Re: Login Script
From: scott (sbailey_at_mileslumber.com)
Date: 12/20/04
- Next message: Marty: "Child domain trusts"
- Previous message: Dooma: "Re: UPN logon"
- In reply to: Herb Martin: "Re: Login Script"
- Next in thread: Herb Martin: "Re: Login Script"
- Reply: Herb Martin: "Re: Login Script"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 20 Dec 2004 12:55:32 -0600
My goal is to have a user account just be a member of "DOMAIN USERS" but
still be a "LOCAL ADMINISTRATOR".
Basically, I'd want the user to be able to install/uninstall programs on
their PCs.
Do you have a better suggestion?
"Herb Martin" <news@LearnQuick.com> wrote in message
news:%231pitFr5EHA.2568@TK2MSFTNGP10.phx.gbl...
> "scott" <sbailey@mileslumber.com> wrote in message
> news:#rT$cjp5EHA.828@TK2MSFTNGP14.phx.gbl...
>> what about a group instead of a user?
>>
>> what would that look like syntax wise?
>
> Let's go back to your original request and consider
> what you really wish to accomplish:
>
>> I'm trying to add the current user (member of DOMAIN USER GROUP) to the
>> LOCAL ADMINISTRATORS group with below code in FIGURE 1, but get error in
>
> IF someone should be a member of the Local Admistrators
> group then YOU (or a script on the DCs) should be adding
> them to the appropriate group.
>
> This isn't appropriate for a Startup or Logon script.
> (The user cannot add himself nor can the computer startup
> add a user who has not yet logged onto the computer -- as
> discussed above)
>
> If ALL users should be Admins of ALL machines (which
> is essentially what you were really going to allow -- If
> I COULD log onto a machine you were going to make me
> an Admin -- then just do that by making such a group or
> assigning the Domain Admins.
>
> Although I see this, and the original request, as poor
> practice, you likely also will likely also recognize this
> when stated as such.
>
> We could build a Startup script that would do this IF
> you can identify the users who work at each machine.
>
> --
> Herb Martin
>
>
> "scott" <sbailey@mileslumber.com> wrote in message
> news:#rT$cjp5EHA.828@TK2MSFTNGP14.phx.gbl...
>> what about a group instead of a user?
>>
>> what would that look like syntax wise?
>>
>> "Deji Akomolafe" <noemail@akomolafe.dotcom> wrote in message
>> news:ekX8Kyl5EHA.2428@TK2MSFTNGP14.phx.gbl...
>> > Ah, you are correct. Missed that :(
>> >
>> > --
>> >
>> >
>> > Sincerely,
>> >
>> > Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
>> > Microsoft MVP - Directory Services
>> > www.readymaids.com - we know IT
>> > www.akomolafe.com
>> > Do you now realize that Today is the Tomorrow you were worried about
>> > Yesterday? -anon
>> > "Herb Martin" <news@LearnQuick.com> wrote in message
>> > news:eXWiZji5EHA.2540@TK2MSFTNGP09.phx.gbl...
>> >> "Deji Akomolafe" <noemail@akomolafe.dotcom> wrote in message
>> >> news:uDSajUi5EHA.2624@TK2MSFTNGP11.phx.gbl...
>> >> > the variable is %username%. So your syntax would be:
>> >> >
>> >> > net localgroup administrators yourdomainname\%username% /ADD
>> >> >
>> >> > That would add ANY user that logs into the computer into the
>> >> administrators'
>> >> > group IF you are using Machine Startup Script through a GPO as
>> >> > suggested
>> >> by
>> >> > Oli. This may be something you want to do in a controlled fashion.
>> >>
>> >> Sorry, this will not work as expected.
>> >>
>> >> At the time that a Computer Startup Script runs, there is
>> >> NO user and the %username% variable is holds no value.
>> >>
>> >>
>> >>
>> >
>> >
>>
>>
>
>
- Next message: Marty: "Child domain trusts"
- Previous message: Dooma: "Re: UPN logon"
- In reply to: Herb Martin: "Re: Login Script"
- Next in thread: Herb Martin: "Re: Login Script"
- Reply: Herb Martin: "Re: Login Script"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
