Skip navigation

JSI Tip 8951. How can I make a domain user a local Administrator of their computer in my domain?

Using PsExec.exe, and a .CSV file that contains "NetBIOS computer name","user SAMID", I have scripted CrtLclAdmin.bat to make a domain user a local Administrator of their computer, while remaining an ordinary user in the domain.

You can create the .CSV file using ComputerUserCSV.bat, or manually, like:

"JSI007","Jennifer"
"JSI009","Jerry"
The syntax for using CrtLclAdmin.bat is:

CrtLclAdmin FileName User Password

Where:

FileName is the .CSV file that contains each computer / user pair.

User     is a domain administrator account, like "JSIINC\Jerry".

Password is the User (domain administrator) password.
CrtLclAdmin.bat contains:
@echo off
if \{%3\}==\{\} @echo Syntax: CrtLclAdmin FileName user password&goto :EOF
if not exist %1 @echo CrtLclAdmin - %1 NOT found.&goto :EOF
setlocal
set file=%1
set execu=%2
set execp=%3
for /f "Tokens=1* Delims=," %%a in (%file%) do (
 call :doit %%a %%b
)
endlocal
goto :EOF
:doit
set comp=%1
set comp=%comp:"=%
set user=%2
set user="%USERDOMAIN%\%user:"=%"
(
@echo @echo off
@echo setlocal
@echo set OK=N
@echo for /f "Tokens=*" ^%%^%%a in ('net localgroup Administrators^^^|find /i %user%'^) do (
@echo set OK=Y
@echo.^)
@echo if "%%OK%%" EQU "Y" goto finish
@echo net localgroup Administrators %user% /ADD
@echo :finish
@echo endlocal
@echo exit
)>"%LOGONSERVER%\NETLOGON\%comp%.bat"
psexec \\%comp% -u %execu% -p %execp% "%LOGONSERVER%\NETLOGON\%comp%.bat"
del /q "%LOGONSERVER%\NETLOGON\%comp%.bat"



Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish