linkpalmer Posted September 16, 2013 Share Posted September 16, 2013 Hi Guys, I wonder if you can help out.I'm trying to add a network admin security group to my local Admins group on some computers I'm prepping. Currently this means logging in with the local admin, opening computer management, adding the group, then putting in my network admin credentials.What I'm trying to do is script it. Here is the script I have so far, which obviously doesn't work.net localgroup Administrators /ADD domain\SG_AD_Adminsnet localgroup "Power Users" /ADD "domain\domain users"It keeps throwing me an Access is denied error when I run it as either local admin or network admin, which makes sense since I need the local account to get into computer management but then network admin to actually add the security group.I was also messing around with the runas command, but so far I'm pretty stumped. Any help would be appreciated! Link to comment Share on other sites More sharing options...
allen2 Posted September 16, 2013 Share Posted September 16, 2013 There is something called restricted groups that you can enable through GPO that will most likely do exactly what you want without any need of user interaction. Link to comment Share on other sites More sharing options...
MrJinje Posted September 17, 2013 Share Posted September 17, 2013 (edited) Not sure if this is plausible in your scenario, but at work we schedule domain admin accounts to be added to the baseline image using setupcomplete.cmd. This way those accounts are inserted on first boot up.In fact our setupcomplete.cmd actually calls a 'kicker' script from the network share so that it is easier for us to make modifications to the script (insert new groups, users, join domain all automated) without having to modify our image. Edited September 17, 2013 by MrJinje Link to comment Share on other sites More sharing options...
linkpalmer Posted September 18, 2013 Author Share Posted September 18, 2013 Not sure if this is plausible in your scenario, but at work we schedule domain admin accounts to be added to the baseline image using setupcomplete.cmd. This way those accounts are inserted on first boot up.In fact our setupcomplete.cmd actually calls a 'kicker' script from the network share so that it is easier for us to make modifications to the script (insert new groups, users, join domain all automated) without having to modify our image.MrJinje, I would be interested to see the kicker script that you are using so I could see how exactly the accounts are being added on that first boot. This seems like a route we could go.Thanks for the help guys Link to comment Share on other sites More sharing options...
MrJinje Posted September 18, 2013 Share Posted September 18, 2013 (edited) SetupComplete.cmdstart /wait \\Somewhere\kicker.cmdkicker.cmdnet localgroup Administrators /ADD domain\SG_AD_Adminsnet localgroup "Power Users" /ADD "domain\domain users"Quick dirty way to customize your install DVD from the server side. Can make one change to the kicker script, all future installations will be affected. Use it to add roles and features, newer versions of applications, or anything you forgot to put in the install disk. Edited September 18, 2013 by MrJinje Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now