wantabe2 used Ask the Experts™
I have the follwoing code in my logon script & it is failing on this line:

NET localgroup Administrators /add "mydomain\User_Admins"

I'm trying to add the User_Admins group to the local computer in the user settings when the user logs in. This is a Windows 2008 domain using .vbs as the login script. Any suggestions?
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2013
Have you thought about doing this using restricted groups via group policy


The method above has been around since 2003

You can also use group policy preferences to do it  in 2008   http://www.grouppolicy.biz/2010/01/how-to-use-group-policy-preferences-to-secure-local-administrator-groups/

I've used restricted groups and not had issues.



Is the user the script is running under an administrator on the machine where it is failing?
Serge FournierAnalyst Programmer

the logon script policy can make a logon script run as "system" or the logged user
(two different policy)

you have to run your script twice in the GPO
and then in your script, add a condition when the netlogon user name is "system" it mean it's run before the user logon, with admin rights
and ELSE run the rest of the script with normal user rights<

this way you can do stuff with admin right (aka system user is logged on)

I would personally take Mike's route above and use Restricted Groups via GPO.  Much easier and it will remove all unwanted user accounts from the local Administrators group (sort of like a baseline).
Darren CollinsTech Lead (Windows), Endpoint Device Management Services
I agree with the suggestions above to use Restricted Groups via GPO.

But regarding your initial question,  fundamentally the line you are using is a batch command line and will not work as-is from a VBScript.  You'd need something like:
Set wshShell = CreateObject("WScript.Shell")
wshShell.Run "NET localgroup Administrators /add ""mydomain\User_Admins""", 0, True

Open in new window

...and obviously the logon script must run as a user with local administrative privileges.


Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial