Link to home
Start Free TrialLog in
Avatar of JohnHockett
JohnHockett

asked on

VBScript to add local user to local administrators group.

Need help with this script. - Adding a local user to a remote system and adding them to the local admionistrators group.  Everything but the "add to local administrators group" works.

On Error Resume Next

strComputer = inputbox("Enter Computer Name or IP address")
strPassword = "abc123" 'inputbox("Enter Password")

Set colAccounts = GetObject("WinNT://" & strComputer & "")
Set objUser = colAccounts.Create("user", "NewUserAccount")
objUser.SetPassword strPassword
objUser.SetInfo

Set objUser = GetObject("WinNT://" & strComputer & "/NewUserAccount, user")
objUser.SetPassword strPassword
objUser.SetInfo

'Set the password to never expire.
Set objUser = GetObject("WinNT://" & strComputer & "/NewUserAccount,user")
objGroup.Add(objUser.ADsPath)
Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
Set objUser = GetObject("WinNT://" & strComputer & "/NewUserAccount, user")
objUserFlags = objUser.Get("UserFlags")
objPasswordExpirationFlag = objUserFlags OR ADS_UF_DONT_EXPIRE_PASSWD
objUser.Put "userFlags", objPasswordExpirationFlag
objUser.SetInfo

'Add user to Local Administrators Group
Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators,group")
Set objUser = GetObject("WinNT://" & strComputer & "/NewUserAccount,user")
objGroup.Add(objUser.ADsPath)

wscript.Echo "NewUserAccount password has been set on " & strComputer
Avatar of sirbounty
sirbounty
Flag of United States of America image

Try this...not sure why you're duplicating some effort here?


On Error Resume Next

strComputer = inputbox("Enter Computer Name or IP address")
strPassword = "abc123" 'inputbox("Enter Password")

Set colAccounts = GetObject("WinNT://" & strComputer & "")
Set objUser = colAccounts.Create("user", "NewUserAccount")
objUser.SetPassword strPassword
objUser.SetInfo
'already have a reference to objUser...

'not sure where you're defining objGroup?
'objGroup.Add(objUser.ADsPath)

Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
If objUser.UserFlags And ADS_UF_DONT_EXPIRE_PASSWD Then
  objUser.UserFlags=objUser.UserFlags XoR ADS_UF_DONT_EXPIRE_PASSWD
End If
objUser.SetInfo

'Add user to Local Administrators Group
Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators,group")
objGroup.Add(objUser.ADsPath)
SOLUTION
Avatar of Ron Malmstead
Ron Malmstead
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of JohnHockett
JohnHockett

ASKER


sirbounty
duplicate effort because I am not a programmer...

I tried your suggestion and it creates the account, but does not change the Password Never Expire flag or add to admin group.
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thanks for all your help.  None of the solutions added here worked for me.  I did find someone at my company that provided this script below and it worked great for me.  I thought I would share it here in case someone else had the same need as me in the future.

Script...
'*************************  Change this variable to path of file *****


Const ServerFile="Servers.txt"
Const LogFile="ServersOutput.log"
Const ADS_UF_PASSWD_CANT_CHANGE = &H0040
Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000
Const ForAppending = 8
Const ForReading = 1

 
NewAdminUser = "Username"
AdminPwd= "Password"
NewUser= "Username1"
NewPwd = "Password1!"
sGroupName="Administrators"

'*****************************************************************


Dim objFSO, objShell, objTextFile, WshNetwork, objping
dim objWMIService

Set WshNetwork = CreateObject("WScript.Network")
Set objFSO = CreateObject("Scripting.FileSystemObject")



set oArgs=wscript.arguments
If oArgs.Count = 1 Then
    strComputer = Ucase(oArgs.item(0))
    AddLog "Starting processing of " & strComputer
    'Wscript.Echo "strComputer=" & strComputer
    strPingStatus = PingTest(strComputer)
    If strPingStatus = "True" Then
        AddLog "Success contacting " & strcomputer
        ConfigureAccounts sGroupName,NewUser,strComputer,NewPwd
        ConfigureAccounts sGroupName,NewAdminUser,strComputer,AdminPwd

    Else
        AddLog "Error - Unable to contact server " & strcomputer
    End If
    wscript.echo "Complete"
else
   On Error Resume Next
   Set objServerFile = objFSO.OpenTextFile(ServerFile, ForReading)
   wscript.echo "File read and read to process.  Click OK to continue."
  Do While objServerFile.AtEndOfStream <> True
           filestr = objServerFile.Readline
           TmpArray = Split(Filestr , chr(9))
         StrComputer=UCASE(TmpArray(0))
           ServerType=UCASE(TmpArray(1))
         strPingStatus=""
           AddLog "Starting processing of " & strComputer
          strPingStatus = PingTest(strComputer)
          If strPingStatus = "True" Then
              AddLog "Success contacting " & strcomputer
                  ConfigureAccounts sGroupName,NewUser,strComputer,NewPwd
                  ConfigureAccounts sGroupName,NewAdminUser,strComputer,AdminPwd
            ConfigTCAccounts
          Else
              AddLog "Error - Unable to contact server " & strcomputer
          End If
        ' wscript.quit
   Loop
   Addlog "Processing complete for " & strComputer
   wscript.echo "Complete"

End If



'********************************************************************************



 

Sub ConfigureAccounts(strGroup,strAccount,strComputer,strPassword)
    On Error Resume Next
  Set objUser = GetObject("WinNT://" & strComputer & "/" & strAccount & ",user")
  If Err.Number<> 0 Then
    ' wscript.echo " create" & err.number
      Addlog "Creating " & strAccount &  " on " & strComputer
      Set colAccounts = GetObject("WinNT://" & strComputer & "")
      Set objUser = colAccounts.Create("user", strAccount)
      objUser.Put "PasswordExpired", 0
      objPasswordDontExpireFlag = objUser.UserFlags OR ADS_UF_DONT_EXPIRE_PASSWD
      objUser.Put "userFlags", objPasswordDontExpireFlag
      objPasswordNoChangeFlag = objUser.UserFlags OR ADS_UF_PASSWD_CANT_CHANGE
      objUser.Put "userFlags", objPasswordNoChangeFlag
      objUser.SetPassword strPassword
      objUser.SetInfo
      Set objGroup = GetObject("WinNT://" & strComputer & "/" & strGroup)
      Set objUser = GetObject("WinNT://" & strAccount)
      objGroup.Add(objUser.ADsPath)
     If Err.Number <> 0 and err.number <> -2147463168 and err.number <> -2147023518  Then
          'wscript.echo "Can't add " & strAccount & " account to the local admins group"
      AddLog "Failed to add " & strAccount & " to the local admins group"
     Else
      AddLog "Succesfully added " & strAccount & " to the local admins group"
     End if

      Addlog "Successfully created " & strAccount & " on " & strComputer

  else
     Addlog "Configuring " & strAccount & " on " & strComputer
     objUser.Put "PasswordExpired", 0
     objPasswordDontExpireFlag = objUser.UserFlags OR ADS_UF_DONT_EXPIRE_PASSWD
     objUser.Put "userFlags", objPasswordDontExpireFlag  
     objPasswordNoChangeFlag = objUser.UserFlags OR ADS_UF_PASSWD_CANT_CHANGE
     objUser.Put "userFlags", objPasswordNoChangeFlag
     objUser.SetPassword strPassword
     objUser.SetInfo
     Set objGroup = GetObject("WinNT://" & strComputer & "/" & strgroup)
     Set objUser = GetObject("WinNT://" & strAccount)
     objGroup.Add(objUser.ADsPath)
     If Err.Number <> 0 and err.number <> -2147463168 and err.number <> -2147023518   Then
          wscript.echo "Can't add " & strAccount & " account to the local admins group"
      AddLog "Failed to add " & strAccount & " to the local admins group"
     Else
      AddLog "Succesfully added " & strAccount & " to the local admins group"
     End if
     Addlog "Successfully configured " & strAccount & " on " & strComputer
  end if
End Sub


Sub AddLog(NewLogEntry)
   Const ForAppending = 8
   Dim fso
   Dim fsoLogFile
   Set fso = WScript.CreateObject("Scripting.FileSystemObject")
   Set fsoLogFile = fso.OpenTextFile(logfile, ForAppending, True)
   fsoLogFile.WriteLine Now & " " & NewLogEntry
   fsoLogFile.Close
End Sub





Function PingTest(strHostOrIP)
'wscript.echo strHostOrIP
  Dim objSh, strCommand, intWindowStyle, blnWaitOnReturn
  blnWaitOnReturn = True
  intWindowStyle = 0
  strCommand = "%ComSpec% /C %SystemRoot%\system32\ping.exe -n 1 " _
  & strHostOrIP & " | " & "%SystemRoot%\system32\find.exe /i " _
  & Chr(34) & "TTL=" & Chr(34)
  Set objSh = WScript.CreateObject("WScript.Shell")
  PingTest = Not CBool(objSh.Run(strCommand, intWindowStyle, _
  blnWaitOnReturn))
  'wscript.echo "1 pingtest=" & pingTest

  Set objSh = Nothing
End Function