We help IT Professionals succeed at work.

Script to add local user to all domain pcs

748 Views
Last Modified: 2008-01-09
I am looking for script to add local user to all machines under the domain.
Comment
Watch Question

Commented:
tried:

net user %COMPUTERNAME%\user password /ADD

?

Commented:
(and setting is as computer startup script in GP)
Brian PiercePhotographer
CERTIFIED EXPERT
Awarded 2007
Top Expert 2008

Commented:
You can use the restricted groups facility.
First create a security group and put the user(s) account in the group (this will make it easier to add or remove other users if needs change). Lect assume its called LAdmins

Either create ot modify a group policy (the default domain policy for example)

Go to Computer Configuration\Windows Settings\Security Settings\Restricted Groups), and then click Add Group

Select the group name you want to restrict ie. (Administrators)

Select the group and add the LAdmins domain group/

Note you need to run gpupdate /force for the policy to be applied and users may need to log off/on for the polict to be applied.
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
In addition to KCTS: Please note that this procedure overwrites the former members of the group, so make sure that you don't miss users.
I recommend pjasnos solution but look at the syntax, it should be net localgroup. net help localgroup will help you.
Ahmed Abdel SalamPh.D. Candidate

Author

Commented:
I think there is some miss understanding in quoestion. I would like to add user called 123 as a local user (member of local users group) on 200 pcs under my domain network .
I would like to this through scrript or GP so no need to go for each pc and do it manualy
also it will be very good if I can make this user can't change his password
Brian PiercePhotographer
CERTIFIED EXPERT
Awarded 2007
Top Expert 2008

Commented:
The method I suggested (restricted groups) can do this. If you use a GPO it applies to all machines.

However, as with all these things its NOT good practive to give these rights to a user, put the user in a group, and then give the rights to the group - even if there is only one user in the group to begin with - it makes its easier to change/remove/add users later on if needs be.

See http://support.microsoft.com/kb/810076
Farhan KaziSystems Engineer
CERTIFIED EXPERT
Top Expert 2007

Commented:
:: ================
:: READ THIS FIRST
:: ================
:: * You need to have Administrative rights to run this script
:: * This script require "Computers.txt" file from where it will pick computer names.
:: * This script requires "PSExec.exe" (comes with PSTools) to execute bat file on remote system.
::     - Download it from Microsoft site
::       http://www.microsoft.com/technet/sysinternals/utilities/psexec.mspx
:: * You need to set 'UserName' and 'UserPassword' variables inside the script
::    - Like:
::              SET UserName=FKazi
::              SET UserPassword=P@ssw0rd
:: * Copy and Paste following script into notepad and save it with any name having .cmd extension.
:: SCRIPT START
@ECHO OFF
SETLOCAL EnableDelayedExpansion

:: Following variables required to set with actual values
SET UserName=FKazi
SET UserPassword=MyPassword

ECHO NET USER "%UserName%" "%UserPassword%" /ADD 2^>NUL^>NUL>UserInfo.cmd
ECHO NET LOCALGROUP Administrators "%UserName%" /ADD 2^>NUL^>NUL>>UserInfo.cmd
IF NOT EXIST Computers.txt Goto ShowErr
FOR %%R IN (Computers.txt) Do IF %%~zR EQU 0 Goto ShowErr
FOR /F %%c IN ('Type Computers.txt') Do (
      IF /I NOT "%%c"=="!COMPUTERNAME!" (
            Echo Processing: %%c
            PING -n 1 -w 1000 %%c|Find /I "TTL" >NUL
            IF NOT ErrorLevel 1 (
                  COPY /Y UserInfo.cmd \\%%c\C$\ >NUL
                  PSExec \\%%c C:\UserInfo.cmd >NUL
                  IF EXIST \\%%c\C$\UserInfo.cmd DEL /F /Q \\%%c\C$\UserInfo.cmd
            )ELSE (Echo %%c: Unable to connect)
      )ELSE (ECHO Skipping: %%c)
)      
Goto EndScript
:ShowErr
Echo "Computers.txt" file does not exist or file is empty!
:EndScript
IF EXIST UserInfo.cmd DEL /F /Q UserInfo.cmd
ENDLOCAL
EXIT /B 0
:: SCRIPT END
Ahmed Abdel SalamPh.D. Candidate

Author

Commented:
KCTS
is it possible to make this user member of local users only not a member of local administrators? and is it possible to apply you method incase this user is not a dmonain user ?
please explain in more details how to do it.
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
KCTS, the restricted group method won't create any local group, nor any local user, will it? At least it doesn't in a win2k domain. The users and groups have to exist locally prior to configuring them through restricted groups. Or how do you do it?
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
CERTIFIED EXPERT

Commented:
Forced accept.
modus_operandi
EE Moderator
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.