This in turn means I have to use the [ADSI] framework to check if an account exists, and if not, create it with needed settings (password never expires, etc.) and privileges ("administrators" member, remove from "users" group, etc.).
(I am seeing good answers on e.g. SO - like this one - and will likely end up adapting them for this purpose - yet perhaps one of the SolarWinds wizards already cooked up something like this, and could share the recipe?)
Questions:
- Am I on the right track, that it'd be easier to run a one-time script locally on each machine vs. trying to configure those systems to execute remote scripts? (Sure, long term - a good idea; something to work on going forward, as well as get the greenlight to domain-join them.)
- Has anyone done something like that, and maybe has a script handy?
- Is there a "best practices" doc anywhere for local (not AD) user accounts used for node monitoring in SolarWinds?
Thank you!
