Why not add the interactive user to local admins:
http://qvlweb.blogspot.com/2008/08/give-logged-in-user-local-administrator.html
Anyone who logs into a computer locally will have admin rights and they
lose them when they log out. They will also not have admin rights remotely,
so no RDP for admin rights.
On Fri, Dec 5, 2014 at 9:31 AM, Burke, John <john.bu...@bellaliant.ca>
wrote:
> I have a script that is working but the delimitation is mucking it up.
> It works if you have just your domain\userid in the profile list in
> registry. But if you have domain\userdid.domain it bombs because of the ..
>
> Wondering if anyone would be able to look at it and see a simle change i
> can make to make it work properly (or maybe there is a better way to do it.
> Even if i had something that i could run on a standard user, that would add
> the currently logged in user to local admin via sccm that would wrok too).
>
>
> **** it's pretty small script ****
> On Error Resume Next
>
> Const HKEY_LOCAL_MACHINE = &H80000002
>
> strComputer = "."
>
> Set objRegistry=GetObject("winmgmts:\\" & _
> strComputer & "\root\default:StdRegProv")
>
> strKeyPath = "SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"
> objRegistry.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubkeys
>
> For Each objSubkey In arrSubkeys
> strValueName = "ProfileImagePath"
> strSubPath = strKeyPath & "\" & objSubkey
> objRegistry.GetExpandedStringValue
> HKEY_LOCAL_MACHINE,strSubPath,strValueName,strValue
> profilearray = Split(strvalue,"\")
> For Each x In profilearray
> UserID=x
> Next
> Set objLocalAdminGroup = GetObject("WinNT://" & strComputer &
> "/Administrators")
> objLocalAdminGroup.Add("WinNT://domain1/" & UserID)
> objLocalAdminGroup.Add("WinNT://domain2/" & UserID)
> Next
>
>
