Adding domain groups to gthe local administrator group 
Author Message
 Adding domain groups to gthe local administrator group

Is there a way to add the Domain admins to the local users machines
adminstrators group??? Please help time crunch.. Thanks in advance!!!

Marc Hayes



Mon, 19 Jan 2004 23:56:31 GMT  
 Adding domain groups to gthe local administrator group

Quote:
> Is there a way to add the Domain admins to the local users machines
> adminstrators group??? Please help time crunch.. Thanks in advance!!!

That should happen automatically when you join the domain (not that it can't
be done with a script).

Best regards
Johnny Nielsen



Tue, 20 Jan 2004 03:49:27 GMT  
 Adding domain groups to gthe local administrator group
I ma trying to verify that our DOMAIN\Domain admins in in the local
administrators group on a users local machine. If it is not there then add
it.

Marc

Quote:


> > Is there a way to add the Domain admins to the local users machines
> > adminstrators group??? Please help time crunch.. Thanks in advance!!!

> That should happen automatically when you join the domain (not that it
can't
> be done with a script).

> Best regards
> Johnny Nielsen



Tue, 20 Jan 2004 04:31:22 GMT  
 Adding domain groups to gthe local administrator group
You can run the this command from wshell.run
To add user:   net localgroup administrators /add "Domain\Domain Admins"
To Verify:       net localgroup administrators

-Tony


Quote:
> I ma trying to verify that our DOMAIN\Domain admins in in the local
> administrators group on a users local machine. If it is not there then add
> it.

> Marc





Quote:
> > > Is there a way to add the Domain admins to the local users machines
> > > adminstrators group??? Please help time crunch.. Thanks in advance!!!

> > That should happen automatically when you join the domain (not that it
> can't
> > be done with a script).

> > Best regards
> > Johnny Nielsen



Tue, 20 Jan 2004 07:18:10 GMT  
 Adding domain groups to gthe local administrator group
Better yet.........Modify this code from another post.

Hey all,

I have the following login script snippit that adds the user logging in to
the local admin group so he/she can install software:

Following this idea from MS:

Set comp = GetObject("WinNT://SEATTLE,computer")
Set grp = comp.GetObject("group", "TheSmiths")
grp.Add ("WinNT://INDEPENDENCE/JSmith")

I'm trying:

If os <> "" Then 'If os is other than 9x or Millenium

putername = WshNetwork.ComputerName
Set com = GetObject("WinNT://" & puterName & ",computer")
Set groupuseraddedto = com.GetObject("group", "administrators")
groupuseraddedto.Add ("WinNT://NPDB/" & user)

End If

It works for me, but then again, I'm in the domain admin group.  Is this a
red herring?  Does the script run without the privledges necessary to add
the user?

Thanks,
Nathan



Tue, 20 Jan 2004 07:26:58 GMT  
 Adding domain groups to gthe local administrator group

Quote:
> Better yet.........Modify this code from another post.

I don't think so. As he writes he was a member of the domain admins, so he
was probably already a member of the local administrators group before he
ran the script.

Best regards
Johnny Nielsen

Quote:
> Hey all,

> I have the following login script snippit that adds the user logging in to
> the local admin group so he/she can install software:

> Following this idea from MS:

> Set comp = GetObject("WinNT://SEATTLE,computer")
> Set grp = comp.GetObject("group", "TheSmiths")
> grp.Add ("WinNT://INDEPENDENCE/JSmith")

> I'm trying:

> If os <> "" Then 'If os is other than 9x or Millenium

> putername = WshNetwork.ComputerName
> Set com = GetObject("WinNT://" & puterName & ",computer")
> Set groupuseraddedto = com.GetObject("group", "administrators")
> groupuseraddedto.Add ("WinNT://NPDB/" & user)

> End If

> It works for me, but then again, I'm in the domain admin group.  Is this a
> red herring?  Does the script run without the privledges necessary to add
> the user?

> Thanks,
> Nathan



Tue, 20 Jan 2004 07:44:04 GMT  
 Adding domain groups to gthe local administrator group
Sorry I wasn't clear........
When I said "MODIFY", I meant change Nathan's adsi script to fit your needs.
Meaning, use the ADSI code to fit your needs. Then deliver the script
through whatever vialable methods that you have.
Marc did not seem to specify anywhere in the thread which methods or which
security rights would be used to verify/change this.
I guess I was assuming that when Marc said......
Quote:
>"our DOMAIN\Domain admins in in the local
>administrators group on a users local machine. If it is not there then add
>it."

He would know to have sufficient rights before attempting to add the group.

The adsi example shown below by nathan could be "Modified" to a nice remote
utility script if the environment permits. I'll show you..........

For Example this works for me when adding group items to remote
computers.........With MY environment(script Win2k machine, remote computer
NT/2000)
Feel free to use it, I "Modified" it so that you can add it into a much
larger script. And so that you may MODIFY it to your needs with ease.
Please note the add error control comments. Even though this works when all
the fields are filled in correctly, it would be best to add functionality to
control the event that the remote computer is in an unreachable state(not NT
based, turned off, Certain Services Stopped, or plain old Typo's when
filling in fields)

Quote:
>Option Explicit

>AddToGroup

>Wscript.Quit
>' ///////////////////////////////
>' Individual Sub Commands
>' ///////////////////////////////
>Function RemoteComputer
>RemoteComputer = Trim(InputBox("Please Enter the Name of the Remote

Computer","Remote Computer Name"))
Quote:
>' Add error Control!
>End Function

>Function RemoteGroup
>RemoteGroup = Trim(InputBox("Please Enter the Name of the Remote

Group","Remote Group Name"))
Quote:
>'Add Error Control!
>End Function

>Function ItemToAdd
>ItemToAdd = Trim(InputBox("Please Enter the Name of the User/Group to" &

vbCrlf & "add to the remote computer","Name of Item to Add"))
Quote:
>'Add Error Control!
>End Function

>Sub AddToGroup
>'Add Error Control!
>'Declare Variables
>Dim l_sRemoteComputer, l_sRemoteGroup, l_sItemToAdd
>l_sRemoteComputer = RemoteComputer
>l_sRemoteGroup = RemoteGroup
>l_sItemToAdd = ItemToAdd
>' Do the Work
>Dim oAdsiRemoteComputer, oAdsiRemoteGroup
>Set oAdsiRemoteComputer = GetObject("WinNT://" & l_sRemoteComputer &
",computer")
>Set oAdsiRemoteGroup = oAdsiRemoteComputer.GetObject("group", Chr(34) &

l_sRemoteGroup & Chr(34) )

Quote:
>oAdsiRemoteGroup.Add ("WinNT://" & l_sItemToAdd)
>' Destroy Variables
>Set oAdsiRemoteComputer = Nothing
>Set oAdsiRemoteGroup = Nothing
>Set l_sRemoteComputer = Nothing
>Set l_sRemoteGroup = Nothing
>Set l_sItemToAdd = Nothing
>End Sub

Hope this helps..........


Quote:


> > Better yet.........Modify this code from another post.

> I don't think so. As he writes he was a member of the domain admins, so he
> was probably already a member of the local administrators group before he
> ran the script.

> Best regards
> Johnny Nielsen

> > Hey all,

> > I have the following login script snippit that adds the user logging in
to
> > the local admin group so he/she can install software:

> > Following this idea from MS:

> > Set comp = GetObject("WinNT://SEATTLE,computer")
> > Set grp = comp.GetObject("group", "TheSmiths")
> > grp.Add ("WinNT://INDEPENDENCE/JSmith")

> > I'm trying:

> > If os <> "" Then 'If os is other than 9x or Millenium

> > putername = WshNetwork.ComputerName
> > Set com = GetObject("WinNT://" & puterName & ",computer")
> > Set groupuseraddedto = com.GetObject("group", "administrators")
> > groupuseraddedto.Add ("WinNT://NPDB/" & user)

> > End If

> > It works for me, but then again, I'm in the domain admin group.  Is this
a
> > red herring?  Does the script run without the privledges necessary to
add
> > the user?

> > Thanks,
> > Nathan



Tue, 20 Jan 2004 12:16:52 GMT  
 Adding domain groups to gthe local administrator group

Quote:
> Sorry I wasn't clear........

Well, perhaps I was not to clear either :-)

What I didn't like was this:

Quote:
> I have the following login script snippit that adds the user logging in to
> the local admin group so he/she can install software:

Here he mentions a login script, which runs in the security context of a
user that typically is not a local administrator.

What I can't see is how a script running in this security context should be
able to add the domain administrators to to local administrators group?

Best regards
Johnny Nielsen



Tue, 20 Jan 2004 18:29:21 GMT  
 Adding domain groups to gthe local administrator group
Ok here is some clarification. THe user logging in is a member of the local
administrators group. I just needed to be able to verify that the
domain\domain admins group was a member of the local administrators group
and add it if needed. I will try the codae an see what happens. Thanks for
the help. I will let you know how it works out.

Marc Hayes

Quote:


> > Sorry I wasn't clear........

> Well, perhaps I was not to clear either :-)

> What I didn't like was this:

> > I have the following login script snippit that adds the user logging in
to
> > the local admin group so he/she can install software:

> Here he mentions a login script, which runs in the security context of a
> user that typically is not a local administrator.

> What I can't see is how a script running in this security context should
be
> able to add the domain administrators to to local administrators group?

> Best regards
> Johnny Nielsen



Tue, 20 Jan 2004 23:31:14 GMT  
 Adding domain groups to gthe local administrator group

Quote:
> Ok here is some clarification. THe user logging in is a member of the
local
> administrators group.

OK, then no problemo :-)

Best regards
Johnny Nielsen



Wed, 21 Jan 2004 06:24:02 GMT  
 Adding domain groups to gthe local administrator group
No problem....Common Mis-communication!
I am a common enforcer of efficiency.
So being in the VBScript newsgroup, I assumed that marc was looking for a
vbscript way for completing his task. And, as always, I like to point people
in the most prospectful and efficient way to solve a task. Although my first
response was geared toward his immediate need for a solution, through the
simplest way to make the change. My second was bland and intended to help
guide him into a more robust, complete and long term solution, if possible.
No pun intended.
These newsgroups, for my understanding, is completely for sharing with
others AND helping to keep ones self in touch with the skills that have been
used to help make a task easier and less repetitive. As the saying goes,
"Time is money!". And to coin my own phrase or announce my motto.......

"And with wasted time on doing something the hard way, Wasting more time on
a task than needed, Is wasting time learning to save more time on tasks that
need to be completed."
-Tony Patino

An Aspiring learner of what Technology has to offer..... And teacher of what
Technology has offered.
Tony Patino


Quote:


> > Sorry I wasn't clear........

> Well, perhaps I was not to clear either :-)

> What I didn't like was this:

> > I have the following login script snippit that adds the user logging in
to
> > the local admin group so he/she can install software:

> Here he mentions a login script, which runs in the security context of a
> user that typically is not a local administrator.

> What I can't see is how a script running in this security context should
be
> able to add the domain administrators to to local administrators group?

> Best regards
> Johnny Nielsen



Wed, 21 Jan 2004 23:51:37 GMT  
 
 [ 11 post ] 

 Relevant Pages 

1. Adding a domain group to local administrators group

2. VB script: adding AD group to local administrators group

3. How can I add a Domain Account to the Local Administrators Group

4. help Adding a Domain group to a Local Group

5. Add domain group to local group

6. Adding a Domain Global group to a machine local group in Windows 2000

7. How do I add a domain global-groups in a member-server local group

8. add user to local win2k administrator group

9. Removing local Administrator account from Administrators group

10. Adding multiple users or groups to local groups

11. Add Global group to Local Group

12. Add Domain Users Group to Powe Users Group in Script

 

 
Powered by phpBB® Forum Software