bojangles714
asked on
Batch file to add current user to the Local Admin Group
I am looking for a batch file that will add the user logging in to that machines local administrators group. I have wrote a script but does not appear to be fully functional. It will only run properly if you are domain admin. The script I am running is
Is this incorrect?
net localgroup Administrators /ADD "domain\%username%"
Is this incorrect?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I agree. You could even do that manually - going to each machine, log in as admin, issue
net localgroup Administrators /add "domain\domain users"
- or do it from remote, e.g. with psexec (www.systernals.com):
psexec @listofpcs -u domain\administrator -p Pwd ^
net localgroup Administrators /add "domain\domain users"
That then needs to be done only once.net localgroup Administrators /add "domain\domain users"
exactly... or rightclick mycomputer> manage> localusers >groups. Select adminitrators add domain users.
Rather than explicitly adding each user, a comparatively better method would be to add the INTERACTIVE account to the local Administrators group. This way users will have administrative privileges when the log onto the machine, but not when they access it over the network.
You could do this using Restricted Groups in group policy, or by running the command below in a script configured through the group policy node Computer Configuration\Windows Settings\Scripts\Startup. Note that unlike logon scripts, startup scrips run under the local SYSTEM account and thus have access to modify membership in the Administrators group.
You could do this using Restricted Groups in group policy, or by running the command below in a script configured through the group policy node Computer Configuration\Windows Settings\Scripts\Startup. Note that unlike logon scripts, startup scrips run under the local SYSTEM account and thus have access to modify membership in the Administrators group.
net localgroup administrators interactive /add
ASKER
I will have to write a script then to do so. Thank you. I will be using psloggedon and psexec.
thanks
thanks
You are aware that psloggedon only can get you the user logged in *at that moment*?
Thanks for the grade
The command is correct however like xxdcmast said they will need to be an admin already. You can use a script to open the cmd prompt as a different user that has admin rights and run the .bat file within that. But I would use an encrypted script so the user cant accidently see the password
If your adding any user that logs on as an admin to the machine then everyone will be an admin. So theoretically you could use a startup script or restricted group in group policy to give domain users admin access.
I dont think this is a good thing to do but it will do what your looking for.