"Lanwench [MVP - Exchange]"
Post by Lanwench [MVP - Exchange]Post by alimkHi Everyone,
I need a VB Script for adding domain users to be a member of local
administrators group.
Thanks in Advance.
Why does it especially need to be vbscript? A simple batch file startup
script in a GPO will do this. My advice would be to set up a universal
security group called LocalAdmin in AD. Add the users you wish to it
Use this in a batch file assigned as a startup script via GPO...
net localgroup administrators DOMAIN\localadmin /add
I would recommend that this not be done in a logon script, whether batch
file or VBScript, because normal users should not have permission and
administrator credentials should not be exposed in a logon script. Also, if
done in a logon script the task can be repeated over and over, and yet you
don't know when the task is complete for each computer. The VBScript program
has the advantage of checking first to see if the user/group needs to be
added, but unless it logs to a shared file, you still don't know when the
task is complete.
Better is to add the user or group to the local Administrators group
remotely yourself. The VBScript example I posted can be run remotely, as
long as the person is a member of the Domain Admins group, which by default
should be a member of the local Administrators group for all computers
joined to the domain. You could code a script to do this in bulk for all
computers, or computer names read from a text file.
An even better solution is to use the Restricted Groups feature of Group
Policy. Again, a domain group should be added to all local Administrators
groups, so it can be managed easily in AD. See these links for details:
http://support.microsoft.com/kb/279301
http://technet.microsoft.com/en-us/library/cc785631(WS.10).aspx
http://support.microsoft.com/kb/810076
--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--