Re: If possible to add domain user to a workstation's local administrators group by scrpting?
- From: "jogging" <v-xizha@xxxxxxxxxxxxx>
- Date: Tue, 18 Mar 2008 10:17:18 +0800
Thanks for all yr help.
But Richard,in my script I have already get a domain user account SID
through OpenDSObject function, of course the script was running on a
workgroup rather than a domain member server.
But the problem is, when I pass the objDomainUser to objLocalGroup.add (this
is the recommended way to add a domain obj to local group), seems it
couldn't open objDomainUser.ADsPath from current xecurity naming contex.
I think the problem was objLocalGroup.add itself.
Any ideas else?
"Richard Mueller [MVP]" <rlmueller-nospam@xxxxxxxxxxxxxxxxxxxx> wrote in
message news:uK6JeSFiIHA.4076@xxxxxxxxxxxxxxxxxxxxxxx
jogging wrote:
I am wondering if possible to add domain user to a workstation's local
administrators group by scrpting.
You konw, in most scenario we use {objLocalGroup}.add function to achieve
this target, but what if a workgroup?
When I try this on workgroup, script prompts fails with "unknow user name
or bad password".
You can add a domain user to a local group if you are authenticated to the
domain. Otherwise, the domain object cannot be found.
If you are logged into another computer joined to the domain, and you are
authenticated to the domain, perhaps you can use alternate credentials to
bind to the workgroup computer. Otherwise, if you are authenticated to the
workgroup computer, perhaps you can use alternate credentials to bind to
the domain object. For example:
======
Const ADS_SECURE_AUTHENTICATION = &H1
Const ADS_USE_ENCRYPTION = &H2
strUser = "MyAdmAcct"
strPassword = "xyz321q"
Set objNS = GetObject("WinNT:")
Set objDomainUser = objNS.OpenDSObject("WinNT://MyDomain/JimSmith,user", _
strUser, strPassword, _
ADS_SECURE_AUTHENTICATION Or ADS_USE_ENCRYPTION)
===========
You can use similar code to bind to a local object remotely while
authenticated to the domain. The ADsPath would specify the NetBIOS name of
the local computer rather than that of the domain.
--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--
.
- Follow-Ups:
- References:
- Prev by Date: Re: VBS = Error - ASP = OK - Why ??
- Next by Date: Re: VBS = Error - ASP = OK - Why ??
- Previous by thread: Re: If possible to add domain user to a workstation's local administrators group by scrpting?
- Next by thread: Re: If possible to add domain user to a workstation's local administrators group by scrpting?
- Index(es):
Relevant Pages
|
