Solved

how to remotely add my domain account to local admin group

Posted on 2007-04-03
10
678 Views
Last Modified: 2010-08-05
Hello,

Im trying to remotely scan computers on my network to find information such as service tag, software inventory, windows user ID's, etc..using a third party software tool.

I am logged in to my PC as ourdomain\myuserID and I am not in the local admin group on the remote PC's. I am not a domain admin nor do I have access to edit GPO's, etc. I do have the local admin password for the local admin account. My question is: Is there a way to remotely add my domain account to the local administrators group of the remote PC's?

thanks
0
Comment
Question by:mr_e_technician
10 Comments
 
LVL 67

Expert Comment

by:sirbounty
ID: 18846991
Nope - not unless you have domain admin priveledges, or the local admin credentials for the remote PC...sorry.
0
 

Author Comment

by:mr_e_technician
ID: 18847664
When you say local admin credentials do you mean the local admin password? I do have the local admin passwords for each workstation.
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 18847682
Is it the same for each system?
0
 

Author Comment

by:mr_e_technician
ID: 18847692
Mostly, there are about 3 variations throughout the WAN
0
 
LVL 1

Expert Comment

by:DARKMOON
ID: 18848199
I do have the local admin password for the local admin account. My question is: Is there a way to remotely add my domain account to the local administrators group of the remote PC's?

Have you tried doing this?

1. Right click My computer | Manage
2. Right click Computer Management (Local) | Connect to another computer
3. key in the computer name of the remote PC
4. If it asks you for a username and password, key in \\localcomputername\localadminaccountname and the password
5. add your domain account in the local Administrators group
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 66

Expert Comment

by:johnb6767
ID: 18848432
It should probably prompt for Domain Admin credentials when doing this, because it is going to query AD and the local admin probably doesnt have the rights to do so.
0
 
LVL 7

Accepted Solution

by:
tymes earned 250 total points
ID: 18850609
DARKMOON's suggestion should work.

You may just want to establish credentials remotely using the local accounts and not bother with the domain at all...

net use \\%remotemachine%\ipc$  /user:%remotemachine%\localadmin password

At this point you may be able to do whatever you wanted to do without needing to add your account... or after that step you would want to remotely locally run this command....

net localgroup administrators domain\myuserID /add

You would do this with wmi remote scripting or PSEXEC from sysinternals, this is the non-gui version of DARKMOON's suggestion, but as such it could be automated and you could do 20 machines quickly.
0
 

Author Comment

by:mr_e_technician
ID: 18867654

Thanks for all the comments, Ive been pretty slammed at work and haven't had a chance to "try and reply".

Since I am logged in to my Laptop with my domain account, right clicking my comp and attempting to manage another PC does not prompt me for an ID/password. But when I try to add myself to the local admin group, I get access denied.

I did try the command line 'net use' command and that seemed to work, but strangely. After running the first command it said command completed successfully. The second command said I was already in the admin group, but I know for a fact that I was not. However when I run those commands on a specific IP of a workstation AND THEN try the right click manage, manage remote pc, etc. It works without giving me the access denied message. I have to do this by IP because ping -a is not giving me any names for some reason...

Any insights as to why this is happening or ideas on how to automate this for multiple PC's? Right now the only way I can do it is one at a time...
0
 

Author Comment

by:mr_e_technician
ID: 18877944

The other questions will be posted separately
thanks -
0
 
LVL 5

Expert Comment

by:kumar_jac
ID: 24664086
Here is a best method and solution for ur request:
Download PSTools from sysinternals and use the below script and create a bat file. Its cool.
psexec  \\"remote server name"  net localgroup "Administrators" "Domainname/group name" /ADD
 Cheers
 
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now