Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

add domain group to local admin group

Status
Not open for further replies.
Briandr

Briandr

MIS
Jul 11, 2003
177
US
Hi,

Can someone give this the one over? Not sure what some of you guys use for distribution. Unfortunately we use Kace (opinion on this for different time, different forum) and when this is run as a stand alone vbscript it appears to be just fine. So I am thinking this darn Kace does not have the rights to run this. I can check that. I just want to see if the code could be cleaned up, even though it does appear fine outside of this Kace environment.

set WshShell = WScript.CreateObject("WScript.Shell")
Set wshNetwork = WScript.CreateObject("WScript.Network")
strUserDomain = wshNetwork.UserDomain

If strUserDomain = "ABC" Then
Set objLocalGroup = GetObject("WinNT://./Administrators")
Set objADGroupABC1 = GetObject("WinNT://abc/Tom")
Set objADGroupABC2 = GetObject("WinNT://abc/Jerry")
objLocalGroup.Add(objADGroupABC1.ADsPath)
objLocalGroup.Add(objADGroupABC2.ADsPath)
Set objLocalGroupABC = Nothing
Set objADGroupABC1 = Nothing
Set objADGroupABC2 = Nothing

ElseIf strUserDomain = "_XYZ" Then
Set objLocalGroup = GetObject("WinNT://./Administrators")
Set objADGroup_XYZ = GetObject("WinNT://_XYZ/Tom")
objLocalGroup.Add(objADGroup_XYZ.ADsPath)
Set objLocalGroup = Nothing
Set objADGroup_XYZ = Nothing
End If
 
Sort by date Sort by votes
Did you update this script for the post? I'm not familiar with KACE and been quite a while since I played in vbscript, but you may want to check LDAP approaches as well.
Or this the real code? Cause GetObject("WinNT://./Administrators") the . needs to be parse for differnt names, where '.' is just the local computer, which would explain why that always works and you dont get any errors.
 
Upvote 0 Downvote
Yes, found script online and tweaked it to fit the need. The fact your not familiar with KACE only speaks to the fact it is not a enterprise product. I hope you never have to use it. No offense to the KACE users that love it, but heck Dell themselves use MS SCCM. What does say about the almight KACE?
 
Upvote 0 Downvote
Easiest solution in a domain is to use restricted groups in a GPO. It will push down and replace whatever values are stored in the local admin group and prevent people from adding themselves.

I hope that helps.

Regards,

Mark

Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

bdwilcox
  • Question
Trying to adapt VBScript to search if machine is in an AD group 6
Replies
8
Views
810
SoftwareRT
SoftwareRT
Alexvb6
  • Question
Deprecation of VBScript + Classic ASP: How to Ask Microsoft to cancel their planned craziness
Replies
0
Views
75
Alexvb6
Alexvb6
Brianfree
  • Locked
  • Question
Excel Rows to Column 1
Replies
2
Views
209
Brianfree
Brianfree
Rick_Stanich
  • Locked
  • Question
Save xls file to cvs file 1
Replies
3
Views
195
Rick_Stanich
Rick_Stanich
lunter
  • Locked
  • Question
How to create vbArray+vbByte (8209) in *.vbs stript
Replies
0
Views
158
lunter
lunter

Part and Inventory Search

Sponsor

Back
Top