Task:
Your Company hired couple people to perform hardware refresh on all the workstations and you need to create group called "Local_Admins" and include& configure this group into each workstation " local administrator gorup" in your active directory domain.
The task can be accomplish in different ways and I am going to post two of them here in my blog.
Batch file,
Place same directory as VB script below. The below simple batch file will add the group called "Local_Admins" into local administrators group.
net localgroup administrators "smtp25\local_Admins" /add |
net localgroup administrators "smtp25\Local_Admins" /delete |
VBScript
Copy and paste below into notepad
Please pay attention you only need to change two lines in below script,
- Change below to your own domain, my domain name is smtp25.org
- MyDomain = "smtp25.org"
- ' Change group name to your desired group
- GlobalGroup = "Local_Admins"
'VBScript to Add an AD Group to a Local Administrators group ' This script will Add an Active Directory Desktop support Group to the Local ' Administrator Group. this can be Used to provide Local Administrator rights ' to any group ' Script modified by oz ozugurlu, change anything you like , no copy rights Option Explicit On Error Resume Next 'Define Variables Dim Mydomain Dim GlobalGroup Dim oDomainGroup Dim oLocalAdmGroup Dim oNet Dim sComputer Set oNet = WScript.CreateObject("WScript.Network") sComputer = oNet.ComputerName ' Change below to your own domain, my domain name is smtp25.org MyDomain = "smtp25.org" ' Change group name to your desired group GlobalGroup = "Local_Admins" Set oDomainGroup = GetObject("WinNT://" & MyDomain & "/" & GlobalGroup & ",group") Set oLocalAdmGroup = GetObject("WinNT://" & sComputer & "/Administrators,group") oLocalAdmGroup.Add(oDomainGroup.AdsPath) 'Nullify Variables Set Mydomain = Nothing Set GlobalGroup = Nothing Set oDomainGroup = Nothing Set oLocalAdmGroup = Nothing Set oNet = Nothing Set sComputer = Nothing |
- Save the script as "Add_Local_Admins.vbs"
- Log onto your domain controller, click start run type "gpmc.msc"
- Locate the OU you wish to apply this script too
- Create a GPO in this domain and link it here , give it a name to the GPO "Add_Local_Admins"
- Make a right click, select add , expend Computer configurations
- Policies, windows settings scripts , double click startup, click add , click Browse
- **** Copy and paste the script into this location*****
- Select the script , click okay two time exit.
- Now make sure the computers are located under this OU
- Next time computers start the GPO will run the script and specified group will be added to the local administrators group on the workstations
Oz Ozugurlu
MVP (Exchange)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
Blog: http://www.smtp25.blogspot.com
7 comments:
Just to add to the post. You can also use a GPO and add an entry under "Restriced Groups". I just had to perform the same procedure.
Thanks for the information, yes restricted groups are another way of accomplishing the same goal. Although there is quite a bit confusion on MS links in this regard and restricted groups in my opinion
http://technet.microsoft.com/en-us/library/cc772826.aspx
--oz
Thanks for sharing this information and source..
Great and it works for me!
To Justin - Using Restricted group autoritatively overwrites group content. In case you have different computers with different local admin users and want to preserve them, it is no way to go. There is no option to preserve existing members of restricted group.
Thanks for the information, however i wish to prepare a script to check the availability of the added object in Local administrators group and re-add it If object is missing/removed. Can someone to reach out to jharakesh@hotmail.com or post it.
Thank you
When will you be doing another article on this subject?
Amela
desktop support hertfordshire
Best Moving Company +971 50 3605353
We are Cheap Movers in Dubai, providing best moving
services at reasonable prices. Call Now for Residential and Commercial Dubai Movers +971503605353
Dubai Movers
Movers Dubai
moving services dubai
moving company
movers dubai
home movers dubai
Packer in Dubai
Local Movers
Cheap Movers in Dubai
Dubai Local Movers
http://www.advmovers.com/
Post a Comment