(imported topic written by boostaz191)
I need help creating a fixlet which will allow me to add a specified user account to the local admin group is the account does not already exist there. I currently have this part. ‘run detached {pathname of system folder]\net.exe localgroup administrators mydom\myadmin /add’ but I need to know how to find out if this user is already a member of the group.
(imported comment written by BenKus)
Hi boostaz1,
You can use something like this in BES 6.0+:
q: exists member whose (it as string = “BIGFIX\Domain Admins”) of local group "Administrators"
A: True
Some more info at:
http://forum.bigfix.com/viewtopic.php?id=30
Ben
(imported comment written by boostaz191)
I got it thanks all I used the following relevance:
not exists member whose (it as string as lowercase contains “domain\user”) of local group “Administrators”
(imported comment written by gage)
I am trying to add an account if it doesn’t exist as a local user or as the following: \machine\root\cimv2:Win32_Group.Domain=“domain”,Name=“group”
The not exists … statement boostaz1 used worked for the local account. What would I use to test for the existence of the other account?
(imported comment written by BenKus)
Hi gage,
Can you tell me a bit more about this account? Is this a domain account that is a member of a domain group on the local computer?
Ben
(imported comment written by gage)
Ben:
Yes. Some of the Sysadmins added the group Domain Admins of which this account is a member. If a person logs onto our domain, they get the account by GP. If they log onto a trusted domain that has set up a GP, they get the group Domain Admins added. Does that answer your question?
This account needs to be on all machines – regardless. Which is what I am trying to do.
Thanks,
(imported comment written by BenKus)
Hi gage,
Does something like this work?
q: not exists local group “domain\groupname”
Ben