[THIN] Re: OT : workstation local admins
- From: "Paul DeHaan" <wppad@xxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Fri, 11 Jul 2003 08:42:45 -0400
I like that script...nice and clean. Good post.
>>> lnail@xxxxxx 07/10/03 11:27PM >>>
I wrote the script below & set it up as a LOGON script in the GPO. It
adds whatever admins I want and leaves the existing groups there. The
additional benefit is that if Joe decides to remove those admins, they
just get put back in at the next login.
------------------------
option Explicit
Dim objGroup
Dim strComputer
On Error Resume Next
' Variables that might need to be changed
strComputer = "." ' Computer is Local
'Create Objects
Set objGroup = GetObject("WinNT://" & strComputer &
"/Administrators,group")
' Modify group memberships
objGroup.add("WinNT://DOMAIN/CHD,group")
objGroup.add("WinNT://DOMAIN/Deskside,group")
objGroup.add("WinNT://DOMAIN/ITSEC,group")
Set objGroup = Nothing
-----Original Message-----
From: Paul DeHaan [mailto:wppad@xxxxxxxxx]
Sent: Thursday, July 10, 2003 2:41 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: OT : workstation local admins
Where is the option "Only these users?" I haven't implemented this
feature yet, because I couldn't figure out how to merge the local
admins
group by using this policy. What happens for me is this... if Joe is
a
local admin of Workstation A, and I want to make sure that OUAdmins is
also a local admin, I can add OUAdmins to this policy. The problem is
this will remove Joe from the local admins group unless you put him in
the GPO also. If you do that, he now has local admin privs to every
workstation in the OU.
Can you change the way that this works in AD? ADSI Scripting is the
only way I've been able to append accomplish this.
Regards
Paul DeHaan CCNA, CCA...
Network Administrator
J.M. Huber Corp.
------------>
"The information transmitted is intended only for the person or entity
to which it is addressed and may contain confidential, proprietary,
and/or privileged material. Any review, retransmission, dissemination
or other use of, or taking of any action in reliance upon, this
information by persons or entities other than the intended recipient
is
prohibited. If you received this in error, please contact the sender
and delete the material from all computers."
>>> lynch00@xxxxxxx 07/10/03 12:53PM >>>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Are you running AD? If so, then set a Group Membership Restriction
configuration. You can add specific users/groups to local groups that
match on the local workstation/server that the GPO applies to. Do
remember that if you set the option "Only these users" then make sure
you also specify the Domain Admins group is a member of the local
Administrators group as well.
Chris
________________________________
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Lucas Boyken
Sent: Thursday, July 10, 2003 9:41 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: OT : workstation local admins
John,
I know I said I wouldn't talk any more...but, that didn't last too
long.
Try looking on Technet under the SMS section. I know that there is a
way to do what you ask, as simple .reg file, I believe, and once it is
run via SMS or similar type program, it sets the local Admin. If the
users exist on the domain, I'm pretty sure that you can use this same
tactic to get similar results for any user to add them into the LA.
Sorry I don't remember the exact string or context, however, I do
remember doing it during an SMS implementation.
Hope this helps some...
Luke
Lucas W. Boyken
Computer Systems Associates
Account Manager / Technical Representative
lboyken@xxxxxxxxx
Company Phone: 800.222.7601
Office Phone: 515.332.2751
Fax: 515.332.5687
-----Original Message-----
From: John Knightly [mailto:jknightly@xxxxxxxxxxxxxxxxxx]
Sent: Thursday, July 10, 2003 11:31 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] OT : workstation local admins
I had hoped that their was a group policy setting to make a
user
or group local administrators on thier workstations, however I don't
see
this. Is anyone aware of a script or program that can can automate the
process of making users local admins?
Thanks!
John Knightly
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
Comment: Public PGP key for Chris Lynch
iQA/AwUBPw2aIm9fg+xq5T3MEQKyugCgmTRphRe6q45k5mkw3K9M38kBS9MAn1iZ
cydVSZEKcXdYEw756g1XOrkj
=2v8l
-----END PGP SIGNATURE-----
********************************************************
This weeks sponsor - RTOSoft TScale
Complaints about applications response time - DO SOMETHING ABOUT IT!
TScale 2.0 improves applications response time and increases terminal
server capacity. Really get MORE from your existing servers! Free
eval:
http://www.rtosoft.com/enter.asp?id=130
**********************************************************
Useful Thin Client Computing Links are available at:
http://thethin.net/links.cfm
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
********************************************************
This weeks sponsor - RTOSoft TScale
Complaints about applications response time - DO SOMETHING ABOUT IT!
TScale 2.0 improves applications response time and increases terminal
server capacity. Really get MORE from your existing servers! Free
eval:
http://www.rtosoft.com/enter.asp?id=130
**********************************************************
Useful Thin Client Computing Links are available at:
http://thethin.net/links.cfm
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
********************************************************
This weeks sponsor - RTOSoft TScale
Complaints about applications response time - DO SOMETHING ABOUT IT!
TScale 2.0 improves applications response time and increases terminal
server capacity. Really get MORE from your existing servers! Free eval:
http://www.rtosoft.com/enter.asp?id=130
**********************************************************
Useful Thin Client Computing Links are available at:
http://thethin.net/links.cfm
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
Other related posts:
