Solved

What is the easiest way to add/remove a domain user to the local admin group of a workstation?

Posted on 2007-11-30
8
347 Views
Last Modified: 2010-04-21
Once in a while, I need to give temporarily some domain user local admin privilege of a specific workstation. For ease of discussion, I make up some names here.

Windows 2003 server AD: svr-dc
domain user: userA
workstation (XP): pc-user
workstation (XP): pc-admin
Goal: look for some quick way (maybe script) to add/remove userA to/from the local admin group of pc-user.

Q#1. Is it possible to run some script (on demand) to achieve the above goal?
Q#2. Is there any other way (maybe better) to do this?

Thanks.
0
Comment
Question by:richtree
8 Comments
 
LVL 51

Accepted Solution

by:
Netman66 earned 320 total points
ID: 20384681
If you run COMPMGMT.msc as your domain admin account you can remote connect using Manage>Connect to Computer.

From here you can remove/add users to the local Admin group.
0
 

Author Comment

by:richtree
ID: 20384726
Yes, that works.
Any other way?
0
 
LVL 51

Assisted Solution

by:Netman66
Netman66 earned 320 total points
ID: 20384768
Restricted Groups - but that's overkill.

you can run psexec to remotely run net group Administrators {username} /Add

0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 30

Assisted Solution

by:LauraEHunterMVP
LauraEHunterMVP earned 100 total points
ID: 20384807
Download lg.exe from www.joeware.net/freetools.

lg.exe \\workstation\Administrators domain\jsmith -add

Assuming you are running the command with an account that has administrative rights to the remote w/s, works like a champ.
0
 
LVL 21

Assisted Solution

by:mastoo
mastoo earned 30 total points
ID: 20384815
NET LOCALGROUP Administrators name1 /ADD
0
 
LVL 3

Assisted Solution

by:chokdii
chokdii earned 50 total points
ID: 20384837
Hi,

If you want to script this into a batch file or similar script file, I would suggest using WMIC with usual DSADD command set.
I have not personally used it this way, but I am sure it can be easily done.

To invoke WMIC, just type that in the cmd prompt in a Domain admin account.
0
 
LVL 51

Assisted Solution

by:Netman66
Netman66 earned 320 total points
ID: 20384849
Oops, yes - I'm on a DC!

net localgroup Administrators {username} /Add

lg.exe is Joe's version of Net, is it not?


0
 

Author Closing Comment

by:richtree
ID: 31412011
Thank you all for your wonderful ideas.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question