• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 203
  • Last Modified:

Assign everyone to the local user group using a log on script

I have taken over an administrator job for a company.  the old network admin had users assigned to the local admin group on their PC's.  Is there a log on script out there that will assign all users in an OU to the local users group?
0
scrosbie
Asked:
scrosbie
  • 2
  • 2
1 Solution
 
Chris DentPowerShell DeveloperCommented:

Domain Users are normally members of the Local Users group for a member machine - this is generally inclusive of all users in AD unless membership has been significantly changed.

Are you attempting to strip out the members of the Local Administrators group and re-add them to Users?

This script works best as Administrator, I haven't tested it with local administrator only, it won't do anything as a normal user.

Otherwise this will add the contents of a specific OU to the local users group:

' Connect to the OU in AD and get the users

Set objOU = GetObject("LDAP://cn=Users,dc=yourdomain,dc=com")
objOU.Filter = Array("user")

' Connect to the Users group on the local computer

Set objGroup = GetObject("WinNT://Localhost/Users,group")

For Each objUser in objOU
      ' Now the fun bit, reconnect to the user account in the interface objGroup likes

      Set objDomainUser = GetObject("WinNT://<Domain Name>/" & objUser.sAMAccountName & ",user")
      objGroup.Add(objDomainUser.ADSPath)
      Set objDomainUser = Nothing
Next

Set objUser = Nothing
Set objGroup = Nothing
Set objOU = Nothing

Let me know how you get on.

HTH

Chris
0
 
scrosbieAuthor Commented:
Im trying to strip everyone who has local admin rights.  THis looks like its on the right track... I will test and let you know ASAP
0
 
scrosbieAuthor Commented:
Worked had to tweak a little but worked well done
0
 
Chris DentPowerShell DeveloperCommented:

Happy it helped :)
0
 
emilbus20Commented:
Just curious if that script was able to remvoe them from the local admin group. I tryed and it looks like it added them to the local users group, but they are still in local admin. Any changes you made in that script are appreciated. Thanks
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now