Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to make domain User LOCAL ADMIN????

Status
Not open for further replies.
fasolaomotomilola

fasolaomotomilola

MIS
Oct 23, 2007
25
NG
Hi All,

How can I configure GROUP POLICY to make domain users local administrator on their system.

Thank you.
 
Sort by date Sort by votes
Well I have a script that adds their domain user account but in order to do this I had to make the group of users I wanted to add to the domain admins group since this is the only group that gets prepopulated to the machines. I added them to the group for the 20 minutes it would take for them to show up and start their machines, ran the script in the background, removed their accounts...

Not the most amazing security ever for those 20 minutes but security through obscurity worked for my situation. Let me know if you want the script I used.

Cory
 
Upvote 0 Downvote
I cant take credit for it but here it is..


Set objWshNet = CreateObject("WScript.Network")

' // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
' // Configure basic script variables

strDomain = objWshNet.UserDomain
strComputer = objWshNet.ComputerName
Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators,group")


' // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
' // Configure to add a domain user to the Local Administrators Group


strUser = objWshNet.UserName
Set objUser = GetObject("WinNT://" & strDomain & "/" & strUser & ",user")


' // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
' // Configure to add a domain group to the Local Administrators Group

'strUser = "domaingrouphere'
'Set objUser = GetObject("WinNT://" & strDomain & "/" & strUser & ",group")


' // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
' // We actually add the user or group here, if not already a member of the local
' // Administrators group:

If Not objGroup.IsMember(objUser.ADsPath) Then
objGroup.Add(objUser.ADsPath)
End If


Cory
 
Upvote 0 Downvote
Thank you bros,

I dont know scripting.

Kindly show me what to modify and how to apply it???

Thank you.
 
Upvote 0 Downvote
Well for this one, as long as the particular users are part of the domain admins group, simply running this on the client machine will add the logged in domain user account to the local admins group. Nothing comes up so you would need to verify that it worked, but that was kind of the point. What I did was just put the group of each set of users I needed at the time into the domain admins group for the limited amount of time, then immedialetly got rid of them after I was sure that this ran...

Remember in any real scenario this is a huge, gaping, security hole.

Cory
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
137
ADB100
ADB100
tscstl
  • Locked
  • Question
access to local folder
Replies
1
Views
124
hairlessupportmonkey
hairlessupportmonkey
goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
374
goombawaho
goombawaho
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
276
DrB0b
DrB0b
goombawaho
  • Locked
  • Question
Microsoft Azure Active Directory - Backup Admin Account 1
Replies
2
Views
335
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top