Batch file for giving administrative rights to user

Posted on 2005-03-08
Medium Priority
Last Modified: 2008-03-03
How do I create a batch file that will add domain users to the administrative user group on a temporary basis for the purpose of adding software to the workstation and then remove them from the admin group after the software is installed?
Question by:shafnguz
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 16

Accepted Solution

mdiglio earned 1140 total points
ID: 13486047
I really dont like this solution as it gives way too much power to every user in your domain.
Wait around and see what other suggestions come in.

net localgroup "administrators" "domain users" /add
net localgroup "administrators" "domain users" /delete

What OS are the clients ?

Assisted Solution

SKULLS_Hawk earned 60 total points
ID: 13486074

This should help with what you need.  Will probably be a large batch file.
LVL 16

Assisted Solution

mdiglio earned 1140 total points
ID: 13486089
If you have W2K or XP (w/0 local firewall ) then the suggestion I gave will allow anybody to have complete control over every workstation remotely.
Meaning they can shut down anyone's computer.
Connect to it by \\computer\c$.
Full registry access etc. etc.

To counteract that part you can enable
computer configuration >> windows settings >> security settings >> local policies >> User Rights addignment >> enable 'Access this computer from the network' and place a group or user in there that you would like to give this right to. Like Domain Admins.
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

LVL 16

Assisted Solution

mdiglio earned 1140 total points
ID: 13486103
ooops...I didn't explain that this would be a group policy placed above an OU that contains the computers
LVL 40

Assisted Solution

Fatal_Exception earned 300 total points
ID: 13486114
One idea may be to place the /delete batch into the startup folder, and instructing your users to reboot after the installation of software, thereby forcing that user back out of the local admin group...  If they 'think' that this is necessary (the reboot) it will solve the security issue, but it is not perfect as some users may not comply...
LVL 40

Expert Comment

ID: 13486602
Great!  and thanks..


Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question