Menu

Search



What's the best way to deploy a Prism Task that adds the domain users group to the local administrator group? I want to run the Task, then undo it later.

New Boundary Support
Scripting Prism

Starting with Windows 2000, Microsoft changed how they handle the user information to a much more secure format. This has caused Prism Deploy to be unable to create Packages of user/group account changes. Each user and group has a unique ID on each machine, so a Package that contains something like the local Administrators group really doesn't make any sense to another computer because that computer's local Administrators group is actually something quite different.

That being said, Prism Deploy can deploy Command Tasks that can accomplish the same thing. 

NET Command Option

The first option is to create a Command Task the uses the NET command.  A sample command would look like:

NET LOCALGROUP Administrators /ADD "yourdomainhere\Domain Users"

Be sure to replace yourdomainhere with the name of your domain.  You will need to change the Run as property to run as a domain admin. This Task can then be assigned to any computer that you wish to add the Domain Users group to the local Administrators group.

To undo this, view the properties of the Command Task that you created above. Click the Task tab and then the Uninstall... button. Check the "Use uninstall command" box and enter the following command:

NET LOCALGROUP Administrators /DELETE "yourdomainhere\Domain Users"

Hit OK twice and you're ready to uninstall the Task. Now, when you choose Uninstall the Task for Task, it will actually run the second command.

VBScript Option

The second option is to create a VBScript that can easily do this function. Paste the following into a text file that has been renamed to AddDomainUsers.vbs:

strComputer = "."

strDomain = "yourdomainhere"

Set objLocalGroup = GetObject("WinNT://" & strComputer & "/Administrators")

Set objDomainGroup = GetObject("WinNT://" & strDomain & "/Domain Users")

objLocalGroup.Add(objDomainGroup.ADsPath)

Be sure to replace yourdomainhere with the name of your domain. Make sure this file is in a network shared location and create a Command Task within the Prism Deploy Console (i.e. \\server\share\AddDomainUsers.vbs). You will need to change the Run as property to run as a domain admin. This Task can then be assigned to any computer that you wish to add the Domain Users group to the local Administrators group.

To undo this, create a second VBScript called RemoveDomainUsers.vbs and save it in the network share as well. This script would contain:

strComputer = "."

strDomain = "yourdomainhere"

Set objLocalGroup = GetObject("WinNT://" & strComputer & "/Administrators,group")

Set objDomainGroup = GetObject("WinNT://" & strDomain & "/Domain Users,group")

objLocalGroup.Remove(objDomainGroup.ADsPath)

Again, make sure that you replace yourdomainhere with the name of your domain. To use this new script, view the properties of the Command Task that you created above. Click the Task tab and then the Uninstall... button. Check the "Use uninstall command" box and point to the remove script that you just created (i.e. \\server\share\RemoveDomainUsers.vbs). Hit OK twice and you're ready to uninstall the Task. Now, when you choose Uninstall the Task for your AddDomainUsers Task, it will actually run the RemoveDomainUsers script.


Also In This Category


On a scale of 1-5, please rate the helpfulness of this article


Not Helpful
Very Helpful
Optionally provide your comments to help us improve this article...

Thank you for your feedback!

Add Your Comments
Name:
Email Address:
RadEditor - HTML WYSIWYG Editor. MS Word-like content editing experience thanks to a rich set of formatting tools, dropdowns, dialogs, system modules and built-in spell-check.
RadEditor's components - toolbar, content area, modes and modules
   
Toolbar's wrapper  
Content area wrapper
RadEditor's bottom area: Design, Html and Preview modes, Statistics module and resize handle.
It contains RadEditor's Modes/views (HTML, Design and Preview), Statistics and Resizer
Editor Mode buttonsStatistics moduleEditor resizer
 
 
RadEditor's Modules - special tools used to provide extra information such as Tag Inspector, Real Time HTML Viewer, Tag Properties and other.
   
Verification Code:
Details
Last Modified: 20 Years Ago
Last Modified By: New Boundary Support
Type: HOWTO
Article not rated yet.
Article has been viewed 11.3K times.
Options
Customer Support Software By InstantKB 2015-2
Execution: 0.000. 8 queries. Compression Disabled.