Local admin

system · March 17, 2008, 5:55pm

I had previously created a fixlet in BDE which i cannot find at the moment, adding a user to the local administrators group on the PC’s. Unfortunately for me, I cannot find it.

Does anyone have one handy where I can add a domain group or user to the local administrator group.

I had this one which is not complete

wait ntuser.exe -s {string value of (selects “Name from Win32_ComputerSystem” of wmi) as string as uppercase} LGROUP APPEND “Power Users” {string value of (selects “UserName from Win32_ComputerSystem” of wmi) as string as uppercase}

system · March 17, 2008, 6:07pm

(imported comment written by jr6591)

I think I found the custom action

wait {pathname of system folder}\net.exe localgroup administrators Domain\Domain User /add

If anyone has a better way, I’d like to see it

Thanks

system · April 4, 2008, 12:39am

(imported comment written by SystemAdmin)

Use:

dos net localgroup Administrators “domain_name\group_name” /ADD

system · May 4, 2009, 7:11pm

(imported comment written by hernan91)

Hi.

Is there a way to include domain groups with more than 20 characters in the group name? i have some issues trying to add group names with > 20 characters.

thanks.

BenKus · May 5, 2009, 5:35am

(imported comment written by BenKus)

Is this a limit on the “net localgroup” command?

Ben

system · May 5, 2009, 11:10pm

(imported comment written by hernan91)

Hi Ben.

Well i don’t know if is a limit on the “net localgroup”, this is the command.

dos net localgroup Administrators “DOM\MMM 222 LLL SSSSSSS” /ADD

dos net localgroup Administrators “DOM\AAA CCCCC FFFF SSSSSS OO BBBBB” /ADD ‘command with issues’

The domain names are correct, if i try to add domain names < than 20 characters it works but fails with > 20

Can I use a different command to add domain groups in the administrators group?.

Thanks.

Noah · May 6, 2009, 1:04am

(imported comment written by NoahSalzman)

http://support.microsoft.com/kb/324639

NET.EXE /ADD command does not support names longer than 20 characters

system · May 8, 2009, 2:19am

(imported comment written by hernan91)

Ok, Thanks

system · April 2, 2010, 12:17am

(imported comment written by MattBoyd)

Sorry to dig up an old thread but I ran into the 20 character limitation for NET.EXE as well. Here’s a VBScript that you can use to overcome the limitation:

'  Name:       AddGroupToLocalGroup.vbs 
'  Author:   Matthew Boyd 
'  Date: 4/1/2010 
'  Purpose:  Adds a AD security group to a local security group. This script is used to overcome the 
'             20 character group name limitation that NET.EXE has: http://support.microsoft.com/kb/324639 
'  Usage: cscript.exe AddGroupToLocalGroup.vbs "<AD Group Name>" "<Local Group Name>" 
'  Example:       cscript.exe AddGroupToLocalGroup.vbs "DOMAIN.NAME\MyGroup" "Administrators" 
'             The command above would add MyGroup to the Administrators security group of the local  
'              machine.   Dim localGroupName, ADGroupName, strComputer, objLocalGroup, objADGroup strComputer = 
"."   
''
'Parse the command line arguments (if it exists) If Wscript.Arguments.Count < 2 then Err.Raise 1, 
"Invalid argument", 
"Missing parameters" Else ADGroupName = Wscript.Arguments.Item(0) localGroupName = Wscript.Arguments.Item(1) End If ADGroupName = REPLACE(ADGroupName, 
"\", "/
")   Set objLocalGroup = GetObject(
"WinNT://" & strComputer & 
"/" & localGroupName & 
",group") Set objADGroup = GetObject(
"WinNT://" & ADGroupName & 
",group")   objLocalGroup.Add(objADGroup.ADsPath) wscript.echo 
"Successfully added " & ADGroupName & 
" to " & localGroupName

You can create a task that creates this file and renames it to something like “AddGroupToLocalGroup.vbs” and then use an action command like this:

waithidden cscript.exe AddGroupToLocalGroup.vbs 
"MYDOMAIN.COM\MyGroup" 
"Administrators"