Re: HELP..Need help with script that auto adds group to local admin group.

From: Richard Mueller [MVP] (rlmueller-NOSPAM_at_ameritech.NOSPAM.net)
Date: 02/18/04 

Date: Wed, 18 Feb 2004 10:38:50 -0600

Hi,

The user NT logon name can be retrieved from the WshNetwork object. If the
client OS is Win9x, then a loop is required to retrieve this. This is only
required on Win9x clients, and only during logon (the loop allows
authentication to complete on the local client). For example, I use:

' NetBIOS Domain name.
strNetBIOSDomain = "MyDomain"

Set objNetwork = CreateObject("Wscript.Network")

' Loop required for Win9x clients during logon.
strNTName = ""
On Error Resume Next
Do While strNTName = ""
  strNTName = objNetwork.userName
  Err.Clear
  If Wscript.Version > 5 Then
    Wscript.Sleep 100
  End If
Loop
On Error GoTo 0

' Bind to the user object in Active Directory with the WinNT provider.
Set objUser = GetObject("WinNT://" & strNetBIOSDomain & "/" _
  & strNTName & ",user")

Next, if the client OS is NT or above, most users may not have permission to
modify local groups. I would expect most users will not be able to add
members to the local administrators group. That's one reason why it can be
best to add a global domain group as a member of the local administrator
group on every machine. Then, you can change membership in all local
administrator groups by modifying the membership of the global group in
Active Directory.

Best is often to use a Startup script to make a global group a member of the
local administrators group on every machine. Startup scripts run with
"System" privileges on the local machine, so local group membership can be
modified. However, only Group Policy can configure startup scripts, and
Group Policy only applies to clients with W2k or above. 

-- 
Richard
Microsoft MVP Scripting and ADSI
HilltopLab web site - http://www.rlmueller.net
--
"yO .." <another@time.com> wrote in message
news:HiLYb.54565$yu6.27413@fe14.usenetserver.com...
> Ok .. you know what your talking about.  So Im betting you can answer this
> also.
> What I actually want to happen.
> 1. User logins ... script picks up user name.
> 2. Scriptf also picks up the name of the actual computer.
> 3. Users Active Directory account is added to the local systems
> administrators group.
>
> The below picks up the systems computer name.
> __Set objNetwork = CreateObject("Wscript.Network")
> __strComputer = objNetwork.ComputerName
>
> Question? .. how would the script pickup the users AD account name?
>
> __Set objGroup = GetObject("WinNT://" & strComputer &
> "/Administrators,group")
> I then have to bind I believe some thing like Set objDomainUser = .. etc
etc
> ..
>
> _ objGroup.Add(objUser.ADsPath)
>
>
> Thanks again .  Eventually I would figure this out .. but Im pressed for
> time.
>
>
>
>
> "Richard Mueller [MVP]" <rlmueller-NOSPAM@ameritech.NOSPAM.net> wrote in
> message news:OzbFKZY9DHA.2412@TK2MSFTNGP09.phx.gbl...
> > Hi
> >
> > Specific example:
> >
> >
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/ScriptCenter/user/ScrUG69.asp
> >
> > Similar code would add a domain group to the local group, you just bind
to
> > the domain group.
> >
> > I believe you can do this in a Startup script, which runs with System
> > privileges on the local machine before any user logs on. You might check
> for
> > membership before adding. For example:
> >
> > ' Retrieve computer NetBIOS name.
> > Set objNetwork = CreateObject("Wscript.Network")
> > strComputer = objNetwork.ComputerName
> >
> > ' Bind to local group.
> > Set objLocalGroup = GetObject("WinNT://" & strComputer _
> >   & "/Administrators,group")
> >
> > ' Bind to domain group.
> > Set objDomainGroup = GetObject("WinNT://MyDomain/TestGroup,group")
> >
> > ' Check membership and add if necessary.
> > If Not objLocalGroup.IsMember(objDomainGroup.AdsPath) Then
> >   objLocalGroup.Add(objDomainGroup.AdsPath)
> > End If
> >
> > -- 
> > Richard
> > Microsoft MVP Scripting and ADSI
> > HilltopLab web site - http://www.rlmueller.net
> > --
> > "Jason Peacock" <peacockj@dot.state.al.us> wrote in message
> > news:9F4527AA-89DF-4431-945C-609442B618A3@microsoft.com...
> > > Technet Script Center:
> > >
> > >
> >
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/scriptcenter/default.asp
> >
> >
> >
>
>
>
Loading