I have a number of servers to which I need to grant administrative access to 1 particular user, i.e. add him to local admins. I guess it can be scripted with PowerShell or somehow else.. Can somebody advice me how to do it?
Asked
Active
Viewed 2.0k times
3 Answers
4
If this computer is in an Active Directory domain, I would control this via Group Policy. (You can use Restricted Groups via GPO, which adds members to the local admins group while at the same time removing members who shouldn't be there.)
If this computer is not part of a domain, just run
C:\>net localgroup Administrators billybob /add
You could of course also run the above line in a batch file.
Ryan Ries
- 55,481
- 10
- 142
- 199
2
Maybe not the prettiest Powershell and definitely not the shortest but here’s a modified version of something I use.
# Get the servers from a file named listOfServers.txt, skip lines
# either commented with a # or blank.
$serverList = Get-Content -Path C:\temp\listOfServers.txt | where {($_ -notlike "*#*") -and ($_ -notmatch "^\s*$")}
# Cycle throught the servers adding the user to the Administrators group.
foreach ($server in $serverList) {
$computer = [ADSI]("WinNT://" + $server + ",computer")
$group = $computer.psbase.children.find("Administrators")
$group.Add("WinNT://yourDomainName/" + $user)
}
Bruce
- 511
- 3
- 3
1
What Ryan Ries said, basically. I used to use restricted groups to add administrators (which also kicks out people who shouldn't be there, bonus!).
For non-domain computers, something like PsExec with a list of computers would work. Something like this:
@ECHO ON
set controlfile=serverlist.txt
FOR /F %%L IN (%controlfile%%) DO (
SET "line=%%L"
psexec \\%%L net localgroup Administrators YourDomain\YourUser /add
)
Katherine Villyard
- 18,550
- 4
- 37
- 59