Can anyone tell me whether it is possible to add the user logging into the local admin group of the box? Thanks for any information.
Printable View
Can anyone tell me whether it is possible to add the user logging into the local admin group of the box? Thanks for any information.
I think that you can try to run a Startup Script to do that. Or else you can use a Group Policy to setup a local Restricted Group. The trick to do this is to setup the GPO while using the tools (GPEdit or GP Management) on a Windows XP machine or a Windows 2000 non-dc machine.
There might be complication where the startup script will not know who the user will be. So, it should add a domain group to the local Admin group, and then all the desired users can be made members of this domain group. You have to use the group called Domain Users if you want everyone included. But a normal user will not be able to add themselves to any group, so a logon script will never work. Check the below VBScript where I add the domain group "MyGroup" to the local Administrators group
Code:Option Explicit
Dim strDomain, objNetwork, strComputer
Dim objLocalGroup, objDomainGroup
' Specify the NetBIOS name of the domain.
strDomain = "MyDomain"
' Retrieve NetBIOS name of local computer.
Set objNetwork = CreateObject("Wscript.Network")
strComputer = objNetwork.ComputerName
' Bind to local Administrators group.
Set objLocalGroup = GetObject("WinNT://" & strComputer _
& "/Administrators,group")
' Bind to domain group.
Set objDomainGroup = GetObject("WinNT://" & strDomain & "/MyGroup,group")
' Check if the domain group is already a member of the local group.
If Not objLocalGroup.IsMember(objDomainGroup.AdsPath) Then
' Add the domain group to the local group.
objLocalGroup.Add(objDomainGroup.AdsPath)
End If
' Clean up.
Set objNetwork = Nothing
Set objLocalGroup = Nothing
Set objDomainGroup = Nothing
You can try to use the runasspc.exe. It is normally a run as tool with environment variables and password encryption. You can call Script over runasspc.exe and add in the program options of runasspc the option %username%. After that you can get the current username in your script to add him to a local admin account.