Using PsExec.exe, and a .CSV file that contains "NetBIOS computer name","user SAMID", I have scripted CrtLclAdmin.bat to make a domain user a local Administrator of their computer, while remaining an ordinary user in the domain.
You can create the .CSV file using ComputerUserCSV.bat, or manually, like:
"JSI007","Jennifer" "JSI009","Jerry"The syntax for using CrtLclAdmin.bat is:
CrtLclAdmin FileName User Password
Where:
FileName is the .CSV file that contains each computer / user pair. User is a domain administrator account, like "JSIINC\Jerry". Password is the User (domain administrator) password.CrtLclAdmin.bat contains:
@echo off if \{%3\}==\{\} @echo Syntax: CrtLclAdmin FileName user password&goto :EOF if not exist %1 @echo CrtLclAdmin - %1 NOT found.&goto :EOF setlocal set file=%1 set execu=%2 set execp=%3 for /f "Tokens=1* Delims=," %%a in (%file%) do ( call :doit %%a %%b ) endlocal goto :EOF :doit set comp=%1 set comp=%comp:"=% set user=%2 set user="%USERDOMAIN%\%user:"=%" ( @echo @echo off @echo setlocal @echo set OK=N @echo for /f "Tokens=*" ^%%^%%a in ('net localgroup Administrators^^^|find /i %user%'^) do ( @echo set OK=Y @echo.^) @echo if "%%OK%%" EQU "Y" goto finish @echo net localgroup Administrators %user% /ADD @echo :finish @echo endlocal @echo exit )>"%LOGONSERVER%\NETLOGON\%comp%.bat" psexec \\%comp% -u %execu% -p %execp% "%LOGONSERVER%\NETLOGON\%comp%.bat" del /q "%LOGONSERVER%\NETLOGON\%comp%.bat"
0 comments
Hide comments