Solved

Dynamically adding domain account to local administrator group

Posted on 2004-04-08
5
1,833 Views
Last Modified: 2012-05-04
Does anyone know of a way to add a users domain account to the local administrator group on any machine that they log into on the domain.  We are trying to setup a way for users to login and have full rights to the computer that they login to without us having to add them to the local administrators group by hand.  Thanks for the help.
0
Comment
Question by:jsmall562
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 17

Expert Comment

by:RDAdams
ID: 10786696
Create a global group LocalAdmin ensure this group exists on each computer as administrator

example domain-x\LocalAdmin as a member on each computer in Administrator group

Add users who need local admin to this group as needed.  If they no longer need the access then remove them from the group.  
0
 
LVL 17

Expert Comment

by:RDAdams
ID: 10786703
You still need to add to each computer but this could be done via a script or batch file.
0
 

Author Comment

by:jsmall562
ID: 10786760
RDAdams - I appreciate the response.... I have already thought of doing that to be honest but like you said that will still require adding that group to each computer.  You are correct in that I could do that withy a script but unfortunately my scripting skills arent quite that good yet.  If you could give me an example of a script that would do this that would be very helpful.  Thanks for the help.
0
 
LVL 17

Accepted Solution

by:
RDAdams earned 125 total points
ID: 10786906
see http://www.myitforum.com/articles/11/view.asp?id=2457


Add Global Groups to Local Admin Group
 
By: Rod Trent
Posted On: 3/25/2002

Use this script to add global (domain) groups to the local Administrators group.

Modify the items in bold to your specific information.

Copy and paste the following script (between the lines) into Notepad, making sure to have Word Wrap disabled, then save it with a .vbs extension.

==================================
On Error Resume Next

'get main objects/variables
Set ws = WScript.CreateObject ( "WScript.Shell" )
compname = ws.ExpandEnvironmentStrings ( "%COMPUTERNAME%" )
Set adGrp = GetObject ( "WinNT://" & compname & "/Administrators,group" )

'add domain groups to local admin group
adGrp.Add ( "WinNT://domain/groupname,group" )
adGrp.Add ( "WinNT://domain/groupname,group" )

'handle errors
If (Err.Number <> 0) Then
strError = "AddAdmins.vbs was unable to add the specified groups to the local Administrators group."
strError = strError & vbCrLf & vbCrLf
strError = strError & "Error #: " & Err.Number & vbCrLf
strError = strError & "Source: " & Err.Source & vbCrLf
strError = strError & "Description: " & Err.Description & vbCrLf
ws.LogEvent 1, strError
Else
ws.LogEvent 0, "The local Administrators group was successfully updated."
End If
==================================

NOTE: Make sure you have the latest scripting engines on the workstation you run this script from. Download the latest scripting engines here: Microsoft Scripting Home Page
 
 
0
 

Author Comment

by:jsmall562
ID: 10787103
Thanks for the quick response!!  I appreciate the help, this should work out perfect.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question