Add user to local security group in Win7
in [VbScript]
|
From: D.P. Roberts on 2 Mar 2010 16:32 The following code works fine in Windows XP to add a user to a local group. It will work on the machine I'm logged on to, and it will also work on remote machines (as a domain admin, I have permissions to modify local groups on all domain machines): strDomain = "enter domain name here" strComputer = "enter computer name here" strGroup = "enter local group here" strUser = "enter username here" ' Get group object Set objGroup = GetObject("WinNT://" & strComputer & "/" & strGroup & ",group") ' Get user object Set objUser = GetObject("WinNT://" & strDomain & "/" & strUser & ",user") ' Add user to group objGroup.Add(objUser.ADsPath) HOWEVER, the results are different in Windows 7. The code above works fine in Windows 7 if I am running it to modify a group on a remote machine, but it fails with an "Access Denied" error if I run it to modify a group on the computer I'm currently logged on to (even though I have admin rights). The only way I've been able to get it to run on a Windows 7 machine I'm logged onto is by turning off UAC. But strangely it works fine when I run it on a remote Windows 7 machine, even if that remote machine has UAC on. So here is the million dollar question: Is there a way the script can "bypass" UAC so it will run without having to turn off UAC permanently? Thanks, and I'm sorry but I actually don't have a million dollars for the answer!
From: LikeToCode on 2 Mar 2010 18:37 You answered this post with your “Shell.Execute question” post. If you execute the below script with the method you have posted in the "Shell.Execute question" post and enter your admin credentials again you will not get "Access Denied" errors.
From: D.P. Roberts on 3 Mar 2010 10:15 The ShellExecute post is more of a workaround as I would still prefer a way to make it work without getting UAC involved. However, if the ShellExecute is the only way to do this I can live with that. But I'd still like to know if the "runas" username can be inserted as a parameter in the script so the user doesn't have to type the username every time. Thanks... "LikeToCode" <LikeToCode(a)discussions.microsoft.com> wrote in message news:6EF61FCE-B616-4C81-9CD8-AC1D00F29E26(a)microsoft.com... > You answered this post with your “Shell.Execute question” post. If you > execute the below script with the method you have posted in the > "Shell.Execute question" post and enter your admin credentials again you > will > not get "Access Denied" errors. >
|
Pages: 1 Prev: Error 800a03ea on winserver 2008? Next: ShellExecute question |