On Tue, Apr 7, 2009 at 8:13 PM, Joseph L. Casale
<[email protected]> wrote:
> Problem is that it overwrites any manual additions. Is there a way to
> control this behavior or a better way to do this so that if a user for
> whatever
> reason has to be added, it can be done at the wkst without risk of losing
> this?
We use a PC startup script (VBS) to add a domain group to the local
"Administrators" group to each computer. I've extracted the relevant
parts below. Perhaps this will be of use to you.
Const OrgName = "CHANGEME" ' e.g., "Foo Industries"
Const OrgNTDomain = "CHANGEME" ' NTLM/NetBIOS domain name
Const OrgPCAdmins = "Workstation Admins"
Dim WshShell, WshNetwork
Set WshShell = WScript.CreateObject("WScript.Shell")
Set WshNetwork = WScript.CreateObject("WScript.Network")
Dim hostname
hostname = WshNetwork.ComputerName
' registry path we keep our "Done Yet?" flags in
Dim InitCompRegPath
InitCompRegPath = "HKEY_LOCAL_MACHINE\Software\" & OrgName & "\ITAdmin\InitComp"
Const AddPCAdmins = "AddPCAdmins"
If NotDoneYet(AddPCAdmins) Then
Dim LocalGroup, DomainGroup
Set LocalGroup = Nothing
Set DomainGroup = Nothing
On Error Resume Next
Set LocalGroup = GetObject("WinNT://" & hostname & "/Administrators,group")
Set DomainGroup = GetObject("WinNT://" & OrgNTDomain & "/" &
OrgPCAdmins & ",group")
On Error GoTo 0
If Not ((DomainGroup Is Nothing) OR (LocalGroup Is Nothing)) Then
LocalGroup.Add (DomainGroup.ADsPath)
DoneNow AddPCAdmins
End If
Function NotDoneYet (itemName)
Dim itemPath, regval
itemPath = InitCompRegPath & "\" & itemName
On Error Resume Next
regval = WshShell.RegRead(itemPath)
On Error GoTo 0
If regval = 1 Then
NotDoneYet = False
Else
NotDoneYet = True
End If
End Function
Sub DoneNow (itemName)
Dim itemPath
itemPath = InitCompRegPath & "\" & itemName
WshShell.RegWrite itemPath, 1, strREG_DWORD
End Sub
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
