Mr.Anonoymous said:
Is it possible using policies or scripts to add specific user
accounts to each client machine? For instance on our windows
2000 clients we add a specific domain administrator account to
the local administrators group of those machines to gain access
to those systems using this account for stuff like patch
management, vulnerbility scanning, etc. We have about 500 machines,
and probaly about 150-200 dont have this domain account added to the
local administrators group of those clients. I dont want to visit
each machine, so im hoping through policies or a script there is a
way to add this account to all clients.
Hi
You could do it in a computer startup script (with a GPO) that runs
as part of the boot up process (before the user logs in). It runs
under the system context and has admin rights.
Here is a vbscript for you:
'--------------------8<----------------------
Set oWshNet = CreateObject("WScript.Network")
sUser = "fill in some some user name here"
sNetBIOSDomain = oWshNet.UserDomain
sComputer = oWshNet.ComputerName
Set oGroup = GetObject("WinNT://" & sComputer & "/Administrators,group")
Set oUser = GetObject("WinNT://" & sNetBIOSDomain & "/" & sUser & ",user")
' suppress errors in case the user is already a member
On Error Resume Next
oGroup.Add(oUser.ADsPath)
On Error Goto 0
'--------------------8<----------------------
It will try to add the user name in the variable "sUser"
to the "Administrators" group every time the computer boots
up. If the user already exists, the error is suppressed.
If the computers are in another domain than the user you
want to add, you will need to hard code the domain name
the user belongs to in the variable "sNetBIOSDomain".
WSH 5.6 documentation (local help file) can be downloaded from here
if you haven't got it already:
http://msdn.microsoft.com/downloads/list/webdev.asp