• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 622
  • Last Modified:

Remotely set Adminsitrative rights or group member

I have several hundreds of Windows Embedded pc's in a closed network environment. Each pc has an Administrator user, and a user called User. The User logs in by default, and has limited rights. For instance, I can't perform any Admin task, e.g. Control Panel - Administrative tools - Local Security Policy returns 'Group Policy Error' You do not have permission to perform this operation.

Since I need Administrative rights to execute a batchfile to enable Automatic DST Adjustment and sync instantly using NET TIME \\ntpserver /set /y, i want to change the user type of all these PC's to Administrator, or add the User user to the Administrator group without the need to log in as Administrator.

Is there a way to do this remotely by sending some sort of batchfile to these computers and execute it so that it changes my user type or adds me to the Administrator group? i do have the Administrator password and all, it is just that the PC's have been configured incorrectly at installation, and due to the large number of PC's, i need an easy going procedure, that I can invoke remotely.

I have several ways to access the PC's by UltraVNC and a piece of software we developed ourselves, I just need to know the batchfile with regedit execution or any other command to change the user type ro group assigment. Our software will execute it as soon as it is locally present at the computer.
0
TheoViset
Asked:
TheoViset
1 Solution
 
Adam LeinssCommented:
Start>Run>Type in "MMC>Add Computer Management Snap-in>
Select Another Computer>Enter in the computer name of the computer you want to manager
Say OK, then drill down to System Tools>Local Users and Groups>Groups>Administrators
Add the User account there
To remotely access the C drive on the desktops (to place files), you can use "targetpc\c$"
0
 
speshalystCommented:
0
 
TheoVisetAuthor Commented:
Thank you for the replies. The first solution seems not to be an automated one, which could be ok if there is no way to automate it.

The second one seems to require usrtogrp.exe which is not present at the PC's, is that correct?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
Adam LeinssCommented:
If you know all the names of the PC, you can try the following batch file with PSEXEC from Sysinternals:
@echo off
::Requires PsExec from SysInternals.com
::Pass Admin password as first parameter
:: Set Admin Account
Set AdmAcct=Administrator
for /f %%a in (PClist.txt) do call:Next %1 %%a
goto:eof
:Next
net use \\%2\c$ "/user:%2\%AdmAcct%" %1
net localgroup "Administrators" "User" /Add
goto:eof
Place all the names of the PCs in a file called pclist.txt and place this in the same folder as the batch file.
Note this will fail on PCs that are turned off.
0
 
Adam LeinssCommented:
Names should be on each line like this:

PC1
PC2
PC3
Use notepad to make the file, not Wordpad or Microsoft Word
0
 
TheoVisetAuthor Commented:
I have downloaded psexec and I created a small pclist.txt and the batchfile you describe. I notice the fact that I need psexec but I do not see where it is invoked in the batchfile. I do need it on the machine where I execute the batchfile, right??
0
 
Danny ChildIT ManagerCommented:
you use psexec to call the whole batch file

http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx

but if you're going to use it at all, why not use it to apply the patch, rather than change the pc account levels?

If you run it with your credentials specified, it should be able to do what you want.  It's like a remote RunAs command.
0
 
TheoVisetAuthor Commented:
That makes sense indeed. It is just that we ran into problems with access levels so many times already, that I thought it would be a h*ll of a lot easier if all PC's contained users with Administrator rights.
0
 
TheoVisetAuthor Commented:
I executed the following line:

psexec remaddusr.bat password

My screen flickers and the batch file exits with error code 255
The batch file is:
@echo off
::Requires PsExec from SysInternals.com
::Pass Admin password as first parameter
:: Set Admin Account
Set AdmAcct=Administrator
for /f %%a in pclist.txt do call:Next %1 %%a
goto:eof
:Next
net use \\%2\c$ "/user:%2\%AdmAcct%" %1
net localgroup "Administrators" "User" /Add
goto:eof

pclist.txt contains 1 pc for testing
0
 
TheoVisetAuthor Commented:
I will continue this tomorrow, i have to leave the building now :(
0
 
Adam LeinssCommented:
Oops, you're right.
Place the line net localgroup "Administrators" "User" /Add into a file called addusr.cmd
Then replace the above line with psexec \\%2 -d -i -c addusr.cmd
I modified an existing batch file I had for pushing out patches remotely and forgot to correctly edit the last line
0
 
TheoVisetAuthor Commented:
This was excellent! I ran the batchfile and reloggedin at the remote machine and I am part of the Admin group. I need to update over 1000 pc's which will be a piece of cake. Thanks!
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now