Re: need to modify local group membership via VBscript
- From: <no@xxxxxxxx>
- Date: Thu, 9 Feb 2006 04:58:12 -0500
another problem...
i have 3,000+ NT workstations, no group policy.
:(
"Richard Mueller" <rlmueller-NOSPAM@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:%23NK$OpRLGHA.532@xxxxxxxxxxxxxxxxxxxxxxx
Hi,
I should have realized you need to be admin to begin with for this work
remotely. The script I posted was orginally used to add another domain
group to the local Administrators group. It only worked if Domain Admins
was already a member.
Startup scripts run with System privileges on the local machine. They run
with the permissions of the computer object in the domain. A Startup
script can add domain groups to the local Administrators group. Here is a
version intended to run as a Startup script, configured in Group Policy:
=====================
Option Explicit
Dim strDomain, objNetwork, strComputer
Dim objLocalGroup, objDomainGroup
' Specify the NetBIOS name of the domain.
strDomain = "MyDomain"
' Retrieve NetBIOS name of local computer.
Set objNetwork = CreateObject("Wscript.Network")
strComputer = objNetwork.ComputerName
' Bind to local Administrators group.
Set objLocalGroup = GetObject("WinNT://" & strComputer _
& "/Administrators,group")
' Bind to domain group.
Set objDomainGroup = GetObject("WinNT://" & strDomain & "/Domain
Admins,group")
' Check if the domain group is already a member of the local group.
If Not objLocalGroup.IsMember(objDomainGroup.AdsPath) Then
' Add the domain group to the local group.
objLocalGroup.Add(objDomainGroup.AdsPath)
End If
' Clean up.
Set objNetwork = Nothing
Set objLocalGroup = Nothing
Set objDomainGroup = Nothing
--
Richard
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
"Umesh Thakur" <UmeshThakur@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6CB66E46-1A04-4B53-BCA1-D65003CDA0E7@xxxxxxxxxxxxxxxx
well, you will need to run the script using Group Policy...
set the policy so that script runs when computer starts.
no need to get the list of computers from a text file, below is a MS
article
on
how to add a domain group to local administrators account:
http://www.microsoft.com/technet/scriptcenter/resources/qanda/sept05/hey0923.mspx
all computers that will be affected by group policy, will execute the
script
and
the domain group tht you will specify, will be added to local
administrators
account. no need to worry about admin privileges as the script runs under
system/localsystem account (not exactly sure, but its admin account)
--
When you are unable to keep your eyes open, do go and sleep for few
hours!!!
"SixHouse" wrote:
uh oh... i just realized....
if the domain admins group isnt in local admins, how will this script
run?
if i run it while logged in with a domain admin account it will get
access
denied. anyway to deal with this?
"Richard Mueller" <rlmueller-NOSPAM@xxxxxxxxxxxxxxxxxxxx> wrote in
message
news:%2332EbKMLGHA.3856@xxxxxxxxxxxxxxxxxxxxxxx
SixHouse wrote:
i have a bunch of remote workstations (some xp, some NT). i need to
make
sure that the domain admins group is a member of the local admins
group on
the workstation. can i do this if i have a text file that contains
workstation names?
Hi,
The following example VBScript program should help:
Option Explicit
Dim strDomain, strFile, objFSO, objFile
Dim strComputer, objLocalGroup, objDomainGroup
' Specify the NetBIOS name of the domain.
strDomain = "MyDomain"
' Specify the text file of NetBIOS computer names.
strFile = "c:\Scripts\computers.txt"
' Bind to Domain Admins group with WinNT provider.
Set objDomainGroup = GetObject("WinNT://" & strDomain _
& "/Domain Users,group")
' Open the text file for read access.
Set objFSO = CreateObject("Wscript.FileSystemObject")
Set objFile = objFSO.OpenTextFile(strFile, 1)
' Read each line of the file
Do Until objFile.AtEndOfStream
strComputer = Trim(objFile.ReadLine)
' Skip any blank lines.
If (strComputer <> "") Then
' Bind to local Administrators group with WinNT provider.
' Trap the error if the computer is not available.
On Error Resume Next
Set objLocalGroup = GetObject("WinNT://" & strComputer _
& "/Administrators,group")
If (Err.Number = 0) Then
On Error GoTo 0
' Check if the domain group is already
' a member of the local group.
If Not objLocalGroup.IsMember(objDomainGroup.AdsPath) Then
' Add the domain group to the local group.
objLocalGroup.Add(objDomainGroup.AdsPath)
Wscript.Echo strComputer & " - Domain Admins added"
Else
Wscript.Echo strComputer & " - Already done"
End If
Else
On Error GoTo 0
' Computer not found.
Wscript.Echo strComputer & " - Not found"
End If
End If
Loop
' Close the file
objFile.Close
' Clean up.
Set objFile = Nothing
Set objFSO = Nothing
Set objLocalGroup = Nothing
Set objDomainGroup = Nothing
--
Richard
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
.
- Follow-Ups:
- Re: need to modify local group membership via VBscript
- From: Richard Mueller
- Re: need to modify local group membership via VBscript
- References:
- need to modify local group membership via VBscript
- From: SixHouse
- Re: need to modify local group membership via VBscript
- From: Richard Mueller
- Re: need to modify local group membership via VBscript
- From: SixHouse
- Re: need to modify local group membership via VBscript
- From: Umesh Thakur
- Re: need to modify local group membership via VBscript
- From: Richard Mueller
- need to modify local group membership via VBscript
- Prev by Date: Re: [MSH] Process AliasProperty VS
- Next by Date: Re: adding a custom url to many users
- Previous by thread: Re: need to modify local group membership via VBscript
- Next by thread: Re: need to modify local group membership via VBscript
- Index(es):
Relevant Pages
|
