I'm trying to add a domain user account to the local admin
group on my workstations. I've tried using the cusrmgr
command from the resource kit, but keep getting a failure
error. Does anyone know how to use this command to
complete this task?

net localgroup administrators DOMAIN\username /add

That's what you could enter at the machine's command prompt.

Ray at work

"jh" <anonymous@discussions.microsoft.com> wrote in message
news:b23e01c3ec36$9fc7dad0$a001280a@phx.gbl...
> I'm trying to add a domain user account to the local admin
> group on my workstations. I've tried using the cusrmgr
> command from the resource kit, but keep getting a failure
> error. Does anyone know how to use this command to
> complete this task?

net localgroup administrators DOMAIN\username /add

That's what you could enter at the machine's command prompt.

Ray at work

"jh" <anonymous@discussions.microsoft.com> wrote in message
news:b23e01c3ec36$9fc7dad0$a001280a@phx.gbl...
> I'm trying to add a domain user account to the local admin
> group on my workstations. I've tried using the cusrmgr
> command from the resource kit, but keep getting a failure
> error. Does anyone know how to use this command to
> complete this task?

I used this VBScript that I included in a GPO to add the Domain Admins group
to the local admins group:

##########################################

Set oNet = CreateObject("Wscript.Network")
Set com = GetObject("WinNT://" & oNet.ComputerName)
Set LocalGroup = com.GetObject("group", "Administrators")
Set DomainGroup = GetObject("WinNT://DomainName/Domain Admins,group")
LocalGroup.Add(DomainGroup.AdsPath)
LocalGroup.SetInfo


############################################


Just subsitute "DomainName" in the 4th line with the name of your domain and
the name of the group you want....

I used this VBScript that I included in a GPO to add the Domain Admins group
to the local admins group:

##########################################

Set oNet = CreateObject("Wscript.Network")
Set com = GetObject("WinNT://" & oNet.ComputerName)
Set LocalGroup = com.GetObject("group", "Administrators")
Set DomainGroup = GetObject("WinNT://DomainName/Domain Admins,group")
LocalGroup.Add(DomainGroup.AdsPath)
LocalGroup.SetInfo


############################################


Just subsitute "DomainName" in the 4th line with the name of your domain and
the name of the group you want....

Is there not a way that I can change it remotely. So
enter the command on the server but add the domain user
account to the local admin group on a specific workstation?


>-----Original Message-----
>net localgroup administrators DOMAIN\username /add
>
>That's what you could enter at the machine's command
prompt.
>
>Ray at work
>
>"jh" <anonymous@discussions.microsoft.com> wrote in
message
>news:b23e01c3ec36$9fc7dad0$a001280a@phx.gbl...
>> I'm trying to add a domain user account to the local
admin
>> group on my workstations. I've tried using the cusrmgr
>> command from the resource kit, but keep getting a
failure
>> error. Does anyone know how to use this command to
>> complete this task?
>
>
>.
>

Is there not a way that I can change it remotely. So
enter the command on the server but add the domain user
account to the local admin group on a specific workstation?


>-----Original Message-----
>net localgroup administrators DOMAIN\username /add
>
>That's what you could enter at the machine's command
prompt.
>
>Ray at work
>
>"jh" <anonymous@discussions.microsoft.com> wrote in
message
>news:b23e01c3ec36$9fc7dad0$a001280a@phx.gbl...
>> I'm trying to add a domain user account to the local
admin
>> group on my workstations. I've tried using the cusrmgr
>> command from the resource kit, but keep getting a
failure
>> error. Does anyone know how to use this command to
>> complete this task?
>
>
>.
>

jh wrote:

> Is there not a way that I can change it remotely. So
> enter the command on the server but add the domain user
> account to the local admin group on a specific workstation?

Hi

Some command line utilities that should enable you to run "net localgroup ..."
on a remote computer:


Take a look at PsExec.exe in the free PsTools suite, found at
http://www.sysinternals.com

PsExec can even automatically copy a file over to the remote computer
before it starts it.


Another freeware program with similar merits to PsExec is Beyondexec.
http://www.beyondlogic.org/consulting/remoteprocess/BeyondExec.htm

Beyondexec also have multiple computer functionality.


--
torgeir
Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of the 1328 page
Scripting Guide: http://www.microsoft.com/technet/scriptcenter

jh wrote:

> Is there not a way that I can change it remotely. So
> enter the command on the server but add the domain user
> account to the local admin group on a specific workstation?

Hi

Some command line utilities that should enable you to run "net localgroup ..."
on a remote computer:


Take a look at PsExec.exe in the free PsTools suite, found at
http://www.sysinternals.com

PsExec can even automatically copy a file over to the remote computer
before it starts it.


Another freeware program with similar merits to PsExec is Beyondexec.
http://www.beyondlogic.org/consulting/remoteprocess/BeyondExec.htm

Beyondexec also have multiple computer functionality.


--
torgeir
Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of the 1328 page
Scripting Guide: http://www.microsoft.com/technet/scriptcenter

rcmd.exe from the Resource Kit will also work. And then there's the poor
man's method of AT'ing a task to do it.


at \\rremotemachine 14:00 net localgroup administrators domain\username /add

I'm sure that if you needed this done on demand, you could come close by
parsing the time of the remote machine from "net time" and execute the task
at the next minute.

Ray at work

"Torgeir Bakken (MVP)" <Torgeir.Bakken-spam@hydro.com> wrote in message
news:4023B88F.321DC659@hydro.com...
> jh wrote:
>
> > Is there not a way that I can change it remotely. So
> > enter the command on the server but add the domain user
> > account to the local admin group on a specific workstation?
>
> Hi
>
> Some command line utilities that should enable you to run "net localgroup
...."
> on a remote computer:
>
>
> Take a look at PsExec.exe in the free PsTools suite, found at
> http://www.sysinternals.com
>
> PsExec can even automatically copy a file over to the remote computer
> before it starts it.
>
>
> Another freeware program with similar merits to PsExec is Beyondexec.
> http://www.beyondlogic.org/consulting/remoteprocess/BeyondExec.htm
>
> Beyondexec also have multiple computer functionality.
>
>
> --
> torgeir
> Microsoft MVP Scripting and WMI, Porsgrunn Norway
> Administration scripting examples and an ONLINE version of the 1328 page
> Scripting Guide: http://www.microsoft.com/technet/scriptcenter
>
>

rcmd.exe from the Resource Kit will also work. And then there's the poor
man's method of AT'ing a task to do it.


at \\rremotemachine 14:00 net localgroup administrators domain\username /add

I'm sure that if you needed this done on demand, you could come close by
parsing the time of the remote machine from "net time" and execute the task
at the next minute.

Ray at work

"Torgeir Bakken (MVP)" <Torgeir.Bakken-spam@hydro.com> wrote in message
news:4023B88F.321DC659@hydro.com...
> jh wrote:
>
> > Is there not a way that I can change it remotely. So
> > enter the command on the server but add the domain user
> > account to the local admin group on a specific workstation?
>
> Hi
>
> Some command line utilities that should enable you to run "net localgroup
...."
> on a remote computer:
>
>
> Take a look at PsExec.exe in the free PsTools suite, found at
> http://www.sysinternals.com
>
> PsExec can even automatically copy a file over to the remote computer
> before it starts it.
>
>
> Another freeware program with similar merits to PsExec is Beyondexec.
> http://www.beyondlogic.org/consulting/remoteprocess/BeyondExec.htm
>
> Beyondexec also have multiple computer functionality.
>
>
> --
> torgeir
> Microsoft MVP Scripting and WMI, Porsgrunn Norway
> Administration scripting examples and an ONLINE version of the 1328 page
> Scripting Guide: http://www.microsoft.com/technet/scriptcenter
>
>

On Thu, 5 Feb 2004 17:36:29 -0500, "Ray at <%=sLocation%> [MVP]"
<myfirstname at lane34 dot com> wrote in
microsoft.public.win2000.cmdprompt.admin:

>net localgroup administrators DOMAIN\username /add
>
>That's what you could enter at the machine's command prompt.

Or indeed in the AD's Machine Startup script, if you want to avoid
visiting every box.

>"jh" <anonymous@discussions.microsoft.com> wrote in message
>news:b23e01c3ec36$9fc7dad0$a001280a@phx.gbl...
>> I'm trying to add a domain user account to the local admin
>> group on my workstations. I've tried using the cusrmgr
>> command from the resource kit, but keep getting a failure
>> error. Does anyone know how to use this command to
>> complete this task?

--
Michael Bednarek http://mbednarek.com/ "POST NO BILLS"

On Thu, 5 Feb 2004 17:36:29 -0500, "Ray at <%=sLocation%> [MVP]"
<myfirstname at lane34 dot com> wrote in
microsoft.public.win2000.cmdprompt.admin:

>net localgroup administrators DOMAIN\username /add
>
>That's what you could enter at the machine's command prompt.

Or indeed in the AD's Machine Startup script, if you want to avoid
visiting every box.

>"jh" <anonymous@discussions.microsoft.com> wrote in message
>news:b23e01c3ec36$9fc7dad0$a001280a@phx.gbl...
>> I'm trying to add a domain user account to the local admin
>> group on my workstations. I've tried using the cusrmgr
>> command from the resource kit, but keep getting a failure
>> error. Does anyone know how to use this command to
>> complete this task?

--
Michael Bednarek http://mbednarek.com/ "POST NO BILLS"

<mjcartier@optonline.net> wrote in message
news:%23Ql4fvL7DHA.3028@TK2MSFTNGP09.phx.gbl...
> I used this VBScript that I included in a GPO to add the Domain Admins
group
> to the local admins group:

Excellent. This also indicates that it is better to add such a domain group
to a local group than to add a domain user account, as subsequent personnel
changes can be adjusted for all workstations simply by changing the
membership of the domain group.

/Al

> ##########################################
>
> Set oNet = CreateObject("Wscript.Network")
> Set com = GetObject("WinNT://" & oNet.ComputerName)
> Set LocalGroup = com.GetObject("group", "Administrators")
> Set DomainGroup = GetObject("WinNT://DomainName/Domain Admins,group")
> LocalGroup.Add(DomainGroup.AdsPath)
> LocalGroup.SetInfo
>
>
> ############################################
>
>
> Just subsitute "DomainName" in the 4th line with the name of your domain
and
> the name of the group you want....

<mjcartier@optonline.net> wrote in message
news:%23Ql4fvL7DHA.3028@TK2MSFTNGP09.phx.gbl...
> I used this VBScript that I included in a GPO to add the Domain Admins
group
> to the local admins group:

Excellent. This also indicates that it is better to add such a domain group
to a local group than to add a domain user account, as subsequent personnel
changes can be adjusted for all workstations simply by changing the
membership of the domain group.

/Al

> ##########################################
>
> Set oNet = CreateObject("Wscript.Network")
> Set com = GetObject("WinNT://" & oNet.ComputerName)
> Set LocalGroup = com.GetObject("group", "Administrators")
> Set DomainGroup = GetObject("WinNT://DomainName/Domain Admins,group")
> LocalGroup.Add(DomainGroup.AdsPath)
> LocalGroup.SetInfo
>
>
> ############################################
>
>
> Just subsitute "DomainName" in the 4th line with the name of your domain
and
> the name of the group you want....