Re: need to modify local group membership via VBscript

uh oh... i just realized....
if the domain admins group isnt in local admins, how will this script run?
if i run it while logged in with a domain admin account it will get access
denied. anyway to deal with this?


"Richard Mueller" <rlmueller-NOSPAM@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:%2332EbKMLGHA.3856@xxxxxxxxxxxxxxxxxxxxxxx
SixHouse wrote:

i have a bunch of remote workstations (some xp, some NT). i need to make
sure that the domain admins group is a member of the local admins group on
the workstation. can i do this if i have a text file that contains
workstation names?


Hi,

The following example VBScript program should help:

Option Explicit

Dim strDomain, strFile, objFSO, objFile
Dim strComputer, objLocalGroup, objDomainGroup

' Specify the NetBIOS name of the domain.
strDomain = "MyDomain"

' Specify the text file of NetBIOS computer names.
strFile = "c:\Scripts\computers.txt"

' Bind to Domain Admins group with WinNT provider.
Set objDomainGroup = GetObject("WinNT://" & strDomain _
& "/Domain Users,group")

' Open the text file for read access.
Set objFSO = CreateObject("Wscript.FileSystemObject")
Set objFile = objFSO.OpenTextFile(strFile, 1)

' Read each line of the file
Do Until objFile.AtEndOfStream
strComputer = Trim(objFile.ReadLine)
' Skip any blank lines.
If (strComputer <> "") Then
' Bind to local Administrators group with WinNT provider.
' Trap the error if the computer is not available.
On Error Resume Next
Set objLocalGroup = GetObject("WinNT://" & strComputer _
& "/Administrators,group")
If (Err.Number = 0) Then
On Error GoTo 0
' Check if the domain group is already
' a member of the local group.
If Not objLocalGroup.IsMember(objDomainGroup.AdsPath) Then
' Add the domain group to the local group.
objLocalGroup.Add(objDomainGroup.AdsPath)
Wscript.Echo strComputer & " - Domain Admins added"
Else
Wscript.Echo strComputer & " - Already done"
End If
Else
On Error GoTo 0
' Computer not found.
Wscript.Echo strComputer & " - Not found"
End If
End If
Loop

' Close the file
objFile.Close

' Clean up.
Set objFile = Nothing
Set objFSO = Nothing
Set objLocalGroup = Nothing
Set objDomainGroup = Nothing

--
Richard
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net



.

Relevant Pages

  • Re: need to modify local group membership via VBscript
    ... you will need to run the script using Group Policy... ... how to add a domain group to local administrators account: ... if the domain admins group isnt in local admins, ... On Error GoTo 0 ...
    (microsoft.public.windows.server.scripting)
  • Re: need to modify local group membership via VBscript
    ... sure that the domain admins group is a member of the local admins group on ... the workstation. ... ' Bind to Domain Admins group with WinNT provider. ... On Error GoTo 0 ...
    (microsoft.public.windows.server.scripting)
  • Re: need to modify local group membership via VBscript
    ... sure that the domain admins group is a member of the local admins group on ... the workstation. ... ' Bind to Domain Admins group with WinNT provider. ... On Error GoTo 0 ...
    (microsoft.public.windows.server.scripting)
  • Re: Using the Shutdown command over a network
    ... mabye one of the system accounts no longer supplies it's user credentials when challenged for access to a network resource. ... If I log onto an XP workstation as a member of the Domain Admins group and then run that script, it works for most PCs, but there will still be an occasional one that gives the same "Access denied" error message. ...
    (microsoft.public.windows.server.networking)
  • adding to a group
    ... Im having problems finding a script that works in XP that will take the ... domain admins group and add it to the local administrators group on the ...
    (microsoft.public.windowsxp.help_and_support)