Add user to a local SAM database - KiXtart.org

You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » Basic Scripting » Add user to a local SAM database

Page 1 of 2

Topic Options

#109477 - 2003-12-03 08:45 AM Add user to a local SAM database
mima mima Hey THIS is FUN Registered: 2002-01-25 Posts: 217 Loc: Jönköping, Sweden	Hi I'm adding users or groups to the local SAM on workstations with kix, and using the Addusers.exe from MS Resource Kit. Is it possibly to do this AND NOT using Addusers.exe, instead using ONLY kix code (NOT the SHELL command) ? ; Start kix code $Ws = "Ws001" $Domain = "DOM001" $DomAdmin = "Administrator" $DomPw = "secret" $InFile = "infile.txt" Use "\\$Ws\C$" /USER:"$Domain\$DomAdmin" /Password:"$DomPw" If Exist("\\$Ws\C$\Boot.ini") Shell "%COMSPEC% /e:1024 /c addusers.exe /c $InFile \\$ws" Use "\\$Ws\C$" /Delete Else ? "Failed to connect to " + "$Ws" EndIf ; End kix code $InFile looks like this: ************** [Local] Administrators,,Domain Users ************** /Mima
Top

#109478 - 2003-12-03 10:08 AM

Re: Add user to a local SAM database

NTDOC

Administrator

Registered: 2000-07-28
Posts: 11631
Loc: CA

Hello Mima,

Please give this code a try. You must have Admin rights on the remote system in order to add a user.

Debug Off
Break On
Dim $iRC
$iRC=SetOption('Explicit','On')
$iRC=SetOption('NoVarsInStrings','On')
Dim $Computer,$Group,$User
$Computer = "workstation name"
$Group = GetObject("WinNT://" + $Computer + "/Administrators,group")
$User  = GetObject("WinNT://" + $Computer + "/dave,user")
$Group.Add($User.ADsPath)
? 'Return value: ' +@ERROR +'  '+@SERROR

Top

#109479 - 2003-12-03 01:16 PM Re: Add user to a local SAM database
mima mima Hey THIS is FUN Registered: 2002-01-25 Posts: 217 Loc: Jönköping, Sweden	Hi Ntdoc This workes fine ! if I only want to add a local user in a local group. BUT I want to add Domain Users group into the local Administrators group. Is that possibly with som change in your code ?? /Mima
Top

#109480 - 2003-12-03 01:57 PM Re: Add user to a local SAM database
Howard Bullock Howard Bullock KiX Supporter Registered: 2000-09-15 Posts: 5809 Loc: Harrisburg, PA USA	You can do this KiXtart. Your "add" method would like this... Code: $Group.Add("WinNT://$Domain/Domain Admins") Checkout my GrpMaint.exe listed on my Perl utilities web page. To add a user: Code: $cont = GetObject("WinNT://" + $Computer + ",computer") $oUser = $cont.Create("user", $sUser) _________________________ Home page: http://www.kixhelp.com/hb/
Top

#109481 - 2003-12-03 02:10 PM Re: Add user to a local SAM database
mima mima Hey THIS is FUN Registered: 2002-01-25 Posts: 217 Loc: Jönköping, Sweden	I dont get this to work. I have done like this: Dim $iRC $iRC=SetOption('Explicit','On') $iRC=SetOption('NoVarsInStrings','On') $Domain = "MYDomain" Dim $Computer,$Group,$User $Computer = "ws001" $Group = GetObject("WinNT://" + $Computer + "/LGrp,group") I changed the following line: ; $User = GetObject("WinNT://" + $Computer + "/dave,user") to the following because it is Domain Users I am looking for: $User = GetObject("LDAP://CN=Domain Users,CN=Users,DC=intra,DC=se") then I dont understand how I will get this into the local SAM. I tried this: $Group.Add($User.ADsPath) but it wont work. Howard your reply was : $Group.Add("WinNT://$Domain/Domain Users") but that wont work. /Mima
Top

#109482 - 2003-12-03 02:16 PM Re: Add user to a local SAM database
Howard Bullock Howard Bullock KiX Supporter Registered: 2000-09-15 Posts: 5809 Loc: Harrisburg, PA USA	Why won't my suggestion work? You can not pass an "LDAP://" path to the "WinNT://" ADSI provider. _________________________ Home page: http://www.kixhelp.com/hb/
Top

#109483 - 2003-12-03 03:03 PM Re: Add user to a local SAM database
mima mima Hey THIS is FUN Registered: 2002-01-25 Posts: 217 Loc: Jönköping, Sweden	Hi Howard I'm lost........ If I write the line, what does this line do ? $Group.Add("WinNT://$Domain/Domain Admins") I only want to add Domain Users in to the LOCAL Administrator group /mima
Top

#109484 - 2003-12-03 03:15 PM Re: Add user to a local SAM database
Howard Bullock Howard Bullock KiX Supporter Registered: 2000-09-15 Posts: 5809 Loc: Harrisburg, PA USA	I typed the name of the wrong group name - sorry. Change "Domain Admins" to "Domain Users". That is the ADsPath of a group to add to add to the group object defined by $Group. [edit] What is the exact problem you have...is it technical or understanding the ADSI code? Edited by Howard Bullock (2003-12-03 03:18 PM) _________________________ Home page: http://www.kixhelp.com/hb/
Top

#109485 - 2003-12-03 04:55 PM Re: Add user to a local SAM database
mima mima Hey THIS is FUN Registered: 2002-01-25 Posts: 217 Loc: Jönköping, Sweden	Sorry. Wrong DNS in the workstation that I tested with, not to the Active Directory DNS. that gave all the errors.... So now the script works perfect. Here is the code to all if you want to ADD a group from the Domain into a Local group on a workstation: Dim $iRC $iRC=SetOption('Explicit','On') $iRC=SetOption('NoVarsInStrings','On') Dim $Computer,$Group,$User $Domain = "MyDOM" $Computer = "ws001" $Group = GetObject("WinNT://" + $Computer + "/Administrators,group") $Group.Add("WinNT://$Domain/Domain Users") /Mima
Top

#109486 - 2003-12-03 05:01 PM Re: Add user to a local SAM database
Howard Bullock Howard Bullock KiX Supporter Registered: 2000-09-15 Posts: 5809 Loc: Harrisburg, PA USA	This should not work with "NoVarsInStrings" $Group.Add("WinNT://$Domain/Domain Users") should be: $Group.Add("WinNT://" + $Domain + "/Domain Users") You should also check @error to insure the process completed without errors. Edited by Howard Bullock (2003-12-03 05:01 PM) _________________________ Home page: http://www.kixhelp.com/hb/
Top

#109487 - 2003-12-03 05:13 PM Re: Add user to a local SAM database
Howard Bullock Howard Bullock KiX Supporter Registered: 2000-09-15 Posts: 5809 Loc: Harrisburg, PA USA	Did you see the UDF: GroupAdd() - Ads a User/Group to a Group Global/Local _________________________ Home page: http://www.kixhelp.com/hb/
Top

#109488 - 2003-12-11 12:06 PM Re: Add user to a local SAM database
mima mima Hey THIS is FUN Registered: 2002-01-25 Posts: 217 Loc: Jönköping, Sweden	Hi Instead of adding group ( $Group.Add("WinNT://$Domain/Domain Users") I want to check if the group already exist on the workstation ? Does anyone know which syntax for that ? /Mima
Top

#109489 - 2003-12-11 02:09 PM Re: Add user to a local SAM database
Howard Bullock Howard Bullock KiX Supporter Registered: 2000-09-15 Posts: 5809 Loc: Harrisburg, PA USA	You have not explained sufficiently what exactly you want to accomplish, but I think this may be it... function IsGroupMember _________________________ Home page: http://www.kixhelp.com/hb/
Top

#109490 - 2003-12-11 02:34 PM Re: Add user to a local SAM database
mima mima Hey THIS is FUN Registered: 2002-01-25 Posts: 217 Loc: Jönköping, Sweden	Sorry, Earlier in this subject we have add Domain Users to the Local Administrators group, so thats works. Like this Dim $Computer,$Group,$User $Domain = "MyDOM" $Computer = "ws001" $Group = GetObject("WinNT://" + $Computer + "/Administrators,group") $Group.Add("WinNT://" + $Domain + "/Domain Users") BEFORE I do this I would like to test if Domain Users already are in the Local Administrators group. So I dont get one error code if I try to make $Group.Add several times. /Mima
Top

#109491 - 2003-12-11 02:39 PM Re: Add user to a local SAM database
Howard Bullock Howard Bullock KiX Supporter Registered: 2000-09-15 Posts: 5809 Loc: Harrisburg, PA USA	Did you read the link I posted in my previous post? That does the check to see if an object is already a member. Also you could just perform the add and process the errorcode. Ignore the error code that occurs when the object is already a member. _________________________ Home page: http://www.kixhelp.com/hb/
Top

#109492 - 2003-12-11 03:28 PM Re: Add user to a local SAM database
mima mima Hey THIS is FUN Registered: 2002-01-25 Posts: 217 Loc: Jönköping, Sweden	Hi Howard Yes I read your link but I did like this instead: $Log = ".\test.log" $Ws = "ws001" $Rc = LogCon ( "Start" ) AddGroupWs( ) $Rc = LogCon ( "End" ) Function AddGroupWs ( ) Dim $Group $Domain = "INTRA_AD" $Group = GetObject("WinNT://" + $Ws + "/Administrators,group") If @ERROR < 0 LogCon ("Could not open local group. Error code : @Error" ) Else $Group.Add("WinNT://" + $Domain + "/Domain Users") Select Case @Error = 0 LogCon ("Successful adding of group." ) Case @Error = -2147352567 LogCon ("Group already added." ) Case 1 LogCon ("Could not add group with error code: @Error." ) EndSelect Endif EndFunction Function LogCon ( $Msg ) $rc = RedirectOutput("$Log",0) ? "$Msg" $rc = RedirectOutput("") ? "$Msg" EndFunction I check on the error code and hope that it only give -2147352567 when the group already exist. /mima
Top

#109493 - 2003-12-11 05:33 PM Re: Add user to a local SAM database
Howard Bullock Howard Bullock KiX Supporter Registered: 2000-09-15 Posts: 5809 Loc: Harrisburg, PA USA	The error returned should be consistent. Read the FAQ: Error Code Look up.. for a small UDF that will make the error usable. Lonkero also has a ComError function that is similiar. _________________________ Home page: http://www.kixhelp.com/hb/
Top

#109494 - 2003-12-11 07:35 PM Re: Add user to a local SAM database
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	Don't you consider adding 'Domain Users' to the local administrators group a GIANT security risk? I mean just about anyone can browse anyone else's computer! {YUCK} _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#109495 - 2003-12-11 07:56 PM Re: Add user to a local SAM database
Sealeopard Sealeopard KiX Master Registered: 2001-04-25 Posts: 11165 Loc: Boston, MA, USA	No, it's actually a security benefit as one can now apply patches and install applictions during login scripts. _________________________ There are two types of vessels, submarines and targets.
Top

#109496 - 2003-12-11 09:09 PM Re: Add user to a local SAM database
ShaneEP ShaneEP MM club member Registered: 2002-11-29 Posts: 2127 Loc: Tulsa, OK	Better than adding everyone to the Domain Admins group though huh? Ive seen that one before...
Top

Page 1 of 2

Previous Topic View All Topics

Index Next Topic

Moderator: Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart

Hop to:

Shout Box

Search the board with:
superb Board Search
or try with google:

	Web kixtart.org