Re: Add Domain User to Local Power Users group.

Tech-Archive recommends: Speed Up your PC by fixing your registry

From: Al Dunbar [MS-MVP] (alan-no-drub-spam_at_hotmail.com)
Date: 02/08/05 

Date: Mon, 7 Feb 2005 19:56:41 -0700

"Torgeir Bakken (MVP)" <Torgeir.Bakken-spam@hydro.com> wrote in message
news:eo6b93WDFHA.560@TK2MSFTNGP15.phx.gbl...
> Arsi wrote:
>
> > This script works if the user is "Power User" or "Administrator" locally
> > but if it is a "Domain User" it doesn't. Anyone have a clue what to do?
> > I want to run it against all my users in domain. Yes I know I could do
> > this via GPO but I don't want to do that. I would only like to use this
> > script once so everyone would be Power User in their own computer.
> >
> > on error resume next
> > Set objNet = CreateObject("WScript.NetWork")
> > Dim strComputer
> > Dim strUser
> > strComputer = objNet.ComputerName
> > strUser = objNet.UserName
> >
> > Set objGroup = GetObject("WinNT://" & strComputer & "/Power Users")
> > Set objUser = GetObject("WinNT://MyDomain/" &strUser)
> > objGroup.Add(objUser.ADsPath)
> Hi
>
> As the current user account only have ordinary user rights, the
> script will not be able to add the account to a group.
>
> You could do it in a computer startup script (with a GPO) that runs
> as part of the boot up process (before the user logs in). It runs
> under the system context and has admin rights.

Or you could run a remote script against the workstations to do this from an
admin workstation. Since you seem to want ANY user who can logon to be a
power user, perhaps the easiest would be to add some global group that all
users are a member of, instead of adding individual domain accounts. I would
suggest using the "authenticated users" group.

/Al

Relevant Pages

  • Re: Adding Local Admin Accounts Using GPOs
    ... account to be used exclusively on the server, ... to remove all users from being local administrators on their machines. ... Notepad, pasted the text for the script, and saved it as AddUser.vbs (see ... I created a test OU and created the GPO policy where: ...
    (microsoft.public.windows.server.sbs)
  • Re: Disabling user account
    ... >>> domain controller the user logs on to to make sure the account is disabled ... >> I would NOT include the DISABLE in the script> ... The reasons were given in my previous message >> Remember, the GPO will not apply to network connections ... So were one to depend on a GPO to apply the DISABLE then the account might remain Enabled far longer than desired. ...
    (microsoft.public.win2000.active_directory)
  • Re: Disabling user account
    ... >> domain controller the user logs on to to make sure the account is disabled ... > I would NOT include the DISABLE in the script ... > depend on the GPO in any way for the disable. ... Huh? ...
    (microsoft.public.win2000.active_directory)
  • Re: script runs for users but not computers?
    ... The default printer is a property of the user account, ... different version of the login script. ... I thought this is more a permissions ... > it via logon in a GPO or locally. ...
    (microsoft.public.windows.server.scripting)
  • Re: Add Domain User to Local Power Users group.
    ... >> As the current user account only have ordinary user rights, ... >> script will not be able to add the account to a group. ... > admin workstation. ...
    (microsoft.public.scripting.vbscript)