Add global group to local machine Administrators

[RRinTetons]

I've got a script that I turned up at The Scripting Guy site that does this. I just can't get it to run. The script is at

http://blogs.technet.com/b/heyscrip...-group-to-the-local-administrators-group.aspx

and it's short.

strComputer = "atl-ws-01"

Set objAdmins = GetObject("WinNT://" & strComputer & "/Administrators")
Set objGroup = GetObject("WinNT://fabrikam/accounting")

objAdmins.Add(objGroup.ADsPath)

I am pretty much a tyro where PowerShell is concerned (strike 1). I just upgraded my machine to Windows 7 and there's some confusion around what version of PS I'm even using, but $PSVersionTable says:

Name                           Value
----                           -----
CLRVersion                     2.0.50727.4927
BuildVersion                   6.1.7600.16385
PSVersion                      2.0
WSManStackVersion              2.0
PSCompatibleVersions           {1.0, 2.0}
SerializationVersion           1.1.0.1
PSRemotingProtocolVersion      2.1

so I think that's OK now.

I got a couple of PowerShell books (from Safari Books Online) but there may be some command syntax differences between what's there and what I've got. At any rate, when I make a couple of changes appropriate to my environment and try to run that script I get

PS C:\Windows\system32> strComputer = "ob-donner.jhmr.com"
The term 'strComputer' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the
 spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:12
+ strComputer <<<<  = "ob-donner.jhmr.com"
    + CategoryInfo          : ObjectNotFound: (strComputer:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

PS C:\Windows\system32>
PS C:\Windows\system32> Set objAdmins = GetObject("WinNT://" & strComputer & "/Administrators")
Unexpected token '&' in expression or statement.
At line:1 char:39
+ Set objAdmins = GetObject("WinNT://" & <<<<  strComputer & "/Administrators")
    + CategoryInfo          : ParserError: (&:String) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : UnexpectedToken

PS C:\Windows\system32> Set objGroup = GetObject("WinNT://jhmr/Domain Local Admins")
Set-Variable : A positional parameter cannot be found that accepts argument 'GetObject'.
At line:1 char:4
+ Set <<<<  objGroup = GetObject("WinNT://jhmr/Domain Local Admins")
    + CategoryInfo          : InvalidArgument: (:) [Set-Variable], ParameterBindingException
    + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.PowerShell.Commands.SetVariableCommand

all of which looks like I've probably got a basic syntax problem (like declaring a var, or ???), some sort of an install problem, a basic configuration problem or lord knows what other problems. I don't even know enough about PowerShell to read the error messages meaningfully (strike 2).

When all is said and done, I want to pass that script a list of about 250 machine names and have the same group added to each of them. If I can't even get the basic script to run, though, figuring out how to add the parameter and a loop is probably way out of reach!

I'd really like to be able to use that script, but it may be out of reach without a ton of new knowledge and skills to get it to work. I might get it done faster by just logging on to each of the 250 machines remotely and doing it manually! OTOH, it might be a few basic tweaks and off I go.

Anybody got suggestions one way or the other?

-
Richard Ray
Jackson Hole Mountain Resort

 

[RRinTetons]

Never mind. Severe case of duh. Sorry.

Still trying to figure out how to do it with PS, though.

-
Richard Ray
Jackson Hole Mountain Resort

 

[crobin1]

One way would be like this:

$strComputer = "atl-ws-01"

[ADSI]$objAdmins = "WinNT://$strComputer/Administrators"
$objAdmins.Add("WinNT://fabrikam/accounting,group")

This code should work in either PowerShell v1 or v2. If you are running this directly on Windows 7, you'll either need to start PowerShell in Administrator mode (right-click the icon and choose "Run as Administrator") or run it as/be logged on as a domain admin.

 

[RRinTetons]

Thanks. I got something like that figured out and am now able to add the group. Now I want to feed a set of computer names to that code to do it for 250 or so machines. Ideally I'd do a query to our domain controller to get the machine names, but I could do the extraction manually and just send in either a file name or the actual list. Any pointers on that? Since I've got the basic problem solved I can take some time to figure it out, so just a pointer towards the right part of some docco would be great.

-
Richard Ray
Jackson Hole Mountain Resort

 

[crobin1]

With the machine names in a text file, one per line, you could try this:

Get-Content c:\pcs.txt | ForEach-Object {
[ADSI]$objAdmins = "WinNT://$_/Administrators"
$objAdmins.Add("WinNT://fabrikam/accounting,group")
}

 

[RRinTetons]

That looks WAY too easy! Thanks.

Is the '|' a pipe symbol a la unix? i.e. - I'm piping the file content to the ForEach-Object function that calls the code passed with the $_ as the param for each object?



-
Richard Ray
Jackson Hole Mountain Resort

 

[crobin1]

Yes, part of the power of PowerShell (though it is also available to some extent in DOS/CMD) is piping information from one command to another. You can accomplish very complex things just by pipelineing a series of commands together.