[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Script to add local user to all domain pcs

Posted on 2007-09-29
12
Medium Priority
?
728 Views
Last Modified: 2008-01-09
I am looking for script to add local user to all machines under the domain.
0
Comment
Question by:Ahmed Abdel Salam
  • 3
  • 2
  • 2
  • +3
11 Comments
 
LVL 10

Expert Comment

by:pjasnos
ID: 19983668
tried:

net user %COMPUTERNAME%\user password /ADD

?
0
 
LVL 10

Expert Comment

by:pjasnos
ID: 19983671
(and setting is as computer startup script in GP)
0
 
LVL 70

Expert Comment

by:KCTS
ID: 19983773
You can use the restricted groups facility.
First create a security group and put the user(s) account in the group (this will make it easier to add or remove other users if needs change). Lect assume its called LAdmins

Either create ot modify a group policy (the default domain policy for example)

Go to Computer Configuration\Windows Settings\Security Settings\Restricted Groups), and then click Add Group

Select the group name you want to restrict ie. (Administrators)

Select the group and add the LAdmins domain group/

Note you need to run gpupdate /force for the policy to be applied and users may need to log off/on for the polict to be applied.
0
NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

 
LVL 57

Expert Comment

by:McKnife
ID: 19984049
In addition to KCTS: Please note that this procedure overwrites the former members of the group, so make sure that you don't miss users.
I recommend pjasnos solution but look at the syntax, it should be net localgroup. net help localgroup will help you.
0
 
LVL 6

Author Comment

by:Ahmed Abdel Salam
ID: 19984728
I think there is some miss understanding in quoestion. I would like to add user called 123 as a local user (member of local users group) on 200 pcs under my domain network .
I would like to this through scrript or GP so no need to go for each pc and do it manualy
also it will be very good if I can make this user can't change his password
0
 
LVL 70

Expert Comment

by:KCTS
ID: 19985279
The method I suggested (restricted groups) can do this. If you use a GPO it applies to all machines.

However, as with all these things its NOT good practive to give these rights to a user, put the user in a group, and then give the rights to the group - even if there is only one user in the group to begin with - it makes its easier to change/remove/add users later on if needs be.

See http://support.microsoft.com/kb/810076
0
 
LVL 26

Expert Comment

by:Farhan Kazi
ID: 19985298
:: ================
:: READ THIS FIRST
:: ================
:: * You need to have Administrative rights to run this script
:: * This script require "Computers.txt" file from where it will pick computer names.
:: * This script requires "PSExec.exe" (comes with PSTools) to execute bat file on remote system.
::     - Download it from Microsoft site
::       http://www.microsoft.com/technet/sysinternals/utilities/psexec.mspx
:: * You need to set 'UserName' and 'UserPassword' variables inside the script
::    - Like:
::              SET UserName=FKazi
::              SET UserPassword=P@ssw0rd
:: * Copy and Paste following script into notepad and save it with any name having .cmd extension.
:: SCRIPT START
@ECHO OFF
SETLOCAL EnableDelayedExpansion

:: Following variables required to set with actual values
SET UserName=FKazi
SET UserPassword=MyPassword

ECHO NET USER "%UserName%" "%UserPassword%" /ADD 2^>NUL^>NUL>UserInfo.cmd
ECHO NET LOCALGROUP Administrators "%UserName%" /ADD 2^>NUL^>NUL>>UserInfo.cmd
IF NOT EXIST Computers.txt Goto ShowErr
FOR %%R IN (Computers.txt) Do IF %%~zR EQU 0 Goto ShowErr
FOR /F %%c IN ('Type Computers.txt') Do (
      IF /I NOT "%%c"=="!COMPUTERNAME!" (
            Echo Processing: %%c
            PING -n 1 -w 1000 %%c|Find /I "TTL" >NUL
            IF NOT ErrorLevel 1 (
                  COPY /Y UserInfo.cmd \\%%c\C$\ >NUL
                  PSExec \\%%c C:\UserInfo.cmd >NUL
                  IF EXIST \\%%c\C$\UserInfo.cmd DEL /F /Q \\%%c\C$\UserInfo.cmd
            )ELSE (Echo %%c: Unable to connect)
      )ELSE (ECHO Skipping: %%c)
)      
Goto EndScript
:ShowErr
Echo "Computers.txt" file does not exist or file is empty!
:EndScript
IF EXIST UserInfo.cmd DEL /F /Q UserInfo.cmd
ENDLOCAL
EXIT /B 0
:: SCRIPT END
0
 
LVL 6

Author Comment

by:Ahmed Abdel Salam
ID: 19986160
KCTS
is it possible to make this user member of local users only not a member of local administrators? and is it possible to apply you method incase this user is not a dmonain user ?
please explain in more details how to do it.
0
 
LVL 57

Expert Comment

by:McKnife
ID: 19992516
KCTS, the restricted group method won't create any local group, nor any local user, will it? At least it doesn't in a win2k domain. The users and groups have to exist locally prior to configuring them through restricted groups. Or how do you do it?
0
 
LVL 57

Accepted Solution

by:
McKnife earned 2000 total points
ID: 20565716
If anyone is still interested: I learned recently, that there are two ways to use restricted groups. Can be read here and should solve your problem: http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_22501734.html
[to follow the "additive" example: you would then have to add your user to the group helpdesk]
0
 
LVL 1

Expert Comment

by:modus_operandi
ID: 20592918
Forced accept.
modus_operandi
EE Moderator
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question