Adding Domain group to local administrators groups on multiple servers

I need to add a domain group to the local administrators group on several servers by reading the server names from a text or csv file. Can someone point me to a vbs script for this? Using GPO isn't an option.
WofttAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

bluntTonyHead of ICTCommented:
If you say that a GPO is not an option because you only want it to apply to a specific list of servers...

Instead of having a text file or csv with the server names, create a security group and make those servers members. Then use security filtering so that the GPO only applies to that security group.

The policy you want to use is a Restricted Groups policy.
0
WofttAuthor Commented:
Thanks but AD is managed by a different group than the servers. Any AD changes would require and act of congress. So I really need a VB script.
0
djdk74Commented:
Try this script. You will need to add your server names to the arrComputers in the format demonstrated in the code so it is not 100% what you are looking for but it should get the job done. Also you will need to modify the domain\group in strCommand to your domain and group name as demonstrated in the script.


arrComputers = Array("Server1","Server2","Server3")
 
For Each strComputer In arrComputers
strCommand = "cmd.exe /c net localgroup Administrators /add " & Chr(34) & "domain\group" & Chr(34)
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set objProcess = objWMIService.Get("Win32_Process")
errReturn = objProcess.Create(strCommand, null, null, intProcessID)
Next
Wscript.echo "Complete"

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
WofttAuthor Commented:
Kind of answered my own question. The following code will do the trick.  Change the domain group to match your group and then change oTextFile to point to a text file with your list of servers or pc's
Const ForReading = 1
 
Set oFS = CreateObject("Scripting.FileSystemObject")
Set oNet = CreateObject("wscript.network")
 
sDomain = oNet.UserDomain
sDomainGroup = "DOMAIN GROUP HERE"
sLocalGroup = "Administrators"
 
Set oTextFile = oFS.OpenTextFile("C:\servers.txt", ForReading)
 
Do While oTextFile.AtEndOfStream <> True
	sComputer = oTextFile.ReadLine
	
	Set oDomainGroup = GetObject("WinNT://" & sDomain & "/" & sDomainGroup & ",group")
	Set oLocalGroup = GetObject("WinNT://" & sComputer & "/" & sLocalGroup & ",group")
	
	oLocalGroup.Add(oDomainGroup.AdsPath)
 
Loop

Open in new window

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.