From: Arsi on
This script works if the user is "Power User" or "Administrator" locally
but if it is a "Domain User" it doesn't. Anyone have a clue what to do?
I want to run it against all my users in domain. Yes I know I could do
this via GPO but I don't want to do that. I would only like to use this
script once so everyone would be Power User in their own computer.

on error resume next
Set objNet = CreateObject("WScript.NetWork")
Dim strComputer
Dim strUser
strComputer = objNet.ComputerName
strUser = objNet.UserName

Set objGroup = GetObject("WinNT://" & strComputer & "/Power Users")
Set objUser = GetObject("WinNT://MyDomain/" &strUser)
objGroup.Add(objUser.ADsPath)
From: Torgeir Bakken (MVP) on
Arsi wrote:

> This script works if the user is "Power User" or "Administrator" locally
> but if it is a "Domain User" it doesn't. Anyone have a clue what to do?
> I want to run it against all my users in domain. Yes I know I could do
> this via GPO but I don't want to do that. I would only like to use this
> script once so everyone would be Power User in their own computer.
>
> on error resume next
> Set objNet = CreateObject("WScript.NetWork")
> Dim strComputer
> Dim strUser
> strComputer = objNet.ComputerName
> strUser = objNet.UserName
>
> Set objGroup = GetObject("WinNT://" & strComputer & "/Power Users")
> Set objUser = GetObject("WinNT://MyDomain/" &strUser)
> objGroup.Add(objUser.ADsPath)
Hi

As the current user account only have ordinary user rights, the
script will not be able to add the account to a group.

You could do it in a computer startup script (with a GPO) that runs
as part of the boot up process (before the user logs in). It runs
under the system context and has admin rights.


--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.mspx
From: Al Dunbar [MS-MVP] on

"Torgeir Bakken (MVP)" <Torgeir.Bakken-spam(a)hydro.com> wrote in message
news:eo6b93WDFHA.560(a)TK2MSFTNGP15.phx.gbl...
> Arsi wrote:
>
> > This script works if the user is "Power User" or "Administrator" locally
> > but if it is a "Domain User" it doesn't. Anyone have a clue what to do?
> > I want to run it against all my users in domain. Yes I know I could do
> > this via GPO but I don't want to do that. I would only like to use this
> > script once so everyone would be Power User in their own computer.
> >
> > on error resume next
> > Set objNet = CreateObject("WScript.NetWork")
> > Dim strComputer
> > Dim strUser
> > strComputer = objNet.ComputerName
> > strUser = objNet.UserName
> >
> > Set objGroup = GetObject("WinNT://" & strComputer & "/Power Users")
> > Set objUser = GetObject("WinNT://MyDomain/" &strUser)
> > objGroup.Add(objUser.ADsPath)
> Hi
>
> As the current user account only have ordinary user rights, the
> script will not be able to add the account to a group.
>
> You could do it in a computer startup script (with a GPO) that runs
> as part of the boot up process (before the user logs in). It runs
> under the system context and has admin rights.

Or you could run a remote script against the workstations to do this from an
admin workstation. Since you seem to want ANY user who can logon to be a
power user, perhaps the easiest would be to add some global group that all
users are a member of, instead of adding individual domain accounts. I would
suggest using the "authenticated users" group.

/Al


From: Torgeir Bakken (MVP) on
Al Dunbar [MS-MVP] wrote:

> "Torgeir Bakken (MVP)" <Torgeir.Bakken-spam(a)hydro.com> wrote:
>
>> As the current user account only have ordinary user rights, the
>> script will not be able to add the account to a group.
>>
>> You could do it in a computer startup script (with a GPO) that runs
>> as part of the boot up process (before the user logs in). It runs
>> under the system context and has admin rights.
>
>
> Or you could run a remote script against the workstations to do this from an
> admin workstation. Since you seem to want ANY user who can logon to be a
> power user, perhaps the easiest would be to add some global group that all
> users are a member of, instead of adding individual domain accounts.

Agreed.


> I would suggest using the "authenticated users" group.

Or the builtin "NT Authority\Interactive"



--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.mspx
From: Arsi on
Torgeir Bakken (MVP) wrote:

>
> Hi
>
> As the current user account only have ordinary user rights, the
> script will not be able to add the account to a group.
>
> You could do it in a computer startup script (with a GPO) that runs
> as part of the boot up process (before the user logs in). It runs
> under the system context and has admin rights.
>
>

This works, thanks.

Now I tried to restrict this more so that everyone would not be local
"Power User" in the domains every computer. So I figured out that what
about reading the information from a file and then adding certain users
only to their own computers. I mean that we have a machine database
where we could export our user / machine information and use it to make
everyone local "Power User" of their own computer.

So I tried this script. It works fine if there's only 1 line of text.
When you have multiple users / computers in the text file then it only
reads the last line of the text file =/

How could I accomplish this so that I could only read the line that
concerns the current user/machine (strUser = objNet.UserName and
strComputer = objNet.ComputerName)? Am I thinking this the wrong way,
could there be an easier solution to do this?

Hmm... if this "thing" can be done will it work if the user has multiple
computers, like Desktop and Laptop?


beginning of the script
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Set objNet = CreateObject("WScript.NetWork")
Dim strComputer
Dim strUser
strComputer = objNet.ComputerName
strUser = objNet.UserName

Const ForReading = 1
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile ("C:\Test.txt", ForReading)
Do Until objTextFile.AtEndOfStream
strNextLine = objTextFile.Readline
arrServiceList = Split(strNextLine , ",")
For i = 1 to Ubound(arrServiceList)
Next
Loop

if strUser = arrServiceList(0) and strComputer = arrServiceList(1) then

Set objGroup = GetObject("WinNT://" & strComputer & "/Power Users")
Set objUser = GetObject("WinNT://MyDomain/" &strUser)
objGroup.Add(objUser.ADsPath)

end if
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
end of the script


Test.txt
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
user1,computer1
user2,computer2
user3,computer3
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
 |  Next  |  Last
Pages: 1 2 3
Prev: GetDetailsOf
Next: ERROR_ACCESS_DENIED5 (00000005)