Local admin

(imported topic written by jr6591)

I had previously created a fixlet in BDE which i cannot find at the moment, adding a user to the local administrators group on the PC’s. Unfortunately for me, I cannot find it.

Does anyone have one handy where I can add a domain group or user to the local administrator group.

I had this one which is not complete

wait ntuser.exe -s {string value of (selects “Name from Win32_ComputerSystem” of wmi) as string as uppercase} LGROUP APPEND “Power Users” {string value of (selects “UserName from Win32_ComputerSystem” of wmi) as string as uppercase}

(imported comment written by jr6591)

I think I found the custom action

wait {pathname of system folder}\net.exe localgroup administrators Domain\Domain User /add

If anyone has a better way, I’d like to see it


(imported comment written by SystemAdmin)


dos net localgroup Administrators “domain_name\group_name” /ADD

(imported comment written by hernan91)


Is there a way to include domain groups with more than 20 characters in the group name? i have some issues trying to add group names with > 20 characters.


(imported comment written by BenKus)

Is this a limit on the “net localgroup” command?


(imported comment written by hernan91)

Hi Ben.

Well i don’t know if is a limit on the “net localgroup”, this is the command.

dos net localgroup Administrators “DOM\MMM 222 LLL SSSSSSS” /ADD

dos net localgroup Administrators “DOM\AAA CCCCC FFFF SSSSSS OO BBBBB” /ADD ‘command with issues’

The domain names are correct, if i try to add domain names < than 20 characters it works but fails with > 20

Can I use a different command to add domain groups in the administrators group?.


(imported comment written by NoahSalzman)


NET.EXE /ADD command does not support names longer than 20 characters

(imported comment written by hernan91)

Ok, Thanks

(imported comment written by MattBoyd)

Sorry to dig up an old thread but I ran into the 20 character limitation for NET.EXE as well. Here’s a VBScript that you can use to overcome the limitation:

'  Name:       AddGroupToLocalGroup.vbs 
'  Author:   Matthew Boyd 
'  Date: 4/1/2010 
'  Purpose:  Adds a AD security group to a local security group. This script is used to overcome the 
'             20 character group name limitation that NET.EXE has: http://support.microsoft.com/kb/324639 
'  Usage: cscript.exe AddGroupToLocalGroup.vbs "<AD Group Name>" "<Local Group Name>" 
'  Example:       cscript.exe AddGroupToLocalGroup.vbs "DOMAIN.NAME\MyGroup" "Administrators" 
'             The command above would add MyGroup to the Administrators security group of the local  
'              machine.   Dim localGroupName, ADGroupName, strComputer, objLocalGroup, objADGroup strComputer = 
'Parse the command line arguments (if it exists) If Wscript.Arguments.Count < 2 then Err.Raise 1, 
"Invalid argument", 
"Missing parameters" Else ADGroupName = Wscript.Arguments.Item(0) localGroupName = Wscript.Arguments.Item(1) End If ADGroupName = REPLACE(ADGroupName, 
"\", "/
")   Set objLocalGroup = GetObject(
"WinNT://" & strComputer & 
"/" & localGroupName & 
",group") Set objADGroup = GetObject(
"WinNT://" & ADGroupName & 
",group")   objLocalGroup.Add(objADGroup.ADsPath) wscript.echo 
"Successfully added " & ADGroupName & 
" to " & localGroupName

You can create a task that creates this file and renames it to something like “AddGroupToLocalGroup.vbs” and then use an action command like this:

waithidden cscript.exe AddGroupToLocalGroup.vbs