Re: Add User to Local Administrators Group

Hi
Try this
i write this not for all domain but for selected OU


On error resume next
Set objOU = GetObject (LDAP://ou=Test,dc=XXX,dc=XX) ' write OU and domain
ObjOU.Filter= Array("computer") ' this filter
computers from selected OU
For Each objUser in objOU
strComputer = objUser.CN
Set objWMIService = GetObject("winmgmts:" _
&"{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colComputer = objWMIService.ExecQuery ("Select * from
Win32_ComputerSystem")
For Each objComputer in colComputer
logUser = replace(objComputer.UserName,"\","/") ' return logged user name in
format "domain/user name"
Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")
Set objUser_Local = GetObject("WinNT://"&logUser)
objGroup.Add(objUser_Local.ADsPath) ' add logged user to Local admins group
Next
Next

Run script as Domain admin user
to test create Ou in AD for example "Test", add one or more computers,
modify script for OU "test", run script and check result

Good luck
Mariuss


"kbj" <kbrucejones@xxxxxxxxxxx> wrote in message
news:F2248B6B-8D67-4864-B77A-FC70268575DE@xxxxxxxxxxxxxxxx
Hi all-

I need a script that I can run from my admin workstation. It would add a
user to the remote workstations Administrators group. Now the tricky part,
I
need to be able to add the current user who is logged on to the
Administrators group. Why you ask? We use a legacy app that requires the
user be a local admin and I screwed up and set a Restricted Groups policy
that erased all of the local admins except the Domain Admin group.

I am not a script writer, I'm only an editor :)

I have found scripts to add users/groups to the local admin (easy if you
know who to add) and scripts that detect the logged on user but nothing
that
I can cobble together to do both. I'm thinking of something like this:

get list of domain computers from AD
use generated list to call psloggedon and get the user info
use that list to call psexec and cmd /c net localgroup administrators
"psloggedon user"/add
log success / failure

Anyone want to take a crack at it?




.

Relevant Pages

  • Re: Finding users in local admin groups
    ... > Here is a vbscript that you can run against a remote computer that moves ... > *local* users except 'Administrator) from the Administrators group to the ... You should also add to the script logging to a file of the ... > you moved on what computers. ...
    (microsoft.public.win2000.security)
  • Re: Add domain user to local group script troubleshoot
    ... This script looks like it would be extremely helpful. ... changing domains and we have the old group in the local admins, ... > and thus my Computers OU underneath, but am not a domain admin and so am ... > practice would be to add a domain group to the local Administrators group ...
    (microsoft.public.windows.server.scripting)
  • Re: This script doesnt work i dont know why
    ... I'll try your script but just for curiosity, ... I gave to the group "Domain Computers" read and write rights over the ... where the patch is located. ... Administrators group. ...
    (microsoft.public.windows.server.scripting)
  • Re: I need to change the group membership using a logon script
    ... admins group in order to run the script. ... I believe users need to be members of the local Administrators group to run ... "Domain Admins" is made a member of the local Administrators group on the ... Administrators groups on the computers. ...
    (microsoft.public.scripting.vbscript)
  • Re: GPO to add user/group to local machine admins?
    ... This looks almost like what I need - except that it removes any members not specified and I have certain users added locally to their administrators group and don't want those purged. ... I have a vbs script that adds a user/group to the local admins group if I run it locally, but I can't get it to run in my startup scripts for some reason. ...
    (microsoft.public.windows.server.active_directory)