Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Wanet Telecoms Ltd on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Setting Local Power Users from a Login Script 1

Status
Not open for further replies.
Albion

Albion

IS-IT--Management
Aug 8, 2000
517
US
I have a bunch of users on my domain (Linux Samba 3, so no Active Directory) who need to be members of the Local Power users group. Is there any way to add a domain user to the local power users or local admins group from a login script?

Thanks

-Al
 
Sort by date Sort by votes
I since the login script is executed in the security context of the user, the user won't be able to elevate his privileges on his machine. sorry.

How many computer are we talking about?

Jeff
 
Upvote 0 Downvote
Between 75 and 100 or thereabout.

-Al
 
Upvote 0 Downvote
Actually, logon scripts are executed in the security context of Local System.

In any case, two choices:

1. You can use WMI scripting:


'Beginning Of the Script

On Error Resume Next

'get main objects/variables

Set ws = WScript.CreateObject ( "WScript.Shell" )
compname = ws.ExpandEnvironmentStrings ( "%COMPUTERNAME%" )
Set adGrp = GetObject ( "WinNT://" & compname & "/Administrators,group" )

'add domain groups to local admin group: example
'example domain group is Domain Administrators:

adGrp.Add ( "WinNT://Main/Domain Admins,group" )
'
'
'add domain user to local admin group
'example domain user is jjones

adGrp.Add ( "WinNT://Main/jjones,user" )

'End of the Script

2. Use NET LOCALGROUP


Example: >net localgroup "administrators" "bcastner\power users" /add
 
Upvote 0 Downvote
That's what I was looking for, thanks much.

-Al
 
Upvote 0 Downvote
Sorry Jeff31, I errored in correcting you above. Logon/logoff scripts run in the logged-on user’s security context, and shutdown/startup scripts run in the system’s security context.

Brain freeze on my part. Time for coffee.

 
Upvote 0 Downvote
Several other notes:

. If you want to create a text file and feed commands to make users/group to local group changes, the Win2k reskit has two different utilities to do this. See the command lines for ADDUSERS.EXE and USERTOGROUP.EXE

. You really must see this tool "A2A", as it is what I frequently use to handle this chore:
No logon scripts, nothing. This will change every turned on computer in a Domain.
 
Upvote 0 Downvote
It would be nice if a2a worked with Powerusers instead of just Administratior. Although, that is a nice tool. To be honest it would be nice if Samba would just hurry up and incorporate Active Directory and Group Policies. :)

-Al
 
Upvote 0 Downvote
Yes, it would be nice of A2A gave you a local group option.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sebastian42
  • Locked
  • Question
Possibly a timing problem
Replies
3
Views
1K
Rick998
Rick998
Flinx
  • Locked
  • Question
the SAGA of trying to get a computer to sleep and wake up on a schedule
Replies
1
Views
2K
Flinx
Flinx
Sebastian42
  • Locked
  • Question
Getting a drive REdetected
Replies
18
Views
1K
Rick998
Rick998
Deniall
  • Locked
  • Question
AutoHotKey for a very simple task 1
Replies
5
Views
871
Deniall
Deniall
dpellegrini
  • Locked
  • Question
Unable to map a drive
Replies
12
Views
1K
dpellegrini
dpellegrini

Part and Inventory Search

Sponsor

Back
Top