What is the script *trying* to do. Add all local users to the local
administrators group?
I would not recommend enumerating the local profile path, instead
enumerating the ADSI user group (Untested on domain joined machines):
Option Explicit
Dim strComputer
Dim oGroup, oUsers, oUser, oLastLogin
strComputer = CreateObject("Wscript.Network").ComputerName
Set oGroup = GetObject("WinNT://" & strComputer & "/Administrators")
if not isobject(oGroup) then
Wscript.Echo "Unable to get Local Admin Object"
wscript.quit 1
end if
Set oUsers = GetObject("WinNT://" & strComputer )
if not isobject(oUsers) then
Wscript.Echo "Unable to get Local User Object"
wscript.quit2
end if
oUsers.Filter = Array("user")
For Each oUser In oUsers
oLastLogin = empty
on error resume next
oLastLogin = oUser.LastLogin
on error goto 0
Wscript.Echo "Check account [" & oUser.ADsPath & "] with profile: [" &
oLastLogin & "]."
If not oGroup.IsMember(oUser.ADsPath) Then
if oLastLogin <> empty then
Wscript.Echo "Add account [" & oUser.ADsPath & "] to local
administrators group."
oGroup.Add(oUser.ADsPath)
end if
End If
Next
Strangely I can't get the "lastLogin" property to read for every account on
my Windows 10 Technical Preview test machine. :^0
I blame the Windows Product Group.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Burke, John
Sent: Friday, December 5, 2014 7:31 AM
To: scripting@lists.myITforum.com
Subject: [scripting] Odd script request - something I can push via sccm that
will add all the user profiles that logged in to local admin
Importance: High
I have a script that is working but the delimitation is mucking it up. It
works if you have just your domain\userid in the profile list in registry.
But if you have domain\userdid.domain it bombs because of the ..
Wondering if anyone would be able to look at it and see a simle change i can
make to make it work properly (or maybe there is a better way to do it. Even
if i had something that i could run on a standard user, that would add the
currently logged in user to local admin via sccm that would wrok too).
**** it's pretty small script ****
On Error Resume Next
Const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set objRegistry=GetObject("winmgmts:\\" & _
strComputer & "\root\default:StdRegProv")
strKeyPath = "SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"
objRegistry.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubkeys
For Each objSubkey In arrSubkeys
strValueName = "ProfileImagePath"
strSubPath = strKeyPath & "\" & objSubkey
objRegistry.GetExpandedStringValue
HKEY_LOCAL_MACHINE,strSubPath,strValueName,strValue
profilearray = Split(strvalue,"\")
For Each x In profilearray
UserID=x
Next
Set objLocalAdminGroup = GetObject("WinNT://" & strComputer &
"/Administrators")
objLocalAdminGroup.Add("WinNT://domain1/" & UserID)
objLocalAdminGroup.Add("WinNT://domain2/" & UserID)
Next
