Yes, I still use vbscript. Someday, I’ll get to work in an environment where everything is upgraded. Until then, I have to rely on the tried and true vbscript.
One of the most common uses of a Group Policy startup script is for adding users to the local admin group. Just google it and you will find hundreds of scripts doing just that, batch files, posh, vbscript, perl, etc. I wrote the script below because I wanted the flexibility to reuse this script at any client and for any group (not just Administrators but Remote Desktop Users or Power Users).
The config section takes three arguements: Action, strLocalGroup, strDomainGroup.
- Action: Can be either “Add” or “Remove”. It will either add the domain group to the local group or remove it.
- strLocalGroup: The name of the local group (e.g. Administrators, Power Users, etc.). I tested w/ all the standard built-in groups.
- strDomainGroup: The name of the domain group to add to the local group. Note: The workstation has to be a member of the same domain the group resides in.
Download the script (zipped): add-remove-domain-group-to-local-group
'======================================================
' VBScript Source File
' NAME: Add/Remove Domain Group to Local Group
' AUTHOR: Andrew J Healey
' DATE : 2011.07.08
' COMMENT: Will add or remove the domain group specified
' to/from the local group specified.
' USAGE: Modify the config section to match your env.
' The "Action" can be "Remove" or "Add"
'======================================================
Option Explicit
Dim strDomainGroup, strLocalGroup, Action
'--------- START CONFIG SECTION ---------
Action = "Add" ' or Remove
strLocalGroup = "Administrators"
strDomainGroup = "Local-Workstation-Admins"
'--------- END CONFIG SECTION ---------
' Enable error handling routine to ensure startup
' script doesn't throw error at users
On Error Resume Next
Dim strDomain, strComputer
Dim objNetwork, objLocalGroup, objDomainGroup
Set objNetwork = CreateObject("WScript.Network")
strDomain = objNetwork.UserDomain
strComputer = objNetwork.ComputerName
Set objLocalGroup = GetObject("WinNT://" & _
strComputer & "/" & strLocalGroup)
Set objDomainGroup = GetObject("WinNT://" & _
strDomain & "/" & strDomainGroup)
' Do Work
Select Case Action
Case "Remove"
objLocalGroup.Remove(objDomainGroup.ADsPath)
Case "Add"
objLocalGroup.Add(objDomainGroup.ADsPath)
End Select
' Clean up objects
Set objDomainGroup = Nothing
Set objLocalGroup = Nothing
Set objNetwork = Nothing
NET LOCALGROUP Administrators DOMAINGroup /ADD
Just keep your group name under 20 characters.
Thank you andrew for the tips, much more easy than using a vbscript 🙂
Hi,
I would like do this remotly!
Can you help me?
Thanks
Samuel