Re: run script as local admin fails

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: "Richard Mueller [MVP]" <rlmueller-nospam@xxxxxxxxxxxxxxxxxxxx>
Date: Tue, 5 Feb 2008 13:16:12 -0600

tony wrote:

Here is my script to add a domain user to the local admin group on each
machine.

The problem i am seeing is I am logged in as a local admin and the local
admin cannot browse and add users from the domain.

What should i do to resolve this situation? so far, I have to add a domain
user to the local admin group on each machine and then run the script as
that domain user.

-----------------

on error resume next

Set objNet = WScript.CreateObject( "WScript.Network" )
Const FOR_READING = 1
strFilename = "c:\scripts\hosts.txt"
strUser = "testuser"
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextStream = objFSO.OpenTextFile(strFilename, FOR_READING)
Do Until objTextStream.AtEndOfStream

strComputer = objTextStream.ReadLine
Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")
Set objUser = GetObject("WinNT://domain/user")
objGroup.Add(objUser.ADsPath)

Loop

------------------------

Logon as a member of the Domain Admins group. By default, the group Domain
Admins is a member of the local Administrators group on all computers joined
to the domain. Then you can add members to the local Administrators group
remotely. In order to bind to domain user objects, you must be authenticated
to the domain, not a local computer.

Using "On Error Resume Next" will make troubleshooting very difficult. In
your snippet you are not using the variable strUser. I would expect the "Set
objUser" statement to raise an error. Also, performance would be much better
if the user object were bound outside of the loop, so it is only bound once.

--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--

.

References:
- run script as local admin fails
  - From: tony

Prev by Date: run script as local admin fails
Next by Date: Script to rename PC's
Previous by thread: run script as local admin fails
Next by thread: Script to rename PC's
Index(es):
- Date
- Thread

Relevant Pages

Re: Loginscript is lacking credentials.........
... computer configuration \ windows settings \ restricted groups ... machine is a member of the local administrators group him/herself, ... I was under the impressions that all GPO's ran with top admin credentials. ...
(microsoft.public.windows.server.active_directory)
Re: Active Directory: General Access denied
... your account is not a member of the local Administrators group on one of the ... You can redirect the output of the script to a text file. ... the local Administrators group when the computer is joined to the domain. ... ' Adds the list of users from users.txt to the local admin group on ...
(microsoft.public.scripting.vbscript)
Re: Cant add domain administrator to directory users names
... > machine is definitely a member of the domain though. ... Maybe delete the machine account and rejoin the domain? ... domain_name\Domain Admins group to the local administrators group? ... I have local admin on my XP Professional machine through a domain ...
(microsoft.public.windowsxp.security_admin)
Re: Loginscript is lacking credentials.........
... In my loginscript, that I execute via GPO, I have code that adds a certain ... machine is a member of the local administrators group him/herself, ... I was under the impressions that all GPO's ran with top admin credentials. ... If this is not the case, how do I make the script run with admin credetials? ...
(microsoft.public.windows.server.active_directory)
Re: XP pro not accepting user permisions from 2k server
... Check the membership of the local Administrators group. ... and you have logged in with the account you ... > member of domain admin as well as enterprise admin, ...
(microsoft.public.windowsxp.security_admin)