TechArena Community

TechArena Community (http://forums.techarena.in/)
-   Windows Server Help (http://forums.techarena.in/windows-server-help/)
-   -   Authenticated Users (http://forums.techarena.in/windows-server-help/335097.htm)

Steve Furniss 02-08-2005 06:34 PM

Authenticated Users
 
How can I script adding the group "Authenticated Users" into the local
"Administrators" group on a computer?

I have tried the following script and it cant find the group:-

Set objLocalGroup = GetObject("WinNT://" & strComputer &
"/Administrators,group")

Set objDomGroup2 = GetObject("WinNT://NT Authority/Authenticated Users")

objLocalGroup.Add(objDomGroup2.ADsPath)

Is what I want to do even possible ?

Torgeir Bakken \(MVP\) 02-08-2005 09:40 PM

Re: Authenticated Users
 
Steve Furniss wrote:

> How can I script adding the group "Authenticated Users" into the local
> "Administrators" group on a computer?
>
> I have tried the following script and it cant find the group:-
>
> Set objLocalGroup = GetObject("WinNT://" & strComputer &
> "/Administrators,group")
>
> Set objDomGroup2 = GetObject("WinNT://NT Authority/Authenticated Users")
>
> objLocalGroup.Add(objDomGroup2.ADsPath)
>
> Is what I want to do even possible ?

Hi,

I would *strongly* recommend to add "NT Authority\Interactive" in the
local Administrators group to let all domain users automatically be
local admins when they log on to a computer interactively.

This is more secure than adding "Authenticated Domain Users",
"Domain Users", "NT AUTHORITY\Authenticated Users" or any other
global security group because you avoid the issue with cross
network admin rights (remote access) that these groups introduces.


Adding it to the Administrators group with a command line:

%SystemRoot%\system32\net.exe LOCALGROUP /ADD "Administrators"
"NT Authority\Interactive"

(the command above will wrap over to lines in the newsgroup post, it
needs to be adjusted to be all on one line)


Adding it to the Administrators group using vbscript:

'--------------------8<----------------------
Option Explicit

Dim objNetwork, strComputer, objLocalGroup

' create network object for the local computer
Set objNetwork = CreateObject("Wscript.Network")

' get the name of the local computer
strComputer = objNetwork.ComputerName

' bind to the group
Set objLocalGroup = GetObject("WinNT://" & strComputer & "/Administrators,group")

' add NT Authority\Interactive to the group
On Error Resume Next ' suppress error in case it is already a member
objLocalGroup.Add("WinNT://NT Authority/Interactive")
On Error Goto 0
'--------------------8<----------------------



--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scr...r/default.mspx

Jerold Schulman 02-08-2005 09:42 PM

Re: Authenticated Users
 
On Tue, 2 Aug 2005 06:04:02 -0700, "Steve Furniss" <SteveFurniss@discussions.microsoft.com> wrote:

>How can I script adding the group "Authenticated Users" into the local
>"Administrators" group on a computer?
>
>I have tried the following script and it cant find the group:-
>
>Set objLocalGroup = GetObject("WinNT://" & strComputer &
>"/Administrators,group")
>
>Set objDomGroup2 = GetObject("WinNT://NT Authority/Authenticated Users")
>
>objLocalGroup.Add(objDomGroup2.ADsPath)
>
>Is what I want to do even possible ?


Yes

Set oShell = CreateObject("Wscript.Shell")
sCmd = "%SystemRoot%\system32\net.exe localgroup administrators ""NT AUTHORITY\Authenticated Users"" /ADD"
oShell.Run sCmd, 0, True



All times are GMT +5.5. The time now is 11:29 PM.