60aside Posted October 19, 2009 Share Posted October 19, 2009 Hi Guys, I have the following script to add a user to the local admin group on a remote machine :- $cmd = "net localgroup administrators " & $Domain & "\" & $userid & " /add" $objWMIService = ObjGet("winmgmts:\\" & $badgeid & "\root\cimv2:Win32_Process") $objWMIService.Create($cmd) Which works fine. Problem is, as I support machines in many countries, the "administrators" group could be named :- administradores or Administratorzy or Administrateurs or Amministratori etc... Any ideas about the best way to approach this? The first script works fine just as long as the O/S is English with a MUI applied, but doesn't work if the O/S was built from the native O/S CD. Thanks.. Link to comment Share on other sites More sharing options...
gte Posted October 19, 2009 Share Posted October 19, 2009 Can't you do this with psexec and a bat file?Hi Guys,I have the following script to add a user to the local admin group on a remote machine :-$cmd = "net localgroup administrators " & $Domain & "\" & $userid & " /add"$objWMIService = ObjGet("winmgmts:\\" & $badgeid & "\root\cimv2:Win32_Process")$objWMIService.Create($cmd)Which works fine.Problem is, as I support machines in many countries, the "administrators" group could be named :-administradores or Administratorzy or Administrateurs or Amministratori etc...Any ideas about the best way to approach this? The first script works fine just as long as the O/S is Englishwith a MUI applied, but doesn't work if the O/S was built from the native O/S CD.Thanks.. HP OpenView ServiceCenter keep alive scriptRemote Desktop Login Script Link to comment Share on other sites More sharing options...
omikron48 Posted October 20, 2009 Share Posted October 20, 2009 I'm curious since this is the first time I've seen something like this. How would it be done using psexec and a batch file? Link to comment Share on other sites More sharing options...
gte Posted October 20, 2009 Share Posted October 20, 2009 You could even wrap this into an autoit script, but this should get you started. batchfile1 (run first, with all server names in it, you can also do a find and replace in notepad, for different files in the future) xcopy /y /r c:\files\batchfile2.bat \\servername1\folder xcopy /y /r c:\files\batchfile2.bat \\servername2\folder xcopy /y /r c:\files\batchfile2.bat \\servername3\folder xcopy /y /r c:\files\batchfile2.bat \\servername4\folder xcopy /y /r c:\files\batchfile2.bat \\servername5\folder etc batchfile2 (replace the part in quotes of course) net localgroup administrators "domain\admingroup" /add batchfile3 (run last) psexec \\servername1 -u USERNAME -p PASSWORD -c -batchfile2.bat psexec \\servername2 -u USERNAME -p PASSWORD -c -batchfile2.bat psexec \\servername3 -u USERNAME -p PASSWORD -c -batchfile2.bat psexec \\servername4 -u USERNAME -p PASSWORD -c -batchfile2.bat psexec \\servername5 -u USERNAME -p PASSWORD -c -batchfile2.bat etc I'm curious since this is the first time I've seen something like this. How would it be done using psexec and a batch file? HP OpenView ServiceCenter keep alive scriptRemote Desktop Login Script Link to comment Share on other sites More sharing options...
revertex Posted October 29, 2009 Share Posted October 29, 2009 maybe this should help you, there is no need to use external files or scripts to accomplish. Please bear in mind that i'm kinda new to autoit, surely there is a better way to do it. what this script do: add a user to local admin group "Administradores", (administrator in portuguese); set password to never expire, disable change password; delete user from local users group; hide username from welcome screen; enable remote desktop connection, open windows firewall rule; enable run explorer in a separated process( needed for RunAs); Replace the proper variables to suit your taste. I use this with "deepxw Universal Termsrv.dll" to allow simultaneous login. I'm kinda afraid to post this kind of script here because some people may use it to not so good purposes. #NoTrayIcon ; set username and password here Local $usr = "username" ;User account to be created Local $pwd = "secretpass" ;password you want for this account local $grpdel = "Usuários" ;remove user from local user group Local $grpadd = "Administradores" ;add user to local admin group Local $comment = "Administrador do Sistema" ;add a brief description Local $hideuser = "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" Local $enablerdp = "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" Local $separateprocess = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" ;create a user member of administrator group RunWait('net user ' & $usr & ' ' & $pwd & ' /add /expires:never /passwordchg:no /comment:"' & $comment & '" ', '', @SW_HIDE) RunWait('net localgroup ' & $grpdel& ' ' & $usr & ' /delete', '', @SW_HIDE) RunWait('net localgroup ' & $grpadd & ' ' & $usr & ' /add', '', @SW_HIDE) ; set password to never expire RunWait('wmic path Win32_UserAccount where Name=''' & $usr & ''' set PasswordExpires=false', '', @SW_HIDE) ; hide user account, enable remote desktop and allow firewall rule RunWait('REG ADD %hideuser% /v %usr% /t REG_DWORD /f /d 0', '', @SW_HIDE) RunWait('REG ADD %enablerdp% /v fDenyTSConnections /t REG_DWORD /f /d 0', '', @SW_HIDE) RunWait('REG ADD %separateprocess% /v SeparateProcess /t REG_DWORD /f /d 1', '', @SW_HIDE) RunWait('netsh firewall add portopening TCP 3389 "Terminal Server" enable all', '', @SW_HIDE) MsgBox(262208, "Done", "Administrator user account has been created", "10") Link to comment Share on other sites More sharing options...
99ojo Posted October 29, 2009 Share Posted October 29, 2009 (edited) maybe this should help you, there is no need to use external files or scripts to accomplish. Please bear in mind that i'm kinda new to autoit, surely there is a better way to do it. what this script do: add a user to local admin group "Administradores", (administrator in portuguese); set password to never expire, disable change password; delete user from local users group; hide username from welcome screen; enable remote desktop connection, open windows firewall rule; enable run explorer in a separated process( needed for RunAs); Replace the proper variables to suit your taste. I use this with "deepxw Universal Termsrv.dll" to allow simultaneous login. I'm kinda afraid to post this kind of script here because some people may use it to not so good purposes. #NoTrayIcon ; set username and password here Local $usr = "username" ;User account to be created Local $pwd = "secretpass" ;password you want for this account local $grpdel = "Usuários" ;remove user from local user group Local $grpadd = "Administradores" ;add user to local admin group Local $comment = "Administrador do Sistema" ;add a brief description Local $hideuser = "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" Local $enablerdp = "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" Local $separateprocess = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" ;create a user member of administrator group RunWait('net user ' & $usr & ' ' & $pwd & ' /add /expires:never /passwordchg:no /comment:"' & $comment & '" ', '', @SW_HIDE) RunWait('net localgroup ' & $grpdel& ' ' & $usr & ' /delete', '', @SW_HIDE) RunWait('net localgroup ' & $grpadd & ' ' & $usr & ' /add', '', @SW_HIDE) ; set password to never expire RunWait('wmic path Win32_UserAccount where Name=''' & $usr & ''' set PasswordExpires=false', '', @SW_HIDE) ; hide user account, enable remote desktop and allow firewall rule RunWait('REG ADD %hideuser% /v %usr% /t REG_DWORD /f /d 0', '', @SW_HIDE) RunWait('REG ADD %enablerdp% /v fDenyTSConnections /t REG_DWORD /f /d 0', '', @SW_HIDE) RunWait('REG ADD %separateprocess% /v SeparateProcess /t REG_DWORD /f /d 1', '', @SW_HIDE) RunWait('netsh firewall add portopening TCP 3389 "Terminal Server" enable all', '', @SW_HIDE) MsgBox(262208, "Done", "Administrator user account has been created", "10") Hi, you may use wmi to get the name of local administrator group. expandcollapse popup$remotepc = "localhost" ; change localhost to remote machinename If _getlocaladmgroup ($remotepc) <> 0 Then $admgroup = _getlocaladmgroup ($remotepc) $cmd = "net localgroup " & $admgroup & " " & $Domain & "\" & $userid & " /add" $objWMIService = ObjGet("winmgmts:\\" & $badgeid & "\root\cimv2:Win32_Process") $objWMIService.Create($cmd) Else MsgBox (0,"Error", "Can't query RemotePC or unknown Administrator Group!") EndIf Func _getlocaladmgroup ($strcomputer) $wbemFlagReturnImmediately = 0x10 $wbemFlagForwardOnly = 0x20 $colItems = "" $objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\CIMV2") $colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_Group", "WQL", _ $wbemFlagReturnImmediately + $wbemFlagForwardOnly) If IsObj($colItems) then For $objItem In $colItems Switch $objItem.Name Case "administrators" Return $objItem.Name Case "administradores" Return $objItem.Name Case "administratoren" Return $objItem.Name Case Else ContinueLoop EndSwitch Next Return 0 Else Return 0 Endif EndFunc ;-)) Stefan Edited October 29, 2009 by 99ojo Link to comment Share on other sites More sharing options...
dobbelina Posted April 24, 2010 Share Posted April 24, 2010 Here's how you get the Administrators groupname, no matter what language: $oWMIService = ObjGet("winmgmts:\\" & @ComputerName & "\root\cimv2") $colItems = $oWMIService.ExecQuery("Select * From Win32_Group Where LocalAccount = TRUE And SID = 'S-1-5-32-544'") For $oItem in $colItems ConsoleWrite($oItem.Name ) Next LeoSS and awsnap 2 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now