
Adding domain groups to gthe local administrator group
Sorry I wasn't clear........
When I said "MODIFY", I meant change Nathan's adsi script to fit your needs.
Meaning, use the ADSI code to fit your needs. Then deliver the script
through whatever vialable methods that you have.
Marc did not seem to specify anywhere in the thread which methods or which
security rights would be used to verify/change this.
I guess I was assuming that when Marc said......
Quote:
>"our DOMAIN\Domain admins in in the local
>administrators group on a users local machine. If it is not there then add
>it."
He would know to have sufficient rights before attempting to add the group.
The adsi example shown below by nathan could be "Modified" to a nice remote
utility script if the environment permits. I'll show you..........
For Example this works for me when adding group items to remote
computers.........With MY environment(script Win2k machine, remote computer
NT/2000)
Feel free to use it, I "Modified" it so that you can add it into a much
larger script. And so that you may MODIFY it to your needs with ease.
Please note the add error control comments. Even though this works when all
the fields are filled in correctly, it would be best to add functionality to
control the event that the remote computer is in an unreachable state(not NT
based, turned off, Certain Services Stopped, or plain old Typo's when
filling in fields)
Quote:
>Option Explicit
>AddToGroup
>Wscript.Quit
>' ///////////////////////////////
>' Individual Sub Commands
>' ///////////////////////////////
>Function RemoteComputer
>RemoteComputer = Trim(InputBox("Please Enter the Name of the Remote
Computer","Remote Computer Name"))
Quote:
>' Add error Control!
>End Function
>Function RemoteGroup
>RemoteGroup = Trim(InputBox("Please Enter the Name of the Remote
Group","Remote Group Name"))
Quote:
>'Add Error Control!
>End Function
>Function ItemToAdd
>ItemToAdd = Trim(InputBox("Please Enter the Name of the User/Group to" &
vbCrlf & "add to the remote computer","Name of Item to Add"))
Quote:
>'Add Error Control!
>End Function
>Sub AddToGroup
>'Add Error Control!
>'Declare Variables
>Dim l_sRemoteComputer, l_sRemoteGroup, l_sItemToAdd
>l_sRemoteComputer = RemoteComputer
>l_sRemoteGroup = RemoteGroup
>l_sItemToAdd = ItemToAdd
>' Do the Work
>Dim oAdsiRemoteComputer, oAdsiRemoteGroup
>Set oAdsiRemoteComputer = GetObject("WinNT://" & l_sRemoteComputer &
",computer")
>Set oAdsiRemoteGroup = oAdsiRemoteComputer.GetObject("group", Chr(34) &
l_sRemoteGroup & Chr(34) )
Quote:
>oAdsiRemoteGroup.Add ("WinNT://" & l_sItemToAdd)
>' Destroy Variables
>Set oAdsiRemoteComputer = Nothing
>Set oAdsiRemoteGroup = Nothing
>Set l_sRemoteComputer = Nothing
>Set l_sRemoteGroup = Nothing
>Set l_sItemToAdd = Nothing
>End Sub
Hope this helps..........
Quote:
> > Better yet.........Modify this code from another post.
> I don't think so. As he writes he was a member of the domain admins, so he
> was probably already a member of the local administrators group before he
> ran the script.
> Best regards
> Johnny Nielsen
> > Hey all,
> > I have the following login script snippit that adds the user logging in
to
> > the local admin group so he/she can install software:
> > Following this idea from MS:
> > Set comp = GetObject("WinNT://SEATTLE,computer")
> > Set grp = comp.GetObject("group", "TheSmiths")
> > grp.Add ("WinNT://INDEPENDENCE/JSmith")
> > I'm trying:
> > If os <> "" Then 'If os is other than 9x or Millenium
> > putername = WshNetwork.ComputerName
> > Set com = GetObject("WinNT://" & puterName & ",computer")
> > Set groupuseraddedto = com.GetObject("group", "administrators")
> > groupuseraddedto.Add ("WinNT://NPDB/" & user)
> > End If
> > It works for me, but then again, I'm in the domain admin group. Is this
a
> > red herring? Does the script run without the privledges necessary to
add
> > the user?
> > Thanks,
> > Nathan