cparker Posted March 22, 2005 Share Posted March 22, 2005 Hi allDuring the finale of my automated setup I wish to allow a user to add their domain account into the local administrators group on their machine.Any ideas how this can be done, maybe a window with all the domain users in it and they then select themselves from this, and that account is then automatically added to the local admin group.Anybody got any clever ideas or solutions to this problem?? Thanks in advance Link to comment Share on other sites More sharing options...
Refuse_ Posted March 23, 2005 Share Posted March 23, 2005 Don't think it is easy.Since a user has no rights to add him/her self to the localadmin group because you allready need admin rights to perform this action.If everyone of your users is a member of the local admin group, you can simply add "domain users" to the local admin group.Resulting in every domain user being a local admin on every computer.If this is not something you want you can always make a batchfile (with variables as %username% and such).But people still won't have the rights to add themselves to a local group.You still need the use of elevated privalidge or delegation of control (asuming you use a 2k or 2k3 dc/ads).If i think of a better way the next couple of days .. i'll write it here. Link to comment Share on other sites More sharing options...
max75 Posted March 23, 2005 Share Posted March 23, 2005 The syntax would be:net localgroup Administrators [I]domainname[/I]\[I]username[/I] /addYou could use a script in the RunOnceEx.cmd part of your automated install.I am pretty sure however that it can also be configured using Active Directories.(That is if you use W2K or W2K3 server in your domain. Link to comment Share on other sites More sharing options...
max75 Posted March 23, 2005 Share Posted March 23, 2005 Regarding prior post. The en is supposed to symbolize italic characters. It doesn't show correct though. (At least on my machine) Link to comment Share on other sites More sharing options...
cparker Posted March 29, 2005 Author Share Posted March 29, 2005 As an update to my post, I found this tool CPAU which works the same way as the RunAs, only you can bundle the username/password.http://www.joeware.net/win/free/tools/cpau.htmUse this to add the domain user to the local machine as an administratorcpau -u DOMAIN\ADMINACCOUNT -p password -ex "net localgroup \"Administrators\" \"DOMAIN\USERACCOUNT\" /addI've bundled this into a Wise script which works very nicely, prompting for the user account to add, works lovely! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now