Add domain user to local admin group

[jh]

I'm trying to add a domain user account to the local admin
group on my workstations. I've tried using the cusrmgr
command from the resource kit, but keep getting a failure
error. Does anyone know how to use this command to
complete this task?

 

[Ray at]

net localgroup administrators DOMAIN\username /add

That's what you could enter at the machine's command prompt.

Ray at work

 

[mjcartier]

I used this VBScript that I included in a GPO to add the Domain Admins group
to the local admins group:

##########################################

Set oNet = CreateObject("Wscript.Network")
Set com = GetObject("WinNT://" & oNet.ComputerName)
Set LocalGroup = com.GetObject("group", "Administrators")
Set DomainGroup = GetObject("WinNT://DomainName/Domain Admins,group")
LocalGroup.Add(DomainGroup.AdsPath)
LocalGroup.SetInfo


############################################


Just subsitute "DomainName" in the 4th line with the name of your domain and
the name of the group you want....

 

[jh]

Is there not a way that I can change it remotely. So
enter the command on the server but add the domain user
account to the local admin group on a specific workstation?

 

[Torgeir Bakken (MVP)]

Is there not a way that I can change it remotely. So
enter the command on the server but add the domain user
account to the local admin group on a specific workstation?

Hi

Some command line utilities that should enable you to run "net localgroup ..."
on a remote computer:


Take a look at PsExec.exe in the free PsTools suite, found at
http://www.sysinternals.com

PsExec can even automatically copy a file over to the remote computer
before it starts it.


Another freeware program with similar merits to PsExec is Beyondexec.
http://www.beyondlogic.org/consulting/remoteprocess/BeyondExec.htm

Beyondexec also have multiple computer functionality.

 

[Ray at]

rcmd.exe from the Resource Kit will also work. And then there's the poor
man's method of AT'ing a task to do it.


at \\rremotemachine 14:00 net localgroup administrators domain\username /add

I'm sure that if you needed this done on demand, you could come close by
parsing the time of the remote machine from "net time" and execute the task
at the next minute.

Ray at work

 

[Michael Bednarek]

net localgroup administrators DOMAIN\username /add

That's what you could enter at the machine's command prompt.

Or indeed in the AD's Machine Startup script, if you want to avoid
visiting every box.

 

[Al Dunbar [MS-MVP]]

I used this VBScript that I included in a GPO to add the Domain Admins group
to the local admins group:

Excellent. This also indicates that it is better to add such a domain group
to a local group than to add a domain user account, as subsequent personnel
changes can be adjusted for all workstations simply by changing the
membership of the domain group.

/Al