• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1402
  • Last Modified:

Add domain group to local admin group for 200+ computers

Greetings Experts.  I need to add a domain group to the local admin group of 200+ computers.  I found a script from Technet that works but only for one computer at a time.  That is a pain.  So I was hoping someone could tell me how to get the script to use a txt file of all the computer names and output which ones had an error.  This is what I have so far:

strComputer = "atl-ws-01"
Set objAdmins = GetObject("WinNT://" & strComputer & "/Administrators")
Set objGroup = GetObject("WinNT://fabrikam/accounting")
objAdmins.Add(objGroup.ADsPath)

I usually do the server and network support.  But like I posted before, I want to learn more about scripting so bare with me please.  Thanks for the help.
0
samiam41
Asked:
samiam41
  • 3
  • 3
2 Solutions
 
Farhan KaziSystems EngineerCommented:
Greetings Samiam41,

Why not using Group Policy?

You can use the "Restricted Groups" or "MemberOf" facility.
First create a security group and put the user(s) account in the group (this will make it easier to add or remove other users if needs change). Lect assume its called LAdmins
Either create or modify a group policy (the default domain policy for example)

Go to Computer Configuration\Windows Settings\Security Settings\Restricted Groups), and then click Add Group

Select the group name you want to restrict ie. (Administrators)
Select the group and add the Local Admins domain group/

Note you need to run gpupdate /force for the policy to be applied and users may need to log off/on for the policy to be applied.

More Info:
http://www.windowsecurity.com/articles/Using-Restricted-Groups.html
http://www.petri.co.il/forums/showthread.php?p=53093#post53093
http://support.microsoft.com/kb/279301

If you are more interested in script then you can create startup script with the following command and link it to (or create a) GPO

          Net localgroup Administrators "DomainName\Domain Admins" /add

Since the startup script (not login script!!) runs under the context of the LocalSystem account, it has permissions to alter the local Administrators group.

Hope this helps!
0
 
MELeBlancCommented:
If all you are needing is the code to read through a text file....

Go into the project's references and select the Microsoft Scripting Runtime

Then the following code will work:

    Dim fs              As New Scripting.FileSystemObject
    Dim objFile         As File
    Dim objStream       As TextStream
    Dim strComputer As String
   
    Set objFile = fs.GetFile(<FULL PATH TO FILE>\FILENAME.TXT)
    Set objStream = objFile.OpenAsTextStream(ForReading)
   
    Do Until objStream.AtEndOfStream
        'Read a Record
        strComputer = objStream.ReadLine
       
        Set objAdmins = GetObject("WinNT://" & strComputer & "/Administrators")
        Set objGroup = GetObject("WinNT://fabrikam/accounting")
        objAdmins.Add(objGroup.ADsPath)
       
    Loop
   
    'Clean up file objects
    objStream.Close
    Set objStream = Nothing
    Set objFile = Nothing


Hope this helps.

-M
0
 
samiam41Author Commented:
MELeBlanc:- "Go into the project's references and select the Microsoft Scripting Runtime..."

I'm sorry.  I have no idea what this means.  Besides several login scripts and a single vbs file I patched together, I haven't done much more with programming or scripting.

farhankazi-  I am going to read through this and test it on a couple of computers.  I will let you know what questions/issues I run into.  

Thank you both for the post.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
MELeBlancCommented:

Was not sure if you were writing this in actual Visual Basic or VBScript.

If VBScript then I believe that code should work verbatim.

If you are doing it in Visual Basic then in the IDE you'll go to the menus and choose Project then References and in the presented list find the entry for Microsoft Scripting Runtime and select it.

-M
0
 
samiam41Author Commented:
Gotcha.  I think I will stick with a vbscript.  : )  Otherwise God only knows what h3ll I would unleash.
0
 
MELeBlancCommented:

Sorry... that code I provided will not work verbatim..  this however will:

    Dim fs          
    Dim objFile      
    Dim objStream    
    Dim strComputer
   
    Set fs = CreateObject("Scripting.FileSystemObject")
    Set objFile = fs.GetFile("d:\test.txt")
    Set objStream = objFile.OpenAsTextStream(1)
   
    Do Until objStream.AtEndOfStream
        'Read a Record
        strComputer = objStream.ReadLine
        Set objAdmins = GetObject("WinNT://" & strComputer & "/Administrators")
        Set objGroup = GetObject("WinNT://fabrikam/accounting")
        objAdmins.Add(objGroup.ADsPath)
    Loop
   
    'Clean up file objects
    objStream.Close
    Set objStream = Nothing
    Set objFile = Nothing
0
 
samiam41Author Commented:
Sorry for the delay.  Both options worked and I am going to split the points 50/50.  One provided the programming portion I would need and the other provided the solution that was a little easier for me to implement based on my limited knowledge on VB.  

Thank you both for your help.  It is greatly appreciated.  Take care!

Regards,
Aaron
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now