Re: scripting help needed

Darren wrote:

> I need a script that would add the current logged on domain user to the
> local power user group IF the logged on %username% matches the local
> %computername%..
>
> So far I just have something like this
> net localgroup power users /add "%domainname%\%username%"
>

Hi,

This cannot be done in a logon script, as the user does not have permission
to add themselves to a local group. This could be done in a Startup script
(configured with Group Policy). Startup scripts run with System permissions
on the local computer and can add domain users (or better yet, domain
groups) to local groups. You would need to code the Startup script so it
does not attempt to add the user to the group repeatedly.

For information on configuring Startup scripts with Group Policy, see this
link:

http://www.rlmueller.net/LogonScriptFAQ.htm

An example VBScript program to run as a Startup script and accomplish this
could be:

=====================
Option Explicit

Dim strDomain, objNetwork, strComputer
Dim objLocalGroup, objDomainUser

' Specify the NetBIOS name of the domain.
strDomain = "MyDomain"

' Retrieve NetBIOS name of local computer.
Set objNetwork = CreateObject("Wscript.Network")
strComputer = objNetwork.ComputerName

' Bind to local Power Users group.
Set objLocalGroup = GetObject("WinNT://" & strComputer & "/Power
Users,group")

' Bind to domain user with same name as NetBIOS name of computer.
' Trap the error if the user does not exist.
On Error Resume Next
Set objDomainUser = GetObject("WinNT://" & strDomain & "/" & strComputer &
",user")
If (Err.Number <> 0) Then
' User not found, abort.
Wscript.Quit
End If
' Restore normal error handling.
On Error GoTo 0

' Check if this domain user is already a member of the local group.
If Not objLocalGroup.IsMember(objDomainUser.AdsPath) Then
' Add the domain user to the local group.
objLocalGroup.Add(objDomainUser.AdsPath)
End If

' Clean up.
Set objNetwork = Nothing
Set objLocalGroup = Nothing
Set objDomainUser = Nothing
=====================

A better approach might be to modify the group memberships remotely. You
could hard code the computer name(s), pass NetBios names a parameters to the
script, or read computer names from a text file. An example of the latter
follows:

=====================
Option Explicit

Dim strDomain, strFile, objFSO, objFile
Dim strComputer, objLocalGroup, objDomainUser

' Specify the NetBIOS name of the domain.
strDomain = "MyDomain"

' Specify the text file of NetBIOS computer names.
strFile = "c:\Scripts\computers.txt"

' Open the text file for read access.
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile(strFile, 1)

' Read each line of the file
Do Until objFile.AtEndOfStream
strComputer = Trim(objFile.ReadLine)
' Skip any blank lines.
If (strComputer <> "") Then
' Bind to corresponding domain user object.
' Trap the error if the user object does not exist.
On Error Resume Next
Set objDomainUser = GetObject("WinNT://" & strDomain & "/" &
strComputer & ",user")
If (Err.Number = 0) Then
On Error GoTo 0
' User object exists. Bind to local Power Users group on the
remote computer.
' Trap the error if the computer is offline.
On Error Resume Next
Set objLocalGroup = GetObject("WinNT://" & strComputer & "/Power
Users,group")
If (Err.Number = 0) Then
On Error GoTo 0
' The group has been bound.
' Check if the domain user is already a member of the local
group.
If Not objLocalGroup.IsMember(objDomainUser.AdsPath) Then
' Add the domain user to the local group.
objLocalGroup.Add(objDomainUser.AdsPath)
End If
Else
On Error GoTo 0
' Computer or local group not found.
Wscript.Echo "Cannot bind to local group on computer " &
strComputer
End If
Else
On Error GoTo 0
' User object not found.
Wscript.Echo "Domain User " & strComputer & " not found."
End If
End If
Loop

' Close the file
objFile.Close

' Clean up.
Set objFile = Nothing
Set objFSO = Nothing
Set objLocalGroup = Nothing
Set objDomainUser = Nothing

--
Richard
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net


.

Relevant Pages

  • Re: Script to read Computers in AD
    ... I need some help with this script. ... objNewFile.WriteLine strComputer & " does not exist." ... This is not necessarily the same as the NetBIOS name of the ... The sAMAccountName attribute of computer objects is the NetBIOS name of the ...
    (microsoft.public.windows.server.active_directory)
  • Re: help needed moving mulitple computer accounts
    ... I tried running the script usicng Cscript and got the following error: ... Dim strComputer, strComputerDN, objComputer ... ' Specify text file of computer NetBIOS names. ... ' Specify log file. ...
    (microsoft.public.scripting.vbscript)
  • Re: help needed moving mulitple computer accounts
    ... I tried running the script usicng Cscript and got the following error: ... Dim strComputer, strComputerDN, objComputer ... ' Specify text file of computer NetBIOS names. ... ' Specify log file. ...
    (microsoft.public.scripting.vbscript)
  • Re: query logged on users on remote system
    ... This is the base script that I got from Microsoft ... Set colComputer = objWMIService.ExecQuery _ ... strComputer = Split ... If each line has comma delimited values, and the first value is the NetBIOS ...
    (microsoft.public.windows.server.scripting)
  • Re: Given a list of domain computers - how can I script the placement of these computers into a
    ... Given a list of domain computers - how can I script the placement of ... file has the NetBIOS names of the computers, ... Dim strComputer, strComputerDN, strDomain ... ' Specify file of NetBIOS names of computers to move. ...
    (microsoft.public.windows.server.active_directory)