0

Our (quite small) environment has Windows (8.1 and 7) machines with user accounts that have admin privileges. To fix this, I decided to write a powershell script which would add a new admin account and demote the current one. After running it, I could no longer login into anything. The script is simple:

If (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator"))
{   
    Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" -Verb RunAs;
    exit
}

net user local_admin SuperSecurePassword /add /comment:"comment" /expires:never 
net localgroup "Administrators" local_admin /add

net localgroup "Administrators" "$env:username" /delete

Read-Host -Prompt "Enter!"

First, it relaunches from an elevated PS instance (taken from a popular question on SE), then runs the commands themselves.

All commands reported success on execution ("Command succesful" or something like that). However, I could no longer login into the system (not with the new profile, not with the old one) with this error message:

The User Profile Service service failed the logon. User profile cannot be loaded.

We have no domain, just a bunch of PCs with local accounts (I know, I know). What am I doing wrong?

Improve this question

1 Answer 1

Reset to default
0

Turns out my default profile folder (Users\Default) had incorrect access permissions for some reason, so Windows was unable to copy it over to the new profile using the newly created account. I successfully logged in after fixing that.

Another issue was that you have to add the user to "Users" group after removing him from administrators. The following line did that for me:

net localgroup "Пользователи" "$env:username" /add
Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .