Re: [ActiveDir] Create Local Account via GPO?
Harding, Devon wrote: How can I create a local user on all my XP workstation using GPOs? You want to create local user or You want to add some users to local group? If You want to create local user the only way I can figure out will be to place some startup script in GPO which will create this account -- Tomasz Onyszko [MVP] [EMAIL PROTECTED] http://www.w2k.pl List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Create Local Account via GPO?
You can do it in a startup script which is fired when a machine is booted. If your users have high enough privs on the machines you could do it in a logon script. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harding, Devon Sent: Tuesday, February 15, 2005 9:16 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Create Local Account via GPO? How can I create a local user on all my XP workstation using GPOs? Devon Harding Windows Systems Engineer Southern Wine Spirits - GSD 954-602-2469 - __ This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use or distribution of the information included in the message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank You. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Create Local Account via GPO?
Za Vue wrote: If the account is the same on all workstations than I rather use a short batch or VB script. Yes, but you have to ensure that at the time when You will run this script or batch all workstations will be powered on - using startup script You can do it asynchronously -- Tomasz Onyszko [MVP] [EMAIL PROTECTED] http://www.w2k.pl List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Create Local Account via GPO?
Or...download and use Hyena. It is free for 30 days. Just select all the computers at once, they have to be on, and create an account and assign it to whatever group(s). You can even set and reset passwords. -Z.V. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harding, Devon Sent: Tuesday, February 15, 2005 9:16 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Create Local Account via GPO? How can I create a local user on all my XP workstation using GPOs? Devon Harding Windows Systems Engineer Southern Wine Spirits - GSD 954-602-2469 - __ This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use or distribution of the information included in the message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank You. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Create Local Account via GPO?
A script is fine. Where can I find an example of one? Also, I wan't it to terminate if the user already exists. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Tuesday, February 15, 2005 9:26 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Create Local Account via GPO? You can do it in a startup script which is fired when a machine is booted. If your users have high enough privs on the machines you could do it in a logon script. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harding, Devon Sent: Tuesday, February 15, 2005 9:16 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Create Local Account via GPO? How can I create a local user on all my XP workstation using GPOs? Devon Harding Windows Systems Engineer Southern Wine Spirits - GSD 954-602-2469 - __ This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use or distribution of the information included in the message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank You. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Create Local Account via GPO?
Harding, Devon wrote: A script is fine. Where can I find an example of one? Also, I wan't it to terminate if the user already exists. Go to Technet Script Center site, http://www.microsoft.com/technet/scriptcenter/default.mspx Download scriptomatic and start to play :) -- Tomasz Onyszko [MVP] [EMAIL PROTECTED] http://www.w2k.pl List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Create Local Account via GPO?
Hi, You could create a script that uses some list with computers, pings those computer and creates a local user account with ADDUSERS.EXE (and if needed in combination with CUSRMGR) or create a Vbscript that checks if the computer is up and creates the account if it does not exist yet Cheers jorge -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harding, Devon Sent: dinsdag 15 februari 2005 15:16 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Create Local Account via GPO? How can I create a local user on all my XP workstation using GPOs? Devon Harding Windows Systems Engineer Southern Wine Spirits - GSD 954-602-2469 - __ This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use or distribution of the information included in the message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank You. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Create Local Account via GPO?
Hi All You could add the following line into a startup script - that would apply to every computer in the OU. net user accountname accountpassword /add This line will add that user to the local admin group net localgroup Administrators /add accountname Randy Barger wrote a nice script called changepwdservers.vbs that will then reset the password on all the local machines once the user is created so it does not end up being easily found in the script itself. Regards; James R. Day Active Directory Core Team Office of the Chief Information Officer National Park Service (202) 354-1464 (direct) (202) 371-1549 (fax) [EMAIL PROTECTED] |-+-- | | Jorge de Almeida Pinto | | | [EMAIL PROTECTED]| | | icacmg.com| | | Sent by: | | | [EMAIL PROTECTED]| | | dir.org| | | | | | | | | 02/15/2005 04:32 PM CET| | | Please respond to ActiveDir| |-+-- --| | | | To: ActiveDir@mail.activedir.org | | cc: (bcc: James Day/Contractor/NPS) | | Subject: RE: [ActiveDir] Create Local Account via GPO? | --| Hi, You could create a script that uses some list with computers, pings those computer and creates a local user account with ADDUSERS.EXE (and if needed in combination with CUSRMGR) or create a Vbscript that checks if the computer is up and creates the account if it does not exist yet Cheers jorge -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harding, Devon Sent: dinsdag 15 februari 2005 15:16 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Create Local Account via GPO? How can I create a local user on all my XP workstation using GPOs? Devon Harding Windows Systems Engineer Southern Wine Spirits - GSD 954-602-2469 - __ This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use or distribution of the information included in the message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank You. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Create Local Account via GPO?
The following script is an example of adding and removing a domain account (we use a domain group but you can work with individual users) to/from a local account on a domain member computer. Apply the script to the machine startup. 'adds DOMAIN GROUP to local admin group and removes it from power users group on error resume Next Dim DomainName Dim UserAccount Set net = WScript.CreateObject(WScript.Network) local = net.ComputerName DomainName = DOMAIN NAME HERE UserAccount = DOMAIN GROUP HERE 'removes DOMAIN GROUP Users from local power users group set group = GetObject(WinNT:// local /power users) group.Remove WinNT:// DomainName / UserAccount 'Adds DOMAIN GROUP to loacal administrators group set group = GetObject(WinNT:// local /administrators) group.Add WinNT:// DomainName / UserAccount -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, February 15, 2005 11:25 AM To: ActiveDir@mail.activedir.org Cc: ActiveDir@mail.activedir.org; [EMAIL PROTECTED] Subject: RE: [ActiveDir] Create Local Account via GPO? Hi All You could add the following line into a startup script - that would apply to every computer in the OU. net user accountname accountpassword /add This line will add that user to the local admin group net localgroup Administrators /add accountname Randy Barger wrote a nice script called changepwdservers.vbs that will then reset the password on all the local machines once the user is created so it does not end up being easily found in the script itself. Regards; James R. Day Active Directory Core Team Office of the Chief Information Officer National Park Service (202) 354-1464 (direct) (202) 371-1549 (fax) [EMAIL PROTECTED] |-+-- | | Jorge de Almeida Pinto | | | [EMAIL PROTECTED]| | | icacmg.com| | | Sent by: | | | [EMAIL PROTECTED]| | | dir.org| | | | | | | | | 02/15/2005 04:32 PM CET| | | Please respond to ActiveDir| |-+-- --- ---| | | | To: ActiveDir@mail.activedir.org | | cc: (bcc: James Day/Contractor/NPS) | | Subject: RE: [ActiveDir] Create Local Account via GPO? | --- ---| Hi, You could create a script that uses some list with computers, pings those computer and creates a local user account with ADDUSERS.EXE (and if needed in combination with CUSRMGR) or create a Vbscript that checks if the computer is up and creates the account if it does not exist yet Cheers jorge -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harding, Devon Sent: dinsdag 15 februari 2005 15:16 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Create Local Account via GPO? How can I create a local user on all my XP workstation using GPOs? Devon Harding Windows Systems Engineer Southern Wine Spirits - GSD 954-602-2469 - __ This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use or distribution of the information included in the message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank You. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ Confidentiality Notice: The information
RE: [ActiveDir] Create Local Account via GPO?
If I put this in a logon script, would the user logon on need local admin permissions? -Devon -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, February 15, 2005 11:25 AM To: ActiveDir@mail.activedir.org Cc: ActiveDir@mail.activedir.org; [EMAIL PROTECTED] Subject: RE: [ActiveDir] Create Local Account via GPO? Hi All You could add the following line into a startup script - that would apply to every computer in the OU. net user accountname accountpassword /add This line will add that user to the local admin group net localgroup Administrators /add accountname Randy Barger wrote a nice script called changepwdservers.vbs that will then reset the password on all the local machines once the user is created so it does not end up being easily found in the script itself. Regards; James R. Day Active Directory Core Team Office of the Chief Information Officer National Park Service (202) 354-1464 (direct) (202) 371-1549 (fax) [EMAIL PROTECTED] |-+-- | | Jorge de Almeida Pinto | | | [EMAIL PROTECTED]| | | icacmg.com| | | Sent by: | | | [EMAIL PROTECTED]| | | dir.org| | | | | | | | | 02/15/2005 04:32 PM CET| | | Please respond to ActiveDir| |-+-- --- ---| | | | To: ActiveDir@mail.activedir.org | | cc: (bcc: James Day/Contractor/NPS) | | Subject: RE: [ActiveDir] Create Local Account via GPO? | --- ---| Hi, You could create a script that uses some list with computers, pings those computer and creates a local user account with ADDUSERS.EXE (and if needed in combination with CUSRMGR) or create a Vbscript that checks if the computer is up and creates the account if it does not exist yet Cheers jorge -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harding, Devon Sent: dinsdag 15 februari 2005 15:16 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Create Local Account via GPO? How can I create a local user on all my XP workstation using GPOs? Devon Harding Windows Systems Engineer Southern Wine Spirits - GSD 954-602-2469 - __ This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use or distribution of the information included in the message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank You. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Create Local Account via GPO?
Hi Devon Yes, only an admin or the local system can create other admins. Startup scripts run in the context of local system while logon scripts run in the context of the user logging and will only do what that users rights allows for. Regards; James R. Day Active Directory Core Team Office of the Chief Information Officer National Park Service (202) 354-1464 (direct) (202) 371-1549 (fax) [EMAIL PROTECTED] |-+-- | | Harding, Devon | | | [EMAIL PROTECTED]| | | com | | | Sent by: | | | [EMAIL PROTECTED]| | | tivedir.org| | | | | | | | | 02/15/2005 11:54 AM EST| | | Please respond to | | | ActiveDir | |-+-- --| | | | To: ActiveDir@mail.activedir.org | | cc: [EMAIL PROTECTED], (bcc: James Day/Contractor/NPS) | | Subject: RE: [ActiveDir] Create Local Account via GPO? | --| If I put this in a logon script, would the user logon on need local admin permissions? -Devon -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, February 15, 2005 11:25 AM To: ActiveDir@mail.activedir.org Cc: ActiveDir@mail.activedir.org; [EMAIL PROTECTED] Subject: RE: [ActiveDir] Create Local Account via GPO? Hi All You could add the following line into a startup script - that would apply to every computer in the OU. net user accountname accountpassword /add This line will add that user to the local admin group net localgroup Administrators /add accountname Randy Barger wrote a nice script called changepwdservers.vbs that will then reset the password on all the local machines once the user is created so it does not end up being easily found in the script itself. Regards; James R. Day Active Directory Core Team Office of the Chief Information Officer National Park Service (202) 354-1464 (direct) (202) 371-1549 (fax) [EMAIL PROTECTED] |-+-- | | Jorge de Almeida Pinto | | | [EMAIL PROTECTED]| | | icacmg.com| | | Sent by: | | | [EMAIL PROTECTED]| | | dir.org| | | | | | | | | 02/15/2005 04:32 PM CET| | | Please respond to ActiveDir| |-+-- --- ---| | | | To: ActiveDir@mail.activedir.org | | cc: (bcc: James Day/Contractor/NPS) | | Subject: RE: [ActiveDir] Create Local Account via GPO? | --- ---| Hi, You could create a script that uses some list with computers, pings those computer and creates a local user account with ADDUSERS.EXE (and if needed in combination with CUSRMGR) or create a Vbscript that checks if the computer is up and creates the account if it does not exist yet Cheers jorge -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harding, Devon Sent: dinsdag 15 februari 2005 15:16 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Create Local Account via GPO? How can I create a local user on all my XP workstation using GPOs? Devon Harding Windows Systems Engineer Southern Wine Spirits - GSD 954-602-2469 - __ This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use or distribution of the information included in the message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail
RE: [ActiveDir] Create Local Account via GPO?
Hmm...when I copy my batch file to the startup scripts folder and assign the GPO, it doesn't seems to run. What could be causing this? -Devon -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, February 15, 2005 12:02 PM To: ActiveDir@mail.activedir.org Cc: ActiveDir@mail.activedir.org; [EMAIL PROTECTED] Subject: RE: [ActiveDir] Create Local Account via GPO? Hi Devon Yes, only an admin or the local system can create other admins. Startup scripts run in the context of local system while logon scripts run in the context of the user logging and will only do what that users rights allows for. Regards; James R. Day Active Directory Core Team Office of the Chief Information Officer National Park Service (202) 354-1464 (direct) (202) 371-1549 (fax) [EMAIL PROTECTED] |-+-- | | Harding, Devon | | | [EMAIL PROTECTED]| | | com | | | Sent by: | | | [EMAIL PROTECTED]| | | tivedir.org| | | | | | | | | 02/15/2005 11:54 AM EST| | | Please respond to | | | ActiveDir | |-+-- --- ---| | | | To: ActiveDir@mail.activedir.org | | cc: [EMAIL PROTECTED], (bcc: James Day/Contractor/NPS)| | Subject: RE: [ActiveDir] Create Local Account via GPO? | --- ---| If I put this in a logon script, would the user logon on need local admin permissions? -Devon -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, February 15, 2005 11:25 AM To: ActiveDir@mail.activedir.org Cc: ActiveDir@mail.activedir.org; [EMAIL PROTECTED] Subject: RE: [ActiveDir] Create Local Account via GPO? Hi All You could add the following line into a startup script - that would apply to every computer in the OU. net user accountname accountpassword /add This line will add that user to the local admin group net localgroup Administrators /add accountname Randy Barger wrote a nice script called changepwdservers.vbs that will then reset the password on all the local machines once the user is created so it does not end up being easily found in the script itself. Regards; James R. Day Active Directory Core Team Office of the Chief Information Officer National Park Service (202) 354-1464 (direct) (202) 371-1549 (fax) [EMAIL PROTECTED] |-+-- | | Jorge de Almeida Pinto | | | [EMAIL PROTECTED]| | | icacmg.com| | | Sent by: | | | [EMAIL PROTECTED]| | | dir.org| | | | | | | | | 02/15/2005 04:32 PM CET| | | Please respond to ActiveDir| |-+-- --- ---| | | | To: ActiveDir@mail.activedir.org | | cc: (bcc: James Day/Contractor/NPS) | | Subject: RE: [ActiveDir] Create Local Account via GPO? | --- ---| Hi, You could create a script that uses some list with computers, pings those computer and creates a local user account with ADDUSERS.EXE (and if needed in combination with CUSRMGR) or create a Vbscript that checks if the computer is up and creates the account if it does not exist yet Cheers jorge -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harding, Devon Sent: dinsdag 15 februari 2005 15:16 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Create Local Account via GPO? How can I create a local user on all my XP workstation using GPOs? Devon Harding Windows Systems Engineer Southern Wine Spirits - GSD 954-602-2469 - __ This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use or distribution
