Add Domain User to Local Power Users group.
in [VbScript]
|
Prev: GetDetailsOf
Next: ERROR_ACCESS_DENIED5 (00000005)
From: Arsi on 7 Feb 2005 10:27 This script works if the user is "Power User" or "Administrator" locally but if it is a "Domain User" it doesn't. Anyone have a clue what to do? I want to run it against all my users in domain. Yes I know I could do this via GPO but I don't want to do that. I would only like to use this script once so everyone would be Power User in their own computer. on error resume next Set objNet = CreateObject("WScript.NetWork") Dim strComputer Dim strUser strComputer = objNet.ComputerName strUser = objNet.UserName Set objGroup = GetObject("WinNT://" & strComputer & "/Power Users") Set objUser = GetObject("WinNT://MyDomain/" &strUser) objGroup.Add(objUser.ADsPath)
From: Torgeir Bakken (MVP) on 7 Feb 2005 18:37 Arsi wrote: > This script works if the user is "Power User" or "Administrator" locally > but if it is a "Domain User" it doesn't. Anyone have a clue what to do? > I want to run it against all my users in domain. Yes I know I could do > this via GPO but I don't want to do that. I would only like to use this > script once so everyone would be Power User in their own computer. > > on error resume next > Set objNet = CreateObject("WScript.NetWork") > Dim strComputer > Dim strUser > strComputer = objNet.ComputerName > strUser = objNet.UserName > > Set objGroup = GetObject("WinNT://" & strComputer & "/Power Users") > Set objUser = GetObject("WinNT://MyDomain/" &strUser) > objGroup.Add(objUser.ADsPath) Hi As the current user account only have ordinary user rights, the script will not be able to add the account to a group. You could do it in a computer startup script (with a GPO) that runs as part of the boot up process (before the user logs in). It runs under the system context and has admin rights. -- torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: http://www.microsoft.com/technet/scriptcenter/default.mspx
From: Al Dunbar [MS-MVP] on 7 Feb 2005 21:56 "Torgeir Bakken (MVP)" <Torgeir.Bakken-spam(a)hydro.com> wrote in message news:eo6b93WDFHA.560(a)TK2MSFTNGP15.phx.gbl... > Arsi wrote: > > > This script works if the user is "Power User" or "Administrator" locally > > but if it is a "Domain User" it doesn't. Anyone have a clue what to do? > > I want to run it against all my users in domain. Yes I know I could do > > this via GPO but I don't want to do that. I would only like to use this > > script once so everyone would be Power User in their own computer. > > > > on error resume next > > Set objNet = CreateObject("WScript.NetWork") > > Dim strComputer > > Dim strUser > > strComputer = objNet.ComputerName > > strUser = objNet.UserName > > > > Set objGroup = GetObject("WinNT://" & strComputer & "/Power Users") > > Set objUser = GetObject("WinNT://MyDomain/" &strUser) > > objGroup.Add(objUser.ADsPath) > Hi > > As the current user account only have ordinary user rights, the > script will not be able to add the account to a group. > > You could do it in a computer startup script (with a GPO) that runs > as part of the boot up process (before the user logs in). It runs > under the system context and has admin rights. Or you could run a remote script against the workstations to do this from an admin workstation. Since you seem to want ANY user who can logon to be a power user, perhaps the easiest would be to add some global group that all users are a member of, instead of adding individual domain accounts. I would suggest using the "authenticated users" group. /Al
From: Torgeir Bakken (MVP) on 8 Feb 2005 05:52 Al Dunbar [MS-MVP] wrote: > "Torgeir Bakken (MVP)" <Torgeir.Bakken-spam(a)hydro.com> wrote: > >> As the current user account only have ordinary user rights, the >> script will not be able to add the account to a group. >> >> You could do it in a computer startup script (with a GPO) that runs >> as part of the boot up process (before the user logs in). It runs >> under the system context and has admin rights. > > > Or you could run a remote script against the workstations to do this from an > admin workstation. Since you seem to want ANY user who can logon to be a > power user, perhaps the easiest would be to add some global group that all > users are a member of, instead of adding individual domain accounts. Agreed. > I would suggest using the "authenticated users" group. Or the builtin "NT Authority\Interactive" -- torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: http://www.microsoft.com/technet/scriptcenter/default.mspx
From: Arsi on 9 Feb 2005 10:28
Torgeir Bakken (MVP) wrote: > > Hi > > As the current user account only have ordinary user rights, the > script will not be able to add the account to a group. > > You could do it in a computer startup script (with a GPO) that runs > as part of the boot up process (before the user logs in). It runs > under the system context and has admin rights. > > This works, thanks. Now I tried to restrict this more so that everyone would not be local "Power User" in the domains every computer. So I figured out that what about reading the information from a file and then adding certain users only to their own computers. I mean that we have a machine database where we could export our user / machine information and use it to make everyone local "Power User" of their own computer. So I tried this script. It works fine if there's only 1 line of text. When you have multiple users / computers in the text file then it only reads the last line of the text file =/ How could I accomplish this so that I could only read the line that concerns the current user/machine (strUser = objNet.UserName and strComputer = objNet.ComputerName)? Am I thinking this the wrong way, could there be an easier solution to do this? Hmm... if this "thing" can be done will it work if the user has multiple computers, like Desktop and Laptop? beginning of the script ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' Set objNet = CreateObject("WScript.NetWork") Dim strComputer Dim strUser strComputer = objNet.ComputerName strUser = objNet.UserName Const ForReading = 1 Set objFSO = CreateObject("Scripting.FileSystemObject") Set objTextFile = objFSO.OpenTextFile ("C:\Test.txt", ForReading) Do Until objTextFile.AtEndOfStream strNextLine = objTextFile.Readline arrServiceList = Split(strNextLine , ",") For i = 1 to Ubound(arrServiceList) Next Loop if strUser = arrServiceList(0) and strComputer = arrServiceList(1) then Set objGroup = GetObject("WinNT://" & strComputer & "/Power Users") Set objUser = GetObject("WinNT://MyDomain/" &strUser) objGroup.Add(objUser.ADsPath) end if ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' end of the script Test.txt ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' user1,computer1 user2,computer2 user3,computer3 ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' |