• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 540
  • Last Modified:

Batch file for giving administrative rights to user

How do I create a batch file that will add domain users to the administrative user group on a temporary basis for the purpose of adding software to the workstation and then remove them from the admin group after the software is installed?
0
shafnguz
Asked:
shafnguz
  • 3
  • 2
5 Solutions
 
mdiglioCommented:
Hello,
I really dont like this solution as it gives way too much power to every user in your domain.
Wait around and see what other suggestions come in.

net localgroup "administrators" "domain users" /add
net localgroup "administrators" "domain users" /delete

What OS are the clients ?
0
 
SKULLS_HawkCommented:
http://www.windowsitpro.com/Web/Article/ArticleID/9124/9124.html

This should help with what you need.  Will probably be a large batch file.
0
 
mdiglioCommented:
If you have W2K or XP (w/0 local firewall ) then the suggestion I gave will allow anybody to have complete control over every workstation remotely.
Meaning they can shut down anyone's computer.
Connect to it by \\computer\c$.
Full registry access etc. etc.

To counteract that part you can enable
computer configuration >> windows settings >> security settings >> local policies >> User Rights addignment >> enable 'Access this computer from the network' and place a group or user in there that you would like to give this right to. Like Domain Admins.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
mdiglioCommented:
ooops...I didn't explain that this would be a group policy placed above an OU that contains the computers
0
 
Fatal_ExceptionCommented:
One idea may be to place the /delete batch into the startup folder, and instructing your users to reboot after the installation of software, thereby forcing that user back out of the local admin group...  If they 'think' that this is necessary (the reboot) it will solve the security issue, but it is not perfect as some users may not comply...
0
 
Fatal_ExceptionCommented:
Great!  and thanks..

FE
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now