Ok, I’ll admit it now, I am being lazy, however time is short and the pressure is great so any help is much appreciated
I seek a Fixlet that will check to see whether the currently logged on user is a member of the local Administrators group. If not then taking the action will add that user’s domain account to the local administrators group. Does anyone have any pointers, or indeed a Fixlet that fits the bill that they are prepared to share
Many thanks. Your relevance appears to be reporting correctly, although what is slightly odd (but not a problem) is that we get a value of “1” rather than “” for machines which haven’t yet checked in. If you have the command line method for adding a user then it would be very much appreciated.
// this next line will fail unless there is just one logged on user
continue if {number of logged on users = 1}
net localgroup “administrators” {sid of logged on user} /add
This is completely untested by me so be sure to try it out… if it works, you should post the Fixlet because I think many people might be interested.
Many thanks Ben. All is working, even though you did miss out the all important “dos” command in the Action Scipt
The quick and dirty Relevance and Action Script are as follows:
(name of operating system is "Win2000" or name of operating system is "WinXP") and (number of logged on users = 1) and (not exists members whose (sid of it = sid of logged on user) of local group "Administrators")
continue if {number of logged on users = 1}
dos net localgroup Administrators {sid of logged on user} /ADD
Doesn’t this require a log off then log on for the local admin to take effect?
If so, is there a better way to push a change that requires local admin privleges to a current user who does not have local admin privleges? We have many non admin users and would like make changes in one step if possible.
Thanks for the speedy reply. Is there any kind of “run as” admin type of thing. Of course that requires a username password in the clear probably, right? Or is there some way?
Usually they are installations or registry changes that are on a per user basis.
What is the basic syntax for something like the RUNAS for the current user or can you point me to an example? I havent found much for examples yet, probably because it is not recommended.
just browsing the forum looking for things to gain experience on… here’s a task to do this… Copy “code” to a file ending with .bes, then double click it to import into your deployment.
<?xml version=
"1.0" encoding=
"UTF-8"?> <BES xmlns:xsi=
"http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation=
"BES.xsd"> <Task> <Title>Local Admin::Effect Locally Logged On User</Title> <Description>This could be useful... </Description> <GroupRelevance JoinByIntersection=
"false"> <SearchComponentPropertyReference PropertyName=
"OS" Comparison=
"Contains"> <SearchText>Win</SearchText> <Relevance>exists (operating system) whose (it as string as lowercase contains
"Win" as lowercase)</Relevance> </SearchComponentPropertyReference> </GroupRelevance> <Category></Category> <Source>Internal</Source> <SourceID></SourceID> <SourceReleaseDate>2010-12-30</SourceReleaseDate> <SourceSeverity></SourceSeverity> <CVENames></CVENames> <SANSID></SANSID> <MIMEField> <Name>x-fixlet-modification-time</Name> <Value>Thu, 30 Dec 2010 23:35:04 +0000</Value> </MIMEField> <Domain>SCVM</Domain> <Action ID=
"Action1"> <Description> <PreLink>Click </PreLink> <Link>here</Link> <PostLink> to make locally logged on user a member of the local Administrators group.</PostLink> </Description> <ActionScript MIMEType=
"application/x-Fixlet-Windows-Shell">
continue
if
{number of logged on users = 1
} waithidden cmd.exe /C net localgroup Administrators
{sid of logged on user
} /ADD </ActionScript> </Action> <Action ID=
"Action2"> <Description> <PreLink>Click </PreLink> <Link>here</Link> <PostLink> to remove locally logged on user from the administrators group.</PostLink> </Description> <ActionScript MIMEType=
"application/x-Fixlet-Windows-Shell">
continue
if
{number of logged on users = 1
} waithidden cmd.exe /C net localgroup Administrators
{sid of logged on user
} /DELETE </ActionScript> </Action> <Action ID=
"Action3"> <Description> <PreLink>Click </PreLink> <Link>here</Link> <PostLink> to ADD a specific user or group to the local Administrators group.</PostLink> </Description> <ActionScript MIMEType=
"application/x-Fixlet-Windows-Shell">action parameter query
"UserGroup" with description
"Enter User or Group to be ADDED to the Local Administrators Group:" waithidden cmd.exe /C net localgroup Administrators
{parameter
"UserGroup"
} /ADD </ActionScript> </Action> <Action ID=
"Action4"> <Description> <PreLink>Click </PreLink> <Link>here</Link> <PostLink> to REMOVE a specific user or group from the local Administrators group.</PostLink> </Description> <ActionScript MIMEType=
"application/x-Fixlet-Windows-Shell">action parameter query
"UserGroup" with description
"Enter User or Group to be REMOVED to the Local Administrators Group:" waithidden cmd.exe /C net localgroup Administrators
{parameter
"UserGroup"
} /DELETE </ActionScript> </Action> </Task> </BES>