Script to make a specific user Local Admin

Posted on 2011-05-06
Last Modified: 2012-05-11

We have a desktop setup, where all pc's are named [username]-[inventorynumber] (ie. jefr-73766) and where all users are local admins on their own pc. So jefr are local admin on jefr-73766 but not on any other machine.

We are using both Win XP and 7 agains windows servers (Active Directory).

I know it is possible to use GPO to do this, so that a user are local admin on any pc he uses, but what about our scenario, can it be done?

I am thinking maybe the solution is a script, but then again, I'm not a scripting guy :-s

Any ideas? Any help is appreaciated.

Question by:Kasper Katzmann
    LVL 2

    Expert Comment

    so you want to make local admins rights to [user] by mask from computer name like [user]-[computer].

    Author Comment

    by:Kasper Katzmann
    Yes, thats right.
    LVL 2

    Expert Comment

    domain contriollers on Win Server 2k8?

    Author Comment

    by:Kasper Katzmann
    Yep :-)
    LVL 65

    Accepted Solution

    A startup script with the following should do the job.


    Set objNetwork = CreateObject("WScript.Network")
    strComputer = objNetwork.ComputerName
    strGroup = "Administrators"
    strDomain = "YourDomainName"
    strUserName = Left(strComputer, InStr(strComputer, "-") - 1)
    Set objGroup = GetObject("WinNT://" & strComputer & "/" & strGroup & ",group")
    Set objUser = GetObject("WinNT://" & strDomainName & "/" & strUserName)
    Set objGroup = Nothing

    Open in new window

    LVL 2

    Expert Comment

    ok i'l try to help you.
    script in attachment
    change extension to .ps1

    run with domain admin priv on Domain Contrioller or Win 7 machine

    LVL 2

    Expert Comment

    oh! change script befor running :) Need to enter domain name and local admin group name

    Script takes comp names from AD and add user in left side of Comp name to local admin gruop on that comp
    LVL 2

    Assisted Solution

    little shorter version not need to enter domain name and Admin group if it named Administrators

    # Add a domain user to a local group on the remote computer  
    $localGroupName = "Administrators" #Group Name of Admins here
    [string]$FulldomainName = ([ADSI]'').distinguishedName
    [string]$domainName = ([ADSI]'').Name
    $strFilter = "(&(objectCategory=Computer)(!userAccountControl:1.2.840.113556.1.4.803:=2))"
    $objDomain = New-Object System.DirectoryServices.DirectoryEntry("LDAP://$FulldomainName")
    $objSearcher = New-Object System.DirectoryServices.DirectorySearcher
    $objSearcher.SearchRoot = $objDomain
    $objSearcher.PageSize = 1000
    $objSearcher.Filter = $strFilter
    $colResults = $objSearcher.FindAll();
    foreach ($objResult in $colResults)
    $objItem = $objResult.Properties;

    Open in new window


    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Issue: Unstable cursor in Windows XP and Windows runs extremely slow in that any click will bring up the Hour glass (sometimes for several seconds before giving you what you want) . Troubleshooting Process and the FINAL FIX: This issue see…
    Not long ago I saw a question in the VB Script forum that I thought would not take much time. You can read that question (Question ID  ( Here (http…
    This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.
    This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.

    730 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now