Script to add local user to all domain pcs

Posted on 2007-09-29
Last Modified: 2008-01-09
I am looking for script to add local user to all machines under the domain.
Question by:Ahmed Abdel Salam
    LVL 10

    Expert Comment


    net user %COMPUTERNAME%\user password /ADD

    LVL 10

    Expert Comment

    (and setting is as computer startup script in GP)
    LVL 70

    Expert Comment

    You can use the restricted groups facility.
    First create a security group and put the user(s) account in the group (this will make it easier to add or remove other users if needs change). Lect assume its called LAdmins

    Either create ot modify a group policy (the default domain policy for example)

    Go to Computer Configuration\Windows Settings\Security Settings\Restricted Groups), and then click Add Group

    Select the group name you want to restrict ie. (Administrators)

    Select the group and add the LAdmins domain group/

    Note you need to run gpupdate /force for the policy to be applied and users may need to log off/on for the polict to be applied.
    LVL 52

    Expert Comment

    In addition to KCTS: Please note that this procedure overwrites the former members of the group, so make sure that you don't miss users.
    I recommend pjasnos solution but look at the syntax, it should be net localgroup. net help localgroup will help you.
    LVL 6

    Author Comment

    by:Ahmed Abdel Salam
    I think there is some miss understanding in quoestion. I would like to add user called 123 as a local user (member of local users group) on 200 pcs under my domain network .
    I would like to this through scrript or GP so no need to go for each pc and do it manualy
    also it will be very good if I can make this user can't change his password
    LVL 70

    Expert Comment

    The method I suggested (restricted groups) can do this. If you use a GPO it applies to all machines.

    However, as with all these things its NOT good practive to give these rights to a user, put the user in a group, and then give the rights to the group - even if there is only one user in the group to begin with - it makes its easier to change/remove/add users later on if needs be.

    LVL 26

    Expert Comment

    :: ================
    :: ================
    :: * You need to have Administrative rights to run this script
    :: * This script require "Computers.txt" file from where it will pick computer names.
    :: * This script requires "PSExec.exe" (comes with PSTools) to execute bat file on remote system.
    ::     - Download it from Microsoft site
    :: * You need to set 'UserName' and 'UserPassword' variables inside the script
    ::    - Like:
    ::              SET UserName=FKazi
    ::              SET UserPassword=P@ssw0rd
    :: * Copy and Paste following script into notepad and save it with any name having .cmd extension.
    SETLOCAL EnableDelayedExpansion

    :: Following variables required to set with actual values
    SET UserName=FKazi
    SET UserPassword=MyPassword

    ECHO NET USER "%UserName%" "%UserPassword%" /ADD 2^>NUL^>NUL>UserInfo.cmd
    ECHO NET LOCALGROUP Administrators "%UserName%" /ADD 2^>NUL^>NUL>>UserInfo.cmd
    IF NOT EXIST Computers.txt Goto ShowErr
    FOR %%R IN (Computers.txt) Do IF %%~zR EQU 0 Goto ShowErr
    FOR /F %%c IN ('Type Computers.txt') Do (
          IF /I NOT "%%c"=="!COMPUTERNAME!" (
                Echo Processing: %%c
                PING -n 1 -w 1000 %%c|Find /I "TTL" >NUL
                IF NOT ErrorLevel 1 (
                      COPY /Y UserInfo.cmd \\%%c\C$\ >NUL
                      PSExec \\%%c C:\UserInfo.cmd >NUL
                      IF EXIST \\%%c\C$\UserInfo.cmd DEL /F /Q \\%%c\C$\UserInfo.cmd
                )ELSE (Echo %%c: Unable to connect)
          )ELSE (ECHO Skipping: %%c)
    Goto EndScript
    Echo "Computers.txt" file does not exist or file is empty!
    IF EXIST UserInfo.cmd DEL /F /Q UserInfo.cmd
    EXIT /B 0
    LVL 6

    Author Comment

    by:Ahmed Abdel Salam
    is it possible to make this user member of local users only not a member of local administrators? and is it possible to apply you method incase this user is not a dmonain user ?
    please explain in more details how to do it.
    LVL 52

    Expert Comment

    KCTS, the restricted group method won't create any local group, nor any local user, will it? At least it doesn't in a win2k domain. The users and groups have to exist locally prior to configuring them through restricted groups. Or how do you do it?
    LVL 52

    Accepted Solution

    If anyone is still interested: I learned recently, that there are two ways to use restricted groups. Can be read here and should solve your problem:
    [to follow the "additive" example: you would then have to add your user to the group helpdesk]
    LVL 1

    Expert Comment

    Forced accept.
    EE Moderator

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Join & Write a Comment

    The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
    Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now