How can I add a Domain Account to the Local Administrators Group 
Author Message
 How can I add a Domain Account to the Local Administrators Group

I have a task of finding a way of adding a "Domain User" account to the
Local Machines "Administrators" group on about 5,000 PC's. It would be nice
to execute this during their Login Process.

Does anyone have an Idea how this can be done?
Paul



Fri, 14 Mar 2003 03:00:00 GMT  
 How can I add a Domain Account to the Local Administrators Group

I'm trying to do the same...cacls is a command worth looking into....if i
find anthing else, i'll let the group know



Quote:
> I have a task of finding a way of adding a "Domain User" account to the
> Local Machines "Administrators" group on about 5,000 PC's. It would be
nice
> to execute this during their Login Process.

> Does anyone have an Idea how this can be done?
> Paul




Fri, 14 Mar 2003 03:00:00 GMT  
 How can I add a Domain Account to the Local Administrators Group
The way I approached this was to first install ADSI on all workstations (via
WSH) than use Flemming Christiansen script:
http://cwashington.netreach.net/script_repository/view_scripts.asp?In...
&ScriptType=VBScript
to test if "Domain Users" was a member of the local administrator group. I
than tried to add domain Users to the local Administrator group using ADSI.
If this failed (i.e. user doesn't have rights) I used WSH to copy the
SUSS.EXE file to the system directory on the workstation and then log the
W/S name to a log file. I then manually ran "srvinstw.exe" and install the
SU service (NT resource kit) remotely on the workstation. Next time users
logged in I called the following SU.cmd file:

    P:\WSH\SU Installer "\\ServerName\log$\su\SU1.CMD" -l -e -cb
<\\ServerName\log$\su\user.txt
This then calls SU1.CMD
    net localgroup Administrators /ADD "DomainName\Domain Users"

The problems with this method are:
1. Manual remote installation of  SU Service on each workstation. (This is
now part of SOE). This would be fun with 5000 Pc's
2. The "Installer" account (Domain Admin) password is available to
inquisitive users. I have placed it in a hidden file/directory
"\su\User.bat" but it
   is still a issue.

Hope this helps.


Quote:
> I'm trying to do the same...cacls is a command worth looking into....if i
> find anthing else, i'll let the group know



> > I have a task of finding a way of adding a "Domain User" account to the
> > Local Machines "Administrators" group on about 5,000 PC's. It would be
> nice
> > to execute this during their Login Process.

> > Does anyone have an Idea how this can be done?
> > Paul




Sat, 15 Mar 2003 07:24:31 GMT  
 
 [ 3 post ] 

 Relevant Pages 

1. Adding domain groups to gthe local administrator group

2. Adding a domain group to local administrators group

3. Removing local Administrator account from Administrators group

4. VB script: adding AD group to local administrators group

5. help Adding a Domain group to a Local Group

6. Add domain group to local group

7. Adding a Domain Global group to a machine local group in Windows 2000

8. How do I add a domain global-groups in a member-server local group

9. add user to local win2k administrator group

10. Adding domain users to Local Administrators

11. Add a domain group to local machine

12. Add a domain group to local machine

 

 
Powered by phpBB® Forum Software