Solved

What is the easiest way to add/remove a domain user to the local admin group of a workstation?

Posted on 2007-11-30
8
357 Views
Last Modified: 2010-04-21
Once in a while, I need to give temporarily some domain user local admin privilege of a specific workstation. For ease of discussion, I make up some names here.

Windows 2003 server AD: svr-dc
domain user: userA
workstation (XP): pc-user
workstation (XP): pc-admin
Goal: look for some quick way (maybe script) to add/remove userA to/from the local admin group of pc-user.

Q#1. Is it possible to run some script (on demand) to achieve the above goal?
Q#2. Is there any other way (maybe better) to do this?

Thanks.
0
Comment
Question by:richtree
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 51

Accepted Solution

by:
Netman66 earned 320 total points
ID: 20384681
If you run COMPMGMT.msc as your domain admin account you can remote connect using Manage>Connect to Computer.

From here you can remove/add users to the local Admin group.
0
 

Author Comment

by:richtree
ID: 20384726
Yes, that works.
Any other way?
0
 
LVL 51

Assisted Solution

by:Netman66
Netman66 earned 320 total points
ID: 20384768
Restricted Groups - but that's overkill.

you can run psexec to remotely run net group Administrators {username} /Add

0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 30

Assisted Solution

by:LauraEHunterMVP
LauraEHunterMVP earned 100 total points
ID: 20384807
Download lg.exe from www.joeware.net/freetools.

lg.exe \\workstation\Administrators domain\jsmith -add

Assuming you are running the command with an account that has administrative rights to the remote w/s, works like a champ.
0
 
LVL 21

Assisted Solution

by:mastoo
mastoo earned 30 total points
ID: 20384815
NET LOCALGROUP Administrators name1 /ADD
0
 
LVL 3

Assisted Solution

by:chokdii
chokdii earned 50 total points
ID: 20384837
Hi,

If you want to script this into a batch file or similar script file, I would suggest using WMIC with usual DSADD command set.
I have not personally used it this way, but I am sure it can be easily done.

To invoke WMIC, just type that in the cmd prompt in a Domain admin account.
0
 
LVL 51

Assisted Solution

by:Netman66
Netman66 earned 320 total points
ID: 20384849
Oops, yes - I'm on a DC!

net localgroup Administrators {username} /Add

lg.exe is Joe's version of Net, is it not?


0
 

Author Closing Comment

by:richtree
ID: 31412011
Thank you all for your wonderful ideas.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question