I am looking for a quick way to add an account(local admin) to all pc's in
my IP range. I can run it as the domain admin. I just took over at a new
office and want to remove the old local accounts.

So I need to go thru all computers (w2k, 2003, xp) servers and workstations,
and dump the local accounts, their group membership etc to a file, then toss
them all. But I want to create my own local backdoor admin account just in
case on all of them.

I'm not much of a script writer, I've done some research on the web and
found that the old adduser tool might not work with 2003, then net user is
supposed to be possible, but I cannot seem to figure out how to run it from
one station and hit all the others.

anyone have any ideas?

I was thinking using something like this in there

FOR /L %%1 IN (1,1,254) DO ping -a 192.168.0.%%1 -n 1

obviously not a ping, but maybe using adduser or similar unless it really
does not work with 2003.

TIA.

Hi there

Assuming you're using Active Directory and you have your workstations
beneath a single OU (where you can apply the GPO), you can assign a computer
startup script to the machines using Group Policy.

The following command will add a user named joe with password "password" to
the local machine.

net user joe password /add

To add joe to the local administrators group, use the following:

net localgroup administrators joe /add

If you run these commands from a computer startup script, they run under the
security context of the local machine and will succeed. Place the commands
in a batch file, create the computer startup script policy and click the
"Show files" button. Copy the batch file into this directory (which will
ensure it's available on all DCs in the domain) and then use the name of the
batch file as the command in the policy window, leaving the parameters field
blank.

There is also a GPO feature called Restricted Groups. You may also want to
do some testing with that feature, which is much good for removing existing
group membership.

Whatever you do, test, test and test again.

Oli





"tester" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I am looking for a quick way to add an account(local admin) to all pc's in
>my IP range. I can run it as the domain admin. I just took over at a new
>office and want to remove the old local accounts.
>
> So I need to go thru all computers (w2k, 2003, xp) servers and
> workstations, and dump the local accounts, their group membership etc to a
> file, then toss them all. But I want to create my own local backdoor
> admin account just in case on all of them.
>
> I'm not much of a script writer, I've done some research on the web and
> found that the old adduser tool might not work with 2003, then net user is
> supposed to be possible, but I cannot seem to figure out how to run it
> from one station and hit all the others.
>
> anyone have any ideas?
>
> I was thinking using something like this in there
>
> FOR /L %%1 IN (1,1,254) DO ping -a 192.168.0.%%1 -n 1
>
> obviously not a ping, but maybe using adduser or similar unless it really
> does not work with 2003.
>
> TIA.
>
>
>
>

thanks Oli,
but I really don't want to do it from a script that is only going to run on
a reboot or everytime, etc. or only during logon/logoff.
What I want to do is remotely add a user to a server or workstation while
sitting at another workstation. Is that even possible from the command
line?

I am not adverse to trying to write or modify existing vbscript if someone
has a piece or two that I could start with.



"Oli Restorick [MVP]" <(E-Mail Removed)> wrote in message
news:uLWNk8O%(E-Mail Removed)...
> Hi there
>
> Assuming you're using Active Directory and you have your workstations
> beneath a single OU (where you can apply the GPO), you can assign a
> computer startup script to the machines using Group Policy.
>
> The following command will add a user named joe with password "password"
> to the local machine.
>
> net user joe password /add
>
> To add joe to the local administrators group, use the following:
>
> net localgroup administrators joe /add
>
> If you run these commands from a computer startup script, they run under
> the security context of the local machine and will succeed. Place the
> commands in a batch file, create the computer startup script policy and
> click the "Show files" button. Copy the batch file into this directory
> (which will ensure it's available on all DCs in the domain) and then use
> the name of the batch file as the command in the policy window, leaving
> the parameters field blank.
>
> There is also a GPO feature called Restricted Groups. You may also want
> to do some testing with that feature, which is much good for removing
> existing group membership.
>
> Whatever you do, test, test and test again.
>
> Oli
>
>
>
>
>
> "tester" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>>I am looking for a quick way to add an account(local admin) to all pc's in
>>my IP range. I can run it as the domain admin. I just took over at a new
>>office and want to remove the old local accounts.
>>
>> So I need to go thru all computers (w2k, 2003, xp) servers and
>> workstations, and dump the local accounts, their group membership etc to
>> a file, then toss them all. But I want to create my own local backdoor
>> admin account just in case on all of them.
>>
>> I'm not much of a script writer, I've done some research on the web and
>> found that the old adduser tool might not work with 2003, then net user
>> is supposed to be possible, but I cannot seem to figure out how to run it
>> from one station and hit all the others.
>>
>> anyone have any ideas?
>>
>> I was thinking using something like this in there
>>
>> FOR /L %%1 IN (1,1,254) DO ping -a 192.168.0.%%1 -n 1
>>
>> obviously not a ping, but maybe using adduser or similar unless it really
>> does not work with 2003.
>>
>> TIA.
>>
>>
>>
>>
>
>

tester wrote:

> I am looking for a quick way to add an account(local admin) to all pc's in
> my IP range. I can run it as the domain admin. I just took over at a new
> office and want to remove the old local accounts.
>
> So I need to go thru all computers (w2k, 2003, xp) servers and workstations,
> and dump the local accounts, their group membership etc to a file, then toss
> them all. But I want to create my own local backdoor admin account just in
> case on all of them.
Hi

Why not just use the builtin Administrator account as the local
backdoor admin account?

Just run a script that sets the builtin administrator account name to
a set name ("Administrator" or something else if you want), and resets
the password as well. This way you will have full control over the name
and password of the builtin Administrator account.

You could do it in a computer startup script (with a GPO) that runs
as part of the boot up process (before the user logs in). It runs
under the system context and has admin rights.

This way the user name/password will be set at every computer startup.

To avoid users being able to read the script where the password is
stored, grant read access only for the AD group "Domain Computers"
to the script file.

This VBScript should do the job:


'--------------------8<----------------------
'
' Description: Script that renames the builtin administrator
' account to the name set in the variable sNewUser, as well
' as setting the password set in the variable sNewPassword
'
' Should also work against a remote domain computer as long
' as user running the script have administrator rights on it.
' (you just need to adjust the sComputerName definition)
'

' new user name to be given if name is not the same already
sNewUser = "Administrator"

' password to be set on the account
sNewPassword = "testpassword"

Set oWshNet = CreateObject("WScript.Network")

' get computer name for local computer
sComputerName = oWshNet.ComputerName
' If you want to run the script against a remote computer,
' disable the line above and enable the line below
'sComputerName = "SomeComputer"

' obtain current administrator name regardless of name
sOldUser = GetAdministratorName(sComputerName)

' Turn off internal error handling
On Error Resume Next

' connect to user object
Set oUser = GetObject("WinNT://" & sComputerName & "/" _
& sOldUser & ",user")

oUser.SetPassword sNewPassword
oUser.SetInfo

If sNewUser <> sOldUser Then
Set oComputer = GetObject("WinNT://" & sComputerName)

' rename user
Set oNewUser = oComputer.MoveHere(oUser.ADsPath, sNewUser)
End If

On Error Goto 0


Function GetAdministratorName(sComputerName)
Dim sUserSID, oWshNetwork, oUserAccount

Set oUserAccounts = GetObject( _
"winmgmts:{impersonationLevel=impersonate}!//" _
& sComputerName & "/root/cimv2").ExecQuery( _
"Select Name, SID from Win32_UserAccount WHERE Domain = '" _
& sComputerName & "'")

On Error Resume Next
For Each oUserAccount In oUserAccounts
If Left(oUserAccount.SID, 9) = "S-1-5-21-" And _
Right(oUserAccount.SID, 4) = "-500" Then
GetAdministratorName = oUserAccount.Name
Exit For
End if
Next
End Function

'--------------------8<----------------------




--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scr...r/default.mspx

On Wed, 12 Jan 2005 14:18:11 -0700, "tester" <(E-Mail Removed)> wrote:

>I am looking for a quick way to add an account(local admin) to all pc's in
>my IP range. I can run it as the domain admin. I just took over at a new
>office and want to remove the old local accounts.
>
>So I need to go thru all computers (w2k, 2003, xp) servers and workstations,
>and dump the local accounts, their group membership etc to a file, then toss
>them all. But I want to create my own local backdoor admin account just in
>case on all of them.
>
>I'm not much of a script writer, I've done some research on the web and
>found that the old adduser tool might not work with 2003, then net user is
>supposed to be possible, but I cannot seem to figure out how to run it from
>one station and hit all the others.
>
>anyone have any ideas?
>
>I was thinking using something like this in there
>
>FOR /L %%1 IN (1,1,254) DO ping -a 192.168.0.%%1 -n 1
>
>obviously not a ping, but maybe using adduser or similar unless it really
>does not work with 2003.
>
>TIA.
>
>
>
I would use PsExec, tip 4141 in the 'Tips & Tricks' at http://www.jsiinc.com to run
remotely.

I would use the adduser W2K Resource Kit tool to dump the users and groups on each computer.
net user and net localgroup can be used to add your back door.

To enumerate the computers, what is wrong with:

for /f "Tokens=*" %%a in ('net view^|FIND "\\"') do (
set computer=%%a
call :doit
)
goto :EOF
:doit
....
....


Jerold Schulman
Windows Server MVP
JSI, Inc.
http://www.jsiinc.com

PERFECT!!!!!!

thanks!

"Jerold Schulman" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On Wed, 12 Jan 2005 14:18:11 -0700, "tester" <(E-Mail Removed)> wrote:
>
>>I am looking for a quick way to add an account(local admin) to all pc's in
>>my IP range. I can run it as the domain admin. I just took over at a new
>>office and want to remove the old local accounts.
>>
>>So I need to go thru all computers (w2k, 2003, xp) servers and
>>workstations,
>>and dump the local accounts, their group membership etc to a file, then
>>toss
>>them all. But I want to create my own local backdoor admin account just
>>in
>>case on all of them.
>>
>>I'm not much of a script writer, I've done some research on the web and
>>found that the old adduser tool might not work with 2003, then net user is
>>supposed to be possible, but I cannot seem to figure out how to run it
>>from
>>one station and hit all the others.
>>
>>anyone have any ideas?
>>
>>I was thinking using something like this in there
>>
>>FOR /L %%1 IN (1,1,254) DO ping -a 192.168.0.%%1 -n 1
>>
>>obviously not a ping, but maybe using adduser or similar unless it really
>>does not work with 2003.
>>
>>TIA.
>>
>>
>>
> I would use PsExec, tip 4141 in the 'Tips & Tricks' at
> http://www.jsiinc.com to run
> remotely.
>
> I would use the adduser W2K Resource Kit tool to dump the users and groups
> on each computer.
> net user and net localgroup can be used to add your back door.
>
> To enumerate the computers, what is wrong with:
>
> for /f "Tokens=*" %%a in ('net view^|FIND "\\"') do (
> set computer=%%a
> call :doit
> )
> goto :EOF
> :doit
> ...
> ...
>
>
> Jerold Schulman
> Windows Server MVP
> JSI, Inc.
> http://www.jsiinc.com