Our (quite small) environment has Windows (8.1 and 7) machines with user accounts that have admin privileges. To fix this, I decided to write a powershell script which would add a new admin account and demote the current one. After running it, I could no longer login into anything. The script is simple:
If (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator"))
{
Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" -Verb RunAs;
exit
}
net user local_admin SuperSecurePassword /add /comment:"comment" /expires:never
net localgroup "Administrators" local_admin /add
net localgroup "Administrators" "$env:username" /delete
Read-Host -Prompt "Enter!"
First, it relaunches from an elevated PS instance (taken from a popular question on SE), then runs the commands themselves.
All commands reported success on execution ("Command succesful" or something like that). However, I could no longer login into the system (not with the new profile, not with the old one) with this error message:
The User Profile Service service failed the logon. User profile cannot be loaded.
We have no domain, just a bunch of PCs with local accounts (I know, I know). What am I doing wrong?