TheoViset
asked on
Remotely set Adminsitrative rights or group member
I have several hundreds of Windows Embedded pc's in a closed network environment. Each pc has an Administrator user, and a user called User. The User logs in by default, and has limited rights. For instance, I can't perform any Admin task, e.g. Control Panel - Administrative tools - Local Security Policy returns 'Group Policy Error' You do not have permission to perform this operation.
Since I need Administrative rights to execute a batchfile to enable Automatic DST Adjustment and sync instantly using NET TIME \\ntpserver /set /y, i want to change the user type of all these PC's to Administrator, or add the User user to the Administrator group without the need to log in as Administrator.
Is there a way to do this remotely by sending some sort of batchfile to these computers and execute it so that it changes my user type or adds me to the Administrator group? i do have the Administrator password and all, it is just that the PC's have been configured incorrectly at installation, and due to the large number of PC's, i need an easy going procedure, that I can invoke remotely.
I have several ways to access the PC's by UltraVNC and a piece of software we developed ourselves, I just need to know the batchfile with regedit execution or any other command to change the user type ro group assigment. Our software will execute it as soon as it is locally present at the computer.
Since I need Administrative rights to execute a batchfile to enable Automatic DST Adjustment and sync instantly using NET TIME \\ntpserver /set /y, i want to change the user type of all these PC's to Administrator, or add the User user to the Administrator group without the need to log in as Administrator.
Is there a way to do this remotely by sending some sort of batchfile to these computers and execute it so that it changes my user type or adds me to the Administrator group? i do have the Administrator password and all, it is just that the PC's have been configured incorrectly at installation, and due to the large number of PC's, i need an easy going procedure, that I can invoke remotely.
I have several ways to access the PC's by UltraVNC and a piece of software we developed ourselves, I just need to know the batchfile with regedit execution or any other command to change the user type ro group assigment. Our software will execute it as soon as it is locally present at the computer.
take a look at this script as well..
http://lists.more.net/archives/technic/2007-October/022724.html
http://lists.more.net/archives/technic/2007-October/022724.html
ASKER
Thank you for the replies. The first solution seems not to be an automated one, which could be ok if there is no way to automate it.
The second one seems to require usrtogrp.exe which is not present at the PC's, is that correct?
The second one seems to require usrtogrp.exe which is not present at the PC's, is that correct?
If you know all the names of the PC, you can try the following batch file with PSEXEC from Sysinternals:
@echo off
::Requires PsExec from SysInternals.com
::Pass Admin password as first parameter
:: Set Admin Account
Set AdmAcct=Administrator
for /f %%a in (PClist.txt) do call:Next %1 %%a
goto:eof
:Next
net use \\%2\c$ "/user:%2\%AdmAcct%" %1
net localgroup "Administrators" "User" /Add
goto:eof
Place all the names of the PCs in a file called pclist.txt and place this in the same folder as the batch file.
Note this will fail on PCs that are turned off.
@echo off
::Requires PsExec from SysInternals.com
::Pass Admin password as first parameter
:: Set Admin Account
Set AdmAcct=Administrator
for /f %%a in (PClist.txt) do call:Next %1 %%a
goto:eof
:Next
net use \\%2\c$ "/user:%2\%AdmAcct%" %1
net localgroup "Administrators" "User" /Add
goto:eof
Place all the names of the PCs in a file called pclist.txt and place this in the same folder as the batch file.
Note this will fail on PCs that are turned off.
Names should be on each line like this:
PC1
PC2
PC3
Use notepad to make the file, not Wordpad or Microsoft Word
PC1
PC2
PC3
Use notepad to make the file, not Wordpad or Microsoft Word
ASKER
I have downloaded psexec and I created a small pclist.txt and the batchfile you describe. I notice the fact that I need psexec but I do not see where it is invoked in the batchfile. I do need it on the machine where I execute the batchfile, right??
you use psexec to call the whole batch file
http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx
but if you're going to use it at all, why not use it to apply the patch, rather than change the pc account levels?
If you run it with your credentials specified, it should be able to do what you want. It's like a remote RunAs command.
http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx
but if you're going to use it at all, why not use it to apply the patch, rather than change the pc account levels?
If you run it with your credentials specified, it should be able to do what you want. It's like a remote RunAs command.
ASKER
That makes sense indeed. It is just that we ran into problems with access levels so many times already, that I thought it would be a h*ll of a lot easier if all PC's contained users with Administrator rights.
ASKER
I executed the following line:
psexec remaddusr.bat password
My screen flickers and the batch file exits with error code 255
The batch file is:
@echo off
::Requires PsExec from SysInternals.com
::Pass Admin password as first parameter
:: Set Admin Account
Set AdmAcct=Administrator
for /f %%a in pclist.txt do call:Next %1 %%a
goto:eof
:Next
net use \\%2\c$ "/user:%2\%AdmAcct%" %1
net localgroup "Administrators" "User" /Add
goto:eof
pclist.txt contains 1 pc for testing
psexec remaddusr.bat password
My screen flickers and the batch file exits with error code 255
The batch file is:
@echo off
::Requires PsExec from SysInternals.com
::Pass Admin password as first parameter
:: Set Admin Account
Set AdmAcct=Administrator
for /f %%a in pclist.txt do call:Next %1 %%a
goto:eof
:Next
net use \\%2\c$ "/user:%2\%AdmAcct%" %1
net localgroup "Administrators" "User" /Add
goto:eof
pclist.txt contains 1 pc for testing
ASKER
I will continue this tomorrow, i have to leave the building now :(
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This was excellent! I ran the batchfile and reloggedin at the remote machine and I am part of the Admin group. I need to update over 1000 pc's which will be a piece of cake. Thanks!
Select Another Computer>Enter in the computer name of the computer you want to manager
Say OK, then drill down to System Tools>Local Users and Groups>Groups>Administrato
Add the User account there
To remotely access the C drive on the desktops (to place files), you can use "targetpc\c$"