I've had to do this a couple of times, but chose a different solution for most
of my customers, since they didn't really want to download and execute another
tool when running a startup script on their computers.
While resolving the SID is certainly the most exact solution, my approach has
worked reliably in the past - but you don't get around knowing the group names
on your clients: basically the script uses an array of potential administrator
group names to be found on clients, then works through them. You'll supply the
most appropriate for the region up front in the list.
I've included the appropriate bits of the VB script below. And as most
customers have deployed a naming convention for their computers that relates in
one way or another to the location which is to manage the client, the script
derives the name of the group to add to the local admin group from the
computername (e.g. for client called LGER0815001 => group to add would be
ADM_GER0815_AdminClient)
let me know if you want the whole script.
/Guido
'set list of potential names for local administrator group
sLocalAdminGroupNames = "Administratoren,Administrators,Administrateurs"
arrLocalAdminGroupNames = Split(sLocalAdminGroupNames,",")
'get computername and check AdminClient groupname to use
Set oNet = CreateObject("WScript.Network")
sCurCompName = oNet.ComputerName
If bVerbose Then Log("CurrentComputer: " & sCurCompName)
sCurCompHomeSite = Mid(sCurCompName,2,7)
If bVerbose Then Log("HomeSite: " & sCurCompHomeSite)
'create appropriate group-name
sGroupMemberLocation = "ADM_"& sCurCompHomeSite & "_AdminClient"
Log("AdminClient group for Location: " & sDomainName &"\"&
sGroupMemberLocation)
'adding group to local administrator group
For R = 0 To UBound(arrLocalAdminGroupNames)
sLocalAdminGroupName = arrLocalAdminGroupNames(R)
On Error Resume Next
Set oAdminGroup = GetObject("WinNT://"& sCurCompName
&"/"&sLocalAdminGroupName)
If not(lcase(oAdminGroup.name) = lcase(sLocalAdminGroupName)) Then
'wrong groupname
bFoundAdminGroup = False
If bVerbose Then Log(" can't find " & sLocalAdminGroupName)
Else
'continue with adding group
bFoundAdminGroup = True
If bVerbose Then Log(" found " & sLocalAdminGroupName)
'adding domain-groupmember to local group on client
Log("adding '"&sDomainName&"\"&sGroupMemberLocation&"' to local
admin group")
oAdminGroup.Add "WinNT://"& sDomainName &"/"&
sGroupMemberLocation &""
CheckError
Exit For
End If
Next 'Loop through list of admin groupnames
If Not bFoundAdminGroup Then Log("can't find a matching name for local
Admingroup...")
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Freddy HARTONO
Sent: Montag, 10. Oktober 2005 10:08
To: 'ActiveDir@mail.activedir.org'
Subject: RE: [ActiveDir] Adding local admin rights to non english native o s?
Thanks for the replies guys
Joe, converting the administrator wellknown sid to user seems like a great
idea - but then involves copying the .exe into the local machines first and
executing it?
Havent work out how to do it without copying the sid converter program...if
so would have to copy it from the netlogon? For some reason I've done like
below but just aint working out :( perhaps some variables like set L is not
avail yet on startup?
for /F "tokens=2 delims==" %%i IN ('set l') do set gpodcname=%%i
if not exist %systemroot%\system32\sid2user.exe copy
\\%gpodcname%\netlogon\sid2user.exe %systemroot%\system32\sid2user.exe
for /F "tokens=3" %%i IN ('sid2user 5 32 544 ^|qgrep Name') do set
gpoadminvar=%%i
net localgroup %gpoadminvar% /add "domain\OUAdmins"
Thank you and have a splendid day!
Kind Regards,
Freddy Hartono
Group Support Engineer
InternationalSOS Pte Ltd
mail: [EMAIL PROTECTED]
phone: (+65) 6330-9740 - temp
-----Original Message-----
From: Brian Desmond [mailto:[EMAIL PROTECTED]
Sent: Saturday, October 08, 2005 9:17 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Adding local admin rights to non english native os?
In 9 years of Spanish, I didn't learn Administrator in Spanish.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Friday, October 07, 2005 9:02 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Adding local admin rights to non english native os?
Better make that "Powerum Tripum Maximum" or else Laura might get on your
about only representing the masculine gender. :o)
I knew 3 years of Latin would eventually come in useful. ;o)
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia
Sent: Friday, October 07, 2005 5:54 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Adding local admin rights to non english native os?
"Powerus Tripus Maximus" ?
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ed Crowley [MVP]
Sent: Friday, October 07, 2005 2:03 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Adding local admin rights to non english native os?
What is "Administrators" in Latin?
Ed Crowley MCSE+Internet MVP
Freelance E-Mail Philosopher
Protecting the world from PSTs and Bricked Backups!(tm)
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, October 07, 2005 11:29 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Adding local admin rights to non english native os?
This is when your high school language classes come in handy. You will need
to know what "administrators" translates to in the target language. For
example, in German, it's "administratoren", so your code will look like
this:
net localgroup administratoren blah blah blah
HTH
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
________________________________
From: [EMAIL PROTECTED] on behalf of Freddy HARTONO
Sent: Fri 10/7/2005 8:51 AM
To: 'activedir@mail.activedir.org'
Subject: [ActiveDir] Adding local admin rights to non english native os?
Hi all,
Usually net localgroup administrators xxx /add would work fine on computer
startup gpo - but how about on non english native oses? Would this work as
well?
Thank you and have a splendid day!
Kind Regards,
Freddy Hartono
Group Support Engineer
InternationalSOS Pte Ltd
mail: [EMAIL PROTECTED]
phone: (+65) 6330-9740 - temp
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
