Jump to content

Add domain user to Administrator group of this PC

Grenky
 Share

Recommended Posts

Grenky

Grenky

Posted
Posted

If .sif is arranged like this:

........
[Identification]
    JoinDomain=domainname
    DomainAdmin=Administrator
    DomainAdminPassword=xxxxxxx
........

then after the Windows installation we can see the following:

logon.jpg

so when entering, we have to select domain enter and use domain name & password. Let’s assume user was created – he is not an administrator of the computer so far, hence is not allowed to install software… RunOnceEx.cmd tries in vain.

Question:

How to add user (selected) into the group “administrators” of the computer prior to entering the system.

sorry fo my Eng.

Link to comment
Share on other sites

andrewpayne

andrewpayne

Posted
Posted

Hi Grenky

the command used is 

net localgroup Administrators /add "DOMAIN\username"

where DOMAIN is your Domain Name and username is the Domain User

this needs to be inserted into your cmdlines or other batch file before runonceex.cmd is run and will then enable this user to be a local admin from the word go.

hope this helps!

Link to comment
Share on other sites
Grenky

Grenky

Posted
  • Author
Posted

It must run at T-12. But at T-12 "cmd" run as SYSTEM AUTHORITY (not Domain Administrator)

So, I have'nt right to add Domain Users to localgroup Administrators.

And I want select User from Domain Users List.

Link to comment
Share on other sites
andrewpayne

andrewpayne

Posted
Posted

You want to select a domain user during the installation?

You will need to modify the Group Policy for your OU in AD to include a startup script to run the above command I mentioned - however insert the name of a group rather than user (eg LOCALADMIN) and add all domain users who require local administrator rights to this group.

By default - Domain Users are Power Users not Local Admin - as I know you are aware.

I had a similar problem with ensuring control over Local Administrators and the Startup Script appled to Computer using GP in OU was my method of overcoming this.

However - Unattended Installations should be automated and require little if any interaction. So personally I would setup the installation using the default Administrator account with auto logon etc - and keep the selection of domain users to become local admins as a 'post installation' - done by Group Policy for your AD.

This would be much easier and far more efficient to manage.

Just my thoughts... ;)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...