Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

What is the easiest way to add/remove a domain user to the local admin group of a workstation?

Posted on 2007-11-30
8
Medium Priority
?
362 Views
Last Modified: 2010-04-21
Once in a while, I need to give temporarily some domain user local admin privilege of a specific workstation. For ease of discussion, I make up some names here.

Windows 2003 server AD: svr-dc
domain user: userA
workstation (XP): pc-user
workstation (XP): pc-admin
Goal: look for some quick way (maybe script) to add/remove userA to/from the local admin group of pc-user.

Q#1. Is it possible to run some script (on demand) to achieve the above goal?
Q#2. Is there any other way (maybe better) to do this?

Thanks.
0
Comment
Question by:richtree
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 51

Accepted Solution

by:
Netman66 earned 1280 total points
ID: 20384681
If you run COMPMGMT.msc as your domain admin account you can remote connect using Manage>Connect to Computer.

From here you can remove/add users to the local Admin group.
0
 

Author Comment

by:richtree
ID: 20384726
Yes, that works.
Any other way?
0
 
LVL 51

Assisted Solution

by:Netman66
Netman66 earned 1280 total points
ID: 20384768
Restricted Groups - but that's overkill.

you can run psexec to remotely run net group Administrators {username} /Add

0
How Blockchain Is Impacting Every Industry

Blockchain expert Alex Tapscott talks to Acronis VP Frank Jablonski about this revolutionary technology and how it's making inroads into other industries and facets of everyday life.

 
LVL 30

Assisted Solution

by:LauraEHunterMVP
LauraEHunterMVP earned 400 total points
ID: 20384807
Download lg.exe from www.joeware.net/freetools.

lg.exe \\workstation\Administrators domain\jsmith -add

Assuming you are running the command with an account that has administrative rights to the remote w/s, works like a champ.
0
 
LVL 21

Assisted Solution

by:mastoo
mastoo earned 120 total points
ID: 20384815
NET LOCALGROUP Administrators name1 /ADD
0
 
LVL 3

Assisted Solution

by:chokdii
chokdii earned 200 total points
ID: 20384837
Hi,

If you want to script this into a batch file or similar script file, I would suggest using WMIC with usual DSADD command set.
I have not personally used it this way, but I am sure it can be easily done.

To invoke WMIC, just type that in the cmd prompt in a Domain admin account.
0
 
LVL 51

Assisted Solution

by:Netman66
Netman66 earned 1280 total points
ID: 20384849
Oops, yes - I'm on a DC!

net localgroup Administrators {username} /Add

lg.exe is Joe's version of Net, is it not?


0
 

Author Closing Comment

by:richtree
ID: 31412011
Thank you all for your wonderful ideas.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Let's recap what we learned from yesterday's Skyport Systems webinar.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question