Hi Devon
Yes, only an admin or the local system can create other admins. Startup
scripts run in the context of local system while logon scripts run in the
context of the user logging and will only do what that users rights allows
for.
Regards;
James R. Day
Active Directory Core Team
Office of the Chief Information Officer
National Park Service
(202) 354-1464 (direct)
(202) 371-1549 (fax)
[EMAIL PROTECTED]
|---------+---------------------------------->
| | "Harding, Devon" |
| | <[EMAIL PROTECTED]|
| | com> |
| | Sent by: |
| | [EMAIL PROTECTED]|
| | tivedir.org |
| | |
| | |
| | 02/15/2005 11:54 AM EST|
| | Please respond to |
| | ActiveDir |
|---------+---------------------------------->
>------------------------------------------------------------------------------------------------------------------------------|
|
|
| To: <[email protected]>
|
| cc: <[EMAIL PROTECTED]>, (bcc: James Day/Contractor/NPS)
|
| Subject: RE: [ActiveDir] Create Local Account via GPO?
|
>------------------------------------------------------------------------------------------------------------------------------|
If I put this in a logon script, would the user logon on need local
admin permissions?
-Devon
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Tuesday, February 15, 2005 11:25 AM
To: [email protected]
Cc: [email protected]; [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Create Local Account via GPO?
Hi All
You could add the following line into a startup script - that would
apply
to every computer in the OU.
net user accountname accountpassword /add
This line will add that user to the local admin group
net localgroup Administrators /add accountname
Randy Barger wrote a nice script called changepwdservers.vbs that will
then reset the password on all the local machines once the user is
created
so it does not end up being easily found in the script itself.
Regards;
James R. Day
Active Directory Core Team
Office of the Chief Information Officer
National Park Service
(202) 354-1464 (direct)
(202) 371-1549 (fax)
[EMAIL PROTECTED]
|---------+-------------------------------------->
| | Jorge de Almeida Pinto |
| | <[EMAIL PROTECTED]|
| | icacmg.com> |
| | Sent by: |
| | [EMAIL PROTECTED]|
| | dir.org |
| | |
| | |
| | 02/15/2005 04:32 PM CET |
| | Please respond to ActiveDir|
|---------+-------------------------------------->
>-----------------------------------------------------------------------
-------------------------------------------------------|
|
|
| To: [email protected]
|
| cc: (bcc: James Day/Contractor/NPS)
|
| Subject: RE: [ActiveDir] Create Local Account via GPO?
|
>-----------------------------------------------------------------------
-------------------------------------------------------|
Hi,
You could create a script that uses some list with computers, pings
those
computer and creates a local user account with ADDUSERS.EXE (and if
needed
in combination with CUSRMGR) or create a Vbscript that checks if the
computer is up and creates the account if it does not exist yet
Cheers
jorge
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Harding, Devon
Sent: dinsdag 15 februari 2005 15:16
To: [email protected]
Subject: [ActiveDir] Create Local Account via GPO?
How can I create a local user on all my XP workstation using GPOs?
Devon Harding
Windows Systems Engineer
Southern Wine & Spirits - GSD
954-602-2469
-----------------------------------------
__________________________________ This message and any attachments are
solely for the intended recipient and may contain confidential or
privileged
information. If you are not the intended recipient, any disclosure,
copying, use or distribution of the information included in the message
and
any attachments is prohibited. If you have received this communication
in
error, please notify us by reply e-mail and immediately and permanently
delete this message and any attachments. Thank You.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
This e-mail and any attachment is for authorised use by the intended
recipient(s) only. It may contain proprietary material, confidential
information and/or be subject to legal privilege. It should not be
copied,
disclosed to, retained or used by, any other party. If you are not an
intended recipient then please promptly delete this e-mail and any
attachment and all copies and inform the sender. Thank you.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
