?
Solved

Script to add the currently logged in user as administrator

Posted on 2007-10-09
65
Medium Priority
?
3,790 Views
Last Modified: 2008-01-09
Hi,

Is there a way that i can run the script. And the logged in user is added automatically to the Local Administrator group.

regards
Sharath
0
Comment
Question by:bsharath
  • 32
  • 21
  • 9
  • +2
65 Comments
 
LVL 4

Expert Comment

by:jimstar
ID: 20039977
A 'normal' usre cannot make themselves an administrator by running a script. This is for obvious reasons. Any script that adds a user to the administrator's group would need to be executed under the permissions of an administrator of that machine.
0
 

Expert Comment

by:BioFreaksa
ID: 20040047
Well, you could use the 'runas' command to execute the script as an administrator account.
0
 
LVL 4

Expert Comment

by:jimstar
ID: 20040079
The downside with runas is that you cannot specify the password on the command line. Thus, if you're stuck typing in the administrator password each time, you may as well just give the user the admin password to begin with.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 12

Expert Comment

by:chandru_sol
ID: 20040375
Hi Sharath,

A complication is that the Startup script does not know who the user will
be. The Startup script should add a domain group to the local Administrators
group, and then all the desired users can be made members of this domain
group. You can use the group "Domain Users" if you want everyone included.
Note that a normal user cannot add themselves to any group, so a logon
script would never work. A Startup script for computers runs with System privileges so it
can add users to local groups. A sample VBScript Startup script follows,
where I add the domain group "MyGroup" to the local Administrators group:

====================
Option Explicit

Dim strDomain, objNetwork, strComputer
Dim objLocalGroup, objDomainGroup

' Specify the NetBIOS name of the domain.
strDomain = "MyDomain"

' Retrieve NetBIOS name of local computer.
Set objNetwork = CreateObject("Wscript.Network")
strComputer = objNetwork.ComputerName

' Bind to local Administrators group.
Set objLocalGroup = GetObject("WinNT://" & strComputer _
& "/Administrators,group")

' Bind to domain group.
Set objDomainGroup = GetObject("WinNT://" & strDomain & "/MyGroup,group")

' Check if the domain group is already a member of the local group.
If Not objLocalGroup.IsMember(objDomainGroup.AdsPath) Then
' Add the domain group to the local group.
objLocalGroup.Add(objDomainGroup.AdsPath)
End If

' Clean up.
Set objNetwork = Nothing
Set objLocalGroup = Nothing
Set objDomainGroup = Nothing
0
 
LVL 11

Author Comment

by:bsharath
ID: 20040500
Is there a way that i have a script in the \\machinename\foldername.
I can use the admin credentials to login there as i have many more scripts i need to execute from the UNC path so it would easy for me to add.

As you say Chandru a logon script would be dangerous any user can login any machine and get full access.So is there a way that i go to a UNC path and run the script.I dont mind having the username and password in the script later i could encrypt the vbs file.
So that no one can see the credentials.
0
 
LVL 12

Expert Comment

by:chandru_sol
ID: 20041908
Sharath,

You need to apply this script using computer startup script with a group created in your domain. So if you add a user he will be administrator of all the machines. Is that you want?
0
 
LVL 11

Author Comment

by:bsharath
ID: 20042031
Say i have just got a new machine formatted and ready to be alloted to a new joiner.Is there a way that when the user loggs in and runs the script only then the logged in user has to be added to the Administrator group
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 20054656
Sharath, would you be happy to run this from your machine, with admin credentials, against the remote machine?  If so, try this code:

'===================
Set wshNetwork = WScript.CreateObject( "WScript.Network" )
strUserDomain = wshNetwork.UserDomain

strUserComputer = InputBox("Please enter an IP Address or computer name:", _
    "Add logged on user to local Administrators group","172.16.2.64")

If IsEmpty(strUserComputer) = True Then Wscript.Quit

Set objWMIService = GetObject("winmgmts:" _
      & "{impersonationLevel=impersonate}!\\" & strUserComputer & "\root\cimv2")
Set colComputer = objWMIService.ExecQuery _
      ("Select * from Win32_ComputerSystem")
      
For Each objComputer in colComputer
      strUserName = objComputer.UserName
Next

If InStr(strUserName, "\") > 0 Then strUserName = Mid(strUserName, InStrRev(strUserName, "\") + 1)

Set objAdmins = GetObject("WinNT://" & strUserComputer & "/Administrators")
Set objWinntUser = GetObject("WinNT://" & strUserDomain & "/" & strUserName)

strGroupToCheck = "Administrators"

If IsMemberOfGroup(strUserComputer, objWinntUser, strGroupToCheck) = False Then
      objAdmins.Add(objWinntUser.ADsPath)
      MsgBox strUserDomain & "/" & strUserName & " was added to the " & strGroupToCheck & " group."
Else
      MsgBox strUserDomain & "/" & strUserName & " is already a member of the " & strGroupToCheck & " group."
End If


Function IsMemberOfGroup(strUserDomain, objUser, strGroup) 'the user is a member of a specified group
      IsMemberOfGroup = False
      Dim objGroup
      On Error Resume Next
      Set objGroup = GetObject("WinNT://" & strUserDomain & "/" & strGroup & ",group")
      If Err.Number Then
            IsMemberOfGroup = "Error"
      Else
            IsMemberOfGroup = objGroup.IsMember(objUser.ADsPath)
            'MsgBox objUser.ADsPath
      End If
End Function
'===================

Regards,

Rob.
0
 
LVL 11

Author Comment

by:bsharath
ID: 20054759
Rob any other option that i can run from the machine i am logged in which does not have admin access.
If required we can have the Credentials in the script or use run as to execute the script.
0
 
LVL 65

Accepted Solution

by:
RobSampson earned 2000 total points
ID: 20062477
Sharath, this should work, with PSExec....just modfiy the PSExecPath and it should be OK.

'===================
Set wshNetwork = WScript.CreateObject( "WScript.Network" )
strUserName = wshNetwork.UserName
strUserDomain = wshNetwork.UserDomain

strPSExecPath = "\\server\share\psexec.exe"
strAdminUser = "domain\admin"
strAdminPass = "pass"

'strUserComputer = InputBox("Please enter an IP Address or computer name:", _
'    "Add logged on user to local Administrators group","172.16.2.64")

'If IsEmpty(strUserComputer) = True Then Wscript.Quit

strUserComputer = "."

If WScript.Arguments.Count = 0 Then
      Normal_User strUserDomain & "\" & strUserName, strPSExecPath, strAdminUser, strAdminPass
ElseIf WScript.Arguments.Item(0) = "AsAdmin" Then
      Admin_User strUserComputer, WScript.Arguments.Item(1)
Else
      WScript.Echo "Unknown arguments recieved."
End If

Sub Normal_User(strUser, strPSExec, strAdmin, strPass)

      Set objFSO = CreateObject("Scripting.FileSystemObject")
      strPSExec = objFSO.GetFile(strPSExec).ShortPath
      strCommand = "cmd /c " & strPSExec & " -accepteula -e -i -u " & strAdmin & " -p " & strPass & " \\" & wshNetwork.ComputerName & " wscript " & objFSO.GetFile(WScript.ScriptFullName).ShortPath & " AsAdmin " & strUser
      MsgBox strCommand
      Set objShell = CreateObject("WScript.Shell")
      objShell.Run strCommand, 0, False
      
End Sub

Sub Admin_User(strComputer, strUser)
      strUserName = Mid(strUser, InStrRev(strUser, "\") + 1)
      strDomain = Left(strUser, InStr(strUser, "\") - 1)
      
      Set objAdmins = GetObject("WinNT://" & strComputer & "/Administrators")
      MsgBox "WinNT://" & strDomain & "/" & strUserName
      Set objWinntUser = GetObject("WinNT://" & strDomain & "/" & strUserName)
      
      strGroupToCheck = "Administrators"
      
      If IsMemberOfGroup(strComputer, objWinntUser, strGroupToCheck) = False Then
            objAdmins.Add(objWinntUser.ADsPath)
            MsgBox strDomain & "/" & strUserName & " was added to the " & strGroupToCheck & " group."
      Else
            MsgBox strDomain & "/" & strUserName & " is already a member of the " & strGroupToCheck & " group."
      End If
End Sub

Function IsMemberOfGroup(strUserDomain, objUser, strGroup) 'the user is a member of a specified group
      IsMemberOfGroup = False
      Dim objGroup
      On Error Resume Next
      Set objGroup = GetObject("WinNT://" & strUserDomain & "/" & strGroup & ",group")
      If Err.Number Then
            IsMemberOfGroup = "Error"
      Else
            IsMemberOfGroup = objGroup.IsMember(objUser.ADsPath)
            'MsgBox objUser.ADsPath
      End If
End Function
'===================

Regards,

Rob.
0
 
LVL 11

Author Comment

by:bsharath
ID: 20062624
Rob GM....

Should i save this file on the remote machine and Run it.
I tried saving the file on the remote machine and changing the psexec.exe path
entered the admin user name and password.
When i run from a machine that does not have access i just get a box and it does not add...
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 20062694
Yes, this script must be run directly from the remote machine, from the user account that is required to be added to the group.

>> When i run from a machine that does not have access i just get a box and it does not add...

By this I take it you mean they don't have access to PSExec? Is that right?

Regards,

Rob.
0
 
LVL 11

Author Comment

by:bsharath
ID: 20062712
Rob...
When i log in to a freash newly installed machine with the new joiners credentials.
When i access the UNC path i need to enter a username and password.
After which when i double click on the script i just get a box but does not add the user to the group...
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 20062746
So the computer isn't joined to the domain yet?  Then are they logging in with a local user account, or a domain user account?
0
 
LVL 11

Author Comment

by:bsharath
ID: 20062759
The computers are joined to the Domain and i use the new users credentials to log in to the machine. As he is not the Administrator of the machine we need to use the admin credentials to access the share where the script is resided.
0
 
LVL 12

Expert Comment

by:chandru_sol
ID: 20070663
Can you give read only access to that share for everyone and try Rob's script?
0
 
LVL 11

Author Comment

by:bsharath
ID: 20070671
Chandru...
Everyone has full access to the folder...
0
 
LVL 12

Expert Comment

by:chandru_sol
ID: 20070676
Sharath..

"As he is not the Administrator of the machine we need to use the admin credentials to access the share where the script is resided."

Can you explain the above?
0
 
LVL 11

Author Comment

by:bsharath
ID: 20070677
Chandru i have this script on a server and when i give the machine name.Then this works great it adds the logged in user as administrator.But what i wanted is from the client machine when i access the script which is on the remote machine i need to be able to give permissions to the logged in machine...
0
 
LVL 11

Author Comment

by:bsharath
ID: 20070681
As the client machine does not have admin permissions .So when i access the shared folder on the remote machine where the vbs file is there i need to use admin credentials to access it...
0
 
LVL 12

Expert Comment

by:chandru_sol
ID: 20070684
Can you please explain a bit more as i am confused?
0
 
LVL 12

Expert Comment

by:chandru_sol
ID: 20070685
Sharath,
Just a quick question. Do you have a script to display the user AD attribute and Exchange attribute?
0
 
LVL 11

Author Comment

by:bsharath
ID: 20070705
>>Do you have a script to display the user AD attribute and Exchange attribute?
Sorry did not get you can you explain...
0
 
LVL 11

Author Comment

by:bsharath
ID: 20070710
About my requirement...
As i have logged in a machine newly formatted machine .I have logged in with the newly created username.So i will not have any permission on the machine or the network.
So the script is in this path "\\machinename\sharename\filename.vbs"
So when i go to Run and put in the path it ask me the username and password .I give the Domain\administrator credentials to access the share.
Now when i double click the vbs file nothing happens.What i want is it need to add the logged in user to administrator group.
Hope this is clear...
0
 
LVL 12

Expert Comment

by:chandru_sol
ID: 20070712
I was sending that message to some one else. Sorry..........?
0
 
LVL 11

Author Comment

by:bsharath
ID: 20070717
ok no problem...
0
 
LVL 12

Expert Comment

by:chandru_sol
ID: 20070724
Can you keep the same script in the netlogon share and try running the script as all users will have (even the new users) read access?

I tried this and it works
0
 
LVL 11

Author Comment

by:bsharath
ID: 20070735
Shall try... And help on the Excel user creation....
0
 
LVL 12

Expert Comment

by:chandru_sol
ID: 20070738
I haven't tried that.... I know you are very much in need. I will work on installing exchange server in a test lab and test it tomorrow and post the code
0
 
LVL 11

Author Comment

by:bsharath
ID: 20075777
Rob GM...

Any help...
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 20083041
Sharath, as Chandru has suggested, on a non-domain machine, can you access a DC's NetLogon share, or is that denied as well?  If it is, then we can combine a previous script of mine that adds credentials for a resource, before accessing the file....

Regards,

Rob.
0
 
LVL 11

Author Comment

by:bsharath
ID: 20083050
Rob ...Non Domain?
I want to give permissions to only computers who are in the Domain with the logged in user.

I am able to access the share with the credentials it asks before letting me to the share.
Later no error message...
The other script that you gave me to remotely add a logged in user as administrator works fine...
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 20083073
Oh, OK.  So you are able to get access to the share where the script is.  Is PSExec in the same folder, and have you updated the PSExecPath in the script to point to that?

So when you click it it does nothing?  Try putting a MsgBox at the bottom and see if that pops up.

Regards,

Rob.
0
 
LVL 11

Author Comment

by:bsharath
ID: 20083157
Sorry to get back with an issue with this script.

Yes all the files are in 1 folder,  I am able to access the folder from the remote machine and ven changed the Psexec path and even put the username and password...But does not add the logged in user as Administrator.

I get this box..

---------------------------

---------------------------
cmd /c \\indiasophos\ps\psexec.exe -accepteula -e -i -u development\admini -p password \\DEV-CHEN-PC1730 wscript \\indiasophos\ps\ADDTOA~1.VBS AsAdmin DEVELOPMENT\LETest
---------------------------
OK  
---------------------------

Then Get a OK button
But does not add
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 20083188
The same script works fine on my machine, the only difference is that I haven't tried it from a computer not on the domain.  This is what I get:

---------------------------

---------------------------
cmd /c \\server\share\psexec.exe -accepteula -e -i -u domain\admin -p password \\MYLOCALPC wscript \\server\share\ADDTOA~1.VBS AsAdmin MYDOMAIN\RSampson
---------------------------
OK  
---------------------------

Then I get this:
---------------------------

---------------------------
WinNT://MYDOMAIN/RSampson
---------------------------
OK  
---------------------------


Then this:
---------------------------

---------------------------
MYDOMAIN/RSampson is already a member of the Administrator's group
---------------------------
OK  
---------------------------


Having said that though, I just realised that for this to work, the same username and password that you specify in the script MUST have admin rights over the target PC.......

Regards,

Rob.
0
 
LVL 11

Author Comment

by:bsharath
ID: 20083226
Yes Rob the credentials that i mention has rights every whee as it is the Domain administrator credentials

When i try to run the script on a machine that already has permissions i get all the popups as you mentioned.
To confirm again i am running the scripts that has been already added to the Domain.
The machine is in the Domain
When access the shared folder where these files are there it opens and just pops the 2 boxes that i mentioned above the second one is "Done"

0
 
LVL 65

Expert Comment

by:RobSampson
ID: 20083407
That's really, really strange.  The script does not offer any MsgBox that says "Done" anywhere in it.  The only thing that I can think of is that it is not re-calling the correct script.

Can you try:
1) If you rename the VBS file to only eight character, eg: Add2Admn.vbs, and then run, does it work?
2) If you connect to that share, then copy the script, and PSExec locally, and change the PSExec path within script to
strPSExecPath = Replace(WScript.ScriptFullPath, WScript.ScriptPath, "") & "PSExec.exe"

and see if works locally....

Regards,

Rob.
0
 
LVL 11

Author Comment

by:bsharath
ID: 20083446
I get the Done box as you told me to add the Msgbox to the end...

I copyed the script and psexec file to another machine and changed the line as suggested.

I get this.
---------------------------
Windows Script Host
---------------------------
Script:      C:\Add.vbs
Line:      6
Char:      1
Error:      Object doesn't support this property or method: 'WScript.ScriptFullPath'
Code:      800A01B6
Source:       Microsoft VBScript runtime error

---------------------------
OK  
---------------------------
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 20083471
Oh yeah, sorry about that, yes I did ask you to put that at the end.....

Sorry, should be:
strPSExecPath = Replace(WScript.ScriptFullPath, WScript.ScriptPath, "") & "PSExec.exe"

Is there an On Error Resume Next in the script?  If so, please remove it.  If not, then maybe it's not running the PSExec properly, so change
strCommand = "cmd /c " ......
so the "c" becomes a "k"
strCommand = "cmd /k " .......

and change
objShell.Run strCommand, 0, False
to
objShell.Run strCommand, 1, False

and see what the box says....

Regards,

Rob.
0
 
LVL 11

Author Comment

by:bsharath
ID: 20083490
Rob i did all the changed and when i run it .I get this error.

'\\indiasophos\Ps'
CMD.EXE was started with the above path as the current directory.
UNC paths are not supported.  Defaulting to Windows directory.

PsExec v1.85 - Execute processes remotely
Copyright (C) 2001-2007 Mark Russinovich
Sysinternals - www.sysinternals.com


PsExec could not start wscript on DEV-CHEN-MRD100:
Logon failure: the user has not been granted the requested logon type at this computer.

I am using the Domain credentials only...
0
 
LVL 11

Author Comment

by:bsharath
ID: 20083492
Here is the full code....

'===================
Set wshNetwork = WScript.CreateObject( "WScript.Network" )
strUserName = wshNetwork.UserName
strUserDomain = wshNetwork.UserDomain

strPSExecPath = "\\indiasophos\ps\psexec.exe"
strAdminUser = "development\administrator"
strAdminPass = "password"

'strUserComputer = InputBox("Please enter an IP Address or computer name:", _
'    "Add logged on user to local Administrators group","172.16.2.64")

'If IsEmpty(strUserComputer) = True Then Wscript.Quit

strUserComputer = "."

If WScript.Arguments.Count = 0 Then
      Normal_User strUserDomain & "\" & strUserName, strPSExecPath, strAdminUser, strAdminPass
ElseIf WScript.Arguments.Item(0) = "AsAdmin" Then
      Admin_User strUserComputer, WScript.Arguments.Item(1)
Else
      WScript.Echo "Unknown arguments recieved."
End If

Sub Normal_User(strUser, strPSExec, strAdmin, strPass)

      Set objFSO = CreateObject("Scripting.FileSystemObject")
      strPSExec = objFSO.GetFile(strPSExec).ShortPath
      strCommand = "cmd /k " & strPSExec & " -accepteula -e -i -u " & strAdmin & " -p " & strPass & " \\" & wshNetwork.ComputerName & " wscript " & objFSO.GetFile(WScript.ScriptFullName).ShortPath & " AsAdmin " & strUser
      MsgBox strCommand
      Set objShell = CreateObject("WScript.Shell")
      objShell.Run strCommand, 1, False
     
End Sub

Sub Admin_User(strComputer, strUser)
      strUserName = Mid(strUser, InStrRev(strUser, "\") + 1)
      strDomain = Left(strUser, InStr(strUser, "\") - 1)
     
      Set objAdmins = GetObject("WinNT://" & strComputer & "/Administrators")
      MsgBox "WinNT://" & strDomain & "/" & strUserName
      Set objWinntUser = GetObject("WinNT://" & strDomain & "/" & strUserName)
     
      strGroupToCheck = "Administrators"
     
      If IsMemberOfGroup(strComputer, objWinntUser, strGroupToCheck) = False Then
            objAdmins.Add(objWinntUser.ADsPath)
            MsgBox strDomain & "/" & strUserName & " was added to the " & strGroupToCheck & " group."
      Else
            MsgBox strDomain & "/" & strUserName & " is already a member of the " & strGroupToCheck & " group."
      End If
End Sub

Function IsMemberOfGroup(strUserDomain, objUser, strGroup) 'the user is a member of a specified group
      IsMemberOfGroup = False
      Dim objGroup
      'On Error Resume Next
      Set objGroup = GetObject("WinNT://" & strUserDomain & "/" & strGroup & ",group")
      If Err.Number Then
            IsMemberOfGroup = "Error"
      Else
            IsMemberOfGroup = objGroup.IsMember(objUser.ADsPath)
            'MsgBox objUser.ADsPath
      End If
End Function
MsgBox "Done"
'===================
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 20083515
OK, this is your problem....
>> Logon failure: the user has not been granted the requested logon type at this computer.

So I take it DEV-CHEN-MRD100 is the local machine you are running the script from....

Did you try copying it locally?  It doesn't seem like it did, since it has
>> UNC paths are not supported

See if this helps:
http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21072962.html

Regards,

Rob.
0
 
LVL 11

Author Comment

by:bsharath
ID: 20083524
Rob i copied the script to the local machine and changed this path

strPSExecPath = "c:\psexec.exe"
And when i run also get the same message...
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 20083534
Are you sure it is joined to the domain, and that Domain Admins are in your local Administrators group?

As a long shot, go into Windows Explorer, click Tools --> Folder Options --> View Tab --> scroll to the bottom, and untick Use Simple File Sharing

Regards,

Rob.
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 20083539
Or try removing the -i switch from the PSExec command....
0
 
LVL 11

Author Comment

by:bsharath
ID: 20083571
i am running this on windows 2003.I cant see file print and sharing in there
I have tried removing the -i but still same error.
When i run it on the machine where the script is i used to get the administrator is already a member but now its just reading.....
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 20083619
OK, go back to the script you accepted as an answer, but change
strCommand = "cmd /c " ......
so the "c" becomes a "k"
strCommand = "cmd /k " .......

and change
objShell.Run strCommand, 0, False
to
objShell.Run strCommand, 1, False

Then, on the local machine, click Start --> Run --> GPEdit.msc and click OK.

Check that the policy
Computer Configuration --> Windows Settings --> Security Settings --> Local Policies --> User Rights Assignment --> Access this computer from the network
has the correct Administrators group (that includes the credentials you're using)

Also check that the policy
Computer Configuration --> Windows Settings --> Security Settings --> Local Policies --> User Rights Assignment --> Log on Locally
has the correct Administrators group (that includes the credentials you're using)

And possibly even
Computer Configuration --> Windows Settings --> Security Settings --> Local Policies --> User Rights Assignment --> Log on as a Service

as well.

Regards,

Rob.
0
 
LVL 11

Author Comment

by:bsharath
ID: 20083650
Rob i did all as you said...There was administrtors group in there i have also added Domain\administrator in it also.

I get this...

'\\indiasophos\Ps'
CMD.EXE was started with the above path as the current directory.
UNC paths are not supported.  Defaulting to Windows directory.

PsExec v1.85 - Execute processes remotely
Copyright (C) 2001-2007 Mark Russinovich
Sysinternals - www.sysinternals.com

PsExec could not start wscript on DEV-CHEN-MRD100:
Logon failure: the user has not been granted the requested logon type at this computer.
0
 
LVL 11

Author Comment

by:bsharath
ID: 20083662
Rob i tested on some of the other machines...
It says access denied in the cmd prompt..
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 20083665
On the PSexec line, please try adding the
-s
switch before the
-e
switch, so it reads
strCommand = "cmd /c " & strPSExec & " -accepteula -s -e -i -u " & strAdmin & " -p " & strPass & " \\" & wshNetwork.ComputerName & " wscript " & objFSO.GetFile(WScript.ScriptFullName).ShortPath & " AsAdmin " & strUser:

Regards,

Rob.
0
 
LVL 11

Author Comment

by:bsharath
ID: 20083683
Thanks a lot Rob...Now it works ...You are a Genius.....

I think the "-s" was the problem...What do you think....
0
 
LVL 11

Author Comment

by:bsharath
ID: 20083726
Rob i tested in many more machines and i get this...
'\\dev-chen-mrd100\Ps'
CMD.EXE was started with the above path as the current directory.
UNC paths are not supported.  Defaulting to Windows directory.

PsExec v1.85 - Execute processes remotely
Copyright (C) 2001-2007 Mark Russinovich
Sysinternals - www.sysinternals.com

Could not start PsExec service on DEV-CHEN-PC930:
Access is denied.

0
 
LVL 65

Expert Comment

by:RobSampson
ID: 20089623
Hmmm, the -s runs under the System account.....I'm not sure....there seems to be conflicting security issues on your PCs when they are joined to the domain, maybe?

On one of these computers that still has a problem, if you use the first script I gave you that you run from *your* PC against the remote one.....does it work, or still have an error?

Regards,

Rob.
0
 
LVL 11

Author Comment

by:bsharath
ID: 20090732
Yes that script works great...I have already started to use it and i have added 45 users to the administrator group remotely...
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 20091290
OK then, that gives us the ability to go to a client machine, browse to the UNC path, then run this script, which will execute the script again *from* the server with admin credentials, effectively copying what do you from your machine.....

'===================
Set wshNetwork = WScript.CreateObject( "WScript.Network" )
strComputerName = wshNetwork.ComputerName
strUserName = wshNetwork.UserName
strUserDomain = wshNetwork.UserDomain

strPSExecPath = "\\indiasophos\ps\psexec.exe"
strAdminUser = "development\administrator"
strAdminPass = "password"

strServer = Mid(Right(strPSExecPath, Len(strPSExecPath) - 2), 1, InStr(Right(strPSExecPath, Len(strPSExecPath) - 2), "\") - 1)

'strUserComputer = InputBox("Please enter an IP Address or computer name:", _
'    "Add logged on user to local Administrators group","172.16.2.64")

'If IsEmpty(strUserComputer) = True Then Wscript.Quit

strUserComputer = "."

If WScript.Arguments.Count = 0 Then
      Normal_User strUserDomain & "\" & strUserName, strPSExecPath, strAdminUser, strAdminPass
ElseIf WScript.Arguments.Item(0) = "AsAdmin" Then
      Admin_User WScript.Arguments.Item(2), WScript.Arguments.Item(1)
Else
      WScript.Echo "Unknown arguments recieved."
End If

Sub Normal_User(strUser, strPSExec, strAdmin, strPass)

      Set objFSO = CreateObject("Scripting.FileSystemObject")
      strPSExec = objFSO.GetFile(strPSExec).ShortPath
      strCommand = "cmd /k " & strPSExec & " -accepteula -e -u " & strAdmin & " -p " & strPass & " \\" & strServer & " wscript " & objFSO.GetFile(WScript.ScriptFullName).ShortPath & " AsAdmin " & strUser & " " & strComputerName
      InputBox "Prompt", "Title", strCommand
      Set objShell = CreateObject("WScript.Shell")
      objShell.Run strCommand, 1, False
     
End Sub

Sub Admin_User(strComputer, strUser)
      strUserName = Mid(strUser, InStrRev(strUser, "\") + 1)
      strDomain = Left(strUser, InStr(strUser, "\") - 1)
     
      Set objAdmins = GetObject("WinNT://" & strComputer & "/Administrators")
      'MsgBox "WinNT://" & strDomain & "/" & strUserName
      Set objWinntUser = GetObject("WinNT://" & strDomain & "/" & strUserName)
     
      strGroupToCheck = "Administrators"
     
      If IsMemberOfGroup(strComputer, objWinntUser, strGroupToCheck) = False Then
            objAdmins.Add(objWinntUser.ADsPath)
            'MsgBox strDomain & "/" & strUserName & " was added to the " & strGroupToCheck & " group."
      Else
            'MsgBox strDomain & "/" & strUserName & " is already a member of the " & strGroupToCheck & " group."
      End If
End Sub

Function IsMemberOfGroup(strUserDomain, objUser, strGroup) 'the user is a member of a specified group
      IsMemberOfGroup = False
      Dim objGroup
      'On Error Resume Next
      Set objGroup = GetObject("WinNT://" & strUserDomain & "/" & strGroup & ",group")
      If Err.Number Then
            IsMemberOfGroup = "Error"
      Else
            IsMemberOfGroup = objGroup.IsMember(objUser.ADsPath)
            'MsgBox objUser.ADsPath
      End If
End Function
'===================

Regards,

Rob.
0
 
LVL 11

Author Comment

by:bsharath
ID: 20091416
Rob i get this....

cmd /k \\indiasophos\ps\psexec.exe -accepteula -e -u development\administrator -p password \\indiasophos wscript \\indiasophos\ps\Add.vbs AsAdmin DEVELOPMENT\fsuser DEV-CHEN-PC1100

Get this error on cmd prompt....

'\\indiasophos\Ps'
CMD.EXE was started with the above path as the current directory.
UNC paths are not supported.  Defaulting to Windows directory.

PsExec v1.85 - Execute processes remotely
Copyright (C) 2001-2007 Mark Russinovich
Sysinternals - www.sysinternals.com

Couldn't access indiasophos:
Access is denied.
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 20106973
Hmmm, odd.....Couldn't access indiasophos

OK, from that same machine that you ran this last command, can you browse to
\\indiasophos\ps

Regards,

Rob.
0
 
LVL 11

Author Comment

by:bsharath
ID: 20106983
Yes...
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 20106994
Really?  Can you try
cmd /k \\indiasophos\ps\psexec.exe -accepteula -e -u development\administrator -p password \\indiasophos wscript \\indiasophos\ps\Add.vbs AsAdmin DEVELOPMENT\fsuser DEV-CHEN-PC1100

again, from DEV-CHEN-PC1100

If that doesn't work, can you try running the following from INDIASOPHOS *while* logged in as the administrator?
cmd /k wscript \\indiasophos\ps\Add.vbs AsAdmin DEVELOPMENT\fsuser DEV-CHEN-PC1100


Regards,

Rob.
0
 
LVL 11

Author Comment

by:bsharath
ID: 20107010
I get this...

C:\Documents and Settings\Administrator.DEVELOPMENT>cmd /k \\indiasophos\ps\psex
ec.exe -accepteula -e -u development\administrator -p password \\indiasophos wsc
ript \\indiasophos\ps\Add.vbs AsAdmin DEVELOPMENT\fsuser DEV-CHEN-PC1100

PsExec v1.85 - Execute processes remotely
Copyright (C) 2001-2007 Mark Russinovich
Sysinternals - www.sysinternals.com


wscript exited on indiasophos with error code 0.


For the secound one i get no results or errors...
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 20107025
Right, if that exited with error code 0, that means there was no error.....did the script work then?

Is that user now an Admin of that machine?

Rob.
0
 
LVL 11

Author Comment

by:bsharath
ID: 20107045
Yes Rob just checked in Dev-chen-pc1100 Fsuser is become a administrator of that machine.
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 20107055
Right, so now the script is working.....I wonder what changed......
0
 
LVL 11

Author Comment

by:bsharath
ID: 20107071
Can i have the whole script Rob with all those changes...
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 20107086
I don't know which code you are running.....the last full lot of code I gave you is at comment with ID 20091290.  As far as I know, we haven't changed the functionality of the script.....

And by the way, I really have a feeling there were security issues here....maybe something hadn't replicated for a day or two....

Regards,

Rob.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article was inspired by a question here at Experts Exchange (http://www.experts-exchange.com/Software/Photos_Graphics/Images_and_Photos/Q_28629170.html). The requirements stated in that question are (1) reduce the file size of a large number of…
This article will show, step by step, how to integrate R code into a R Sweave document
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
Suggested Courses
Course of the Month17 days, 9 hours left to enroll

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question