Domain logon -admin account script.

D

Dusk

Expert Member
Joined
Jul 4, 2007
Messages
1,521
Reaction score
55
Location
Cape Town
Is it possible to add a script that adds a admin (domain admin) account automatically onto a machine when they logon to the domain and make it a local adminstrator ?

Where can i get info on this ?
 
Hi ,

Unpack this abit , so if I logon to this Server with my details then you want a script to run that creates a new user ( domain admin rights) automatically ?
 
I think what he means is :

1. When they logon to the domain
2. Automatically add another account to the machine that is logging on
3. Make this new account on this machine that just logged on an administrator on the machine that just logged on.

That way, he will automatically get a means that will give him admin access to any machine that logs onto the domain.
 
User logs into pc with his domain details.
Name
Password
Domain

>>>>

Script runs that adds domain admin account to PC as local (PC) adminstrator.
 
davemc said:
I think what he means is :

1. When they logon to the domain
2. Automatically add another account to the machine that is logging on
3. Make this new account on this machine that just logged on an administrator on the machine that just logged on.

That way, he will automatically get a means that will give him admin access to any machine that logs onto the domain.
Click to expand...

Yes i need to do some Auditing on the network and use dameware but i cant get into all the machines cause not all of them have the admin account registered (for lack of another word) on their PC.
 
Domain admin is automatically added to the local administrator group when you join the domain....
 
Dusk said:
Yes i need to do some Auditing on the network and use dameware but i cant get into all the machines cause not all of them have the admin account registered (for lack of another word) on their PC.
Click to expand...

OK, somebody probably removed it then. Why not use a security policy and apply it to the machine? GPO is more reliable than scripts.
 
And what's this dameware? Why is no one here using powershell?
 
Dameware is remote control software.

GPO can add a group to the Admin of any Computer that joins the domain. So yes you can add a group or user to the admin to answer your first question.

But with Dameware, you can specify the account to run the service as, so as lond as you know the username and password (has to exist) of the admin account on the PC, you will be able to run dameware.
 
http://www.dameware.com/

Here is a quick screenshot , obviously i cant fit everything in but it should give you an idea. (also masked some private info etc) .
damewarescreenie.jpg


DameWare NT Utilities
The Ultimate Enterprise System Management Software for 32-bit & 64-bit Windows Operating Systems
System Requirements: Windows NT4, 2000, XP, 2003, Vista, 2008

DameWare NT Utilities (DNTU) is an enterprise system management application for Windows NT/2000/XP/2003/Vista/2008 which allows Administrators to go beyond the limitations of Microsoft's Management Console (MMC). DNTU provides an integrated collection of Microsoft Windows NT administration utilities, incorporated within a "easy to use" centralized interface for remote management of Windows Servers and Workstations. Most all of the standard utilities are included within DNTU's powerful Explorer-style interface, many of which have been greatly enhanced to provide superior performance, added functionality, and ease of use. DNTU also contains custom NT tools including the DameWare Mini Remote Control program and the Exporter, and also supports the use of standard shell property pages and shell context menus.

DNTU also contains a powerful Active Directory Object Browser, and extensive Active Directory functionality for retrieving, searching, and filtering of all AD Objects & attributes. Management of objects such as OUs (Organizational Units), Containers, Users, Groups, Contacts, Computers, & Shares, as well as attributes that are not available within Microsoft's MMC (i.e. Photos, Logos, employee ID, etc...) are all supported. DNTU's exclusive Quick OU & Picture/Logo management functionality just further emphasizes DameWare Development's commitment to producing quality products that are easy to use.

In addition to Active Directory, DNTU also supports management of Domains, Workstations, Disk Drives, Event Logs, Local Groups, Global Groups, Domain members, Open Files, Printers, Processes, Properties, Registry, Services, Sessions, Shares, ShutDown/Reboot, Software, Terminal Services/RDP, Users, Wake-on-LAN, and many more features. DNTU continues to support legacy (non-AD) Microsoft Windows Network implementation via a dynamic "Microsoft Windows Network" Browser tree view. Domain controllers, servers and workstations, as well as non-browsable machines (machines that by default are not shown in Microsoft's Windows Network Browser), can easily be managed via machine name or IP address after being added to the network browser tree view. DNTU basically gives you the ability to manage your Windows network from one easy to use Explorer-style interface.

DNTU also includes the DameWare Mini Remote Control program for fast and easy deployment and troubleshooting, and the Exporter to quickly extract information from remote Windows machines.
Click to expand...
 
Last edited:
You can do this with Active Directory, to add a user to a local group on the computer when they log in. I did this at my previous job so that the staff would become Power Users and were no longer admins. It's called Restricted Groups and is under the User section of Group Policy.

Good luck
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X