March 10th, 2003, 11:05 PM
Add a user to a local group on multiple systems?
I am looking for some kind of utility or method to easily add a domain user to a local group (administrator) on multiple servers. All machines involved will be running Windows NT4.0 Server, 2K Server, or 2K Adv. Server. I have Domain Admin access to both Win2K Active Directory and the old NT4.0 domain (these networks coexist and trust each other).
We have 2-300 servers and many have different administrator passwords. The idea here is to give our operations staff local admin permissions on all servers without having to go to each system individually. We will not be allowed to change any permissions for the shared operations domain account.
Anybody run into something like this before? Any help would be appreciated.
March 10th, 2003, 11:51 PM
well, for the AD domain members, you could use group policies to add groups or users to local groups of the domain members.
Otherwise, you could you might be able to script the "net localgroup" command (if you have startup scripts perhaps...)
As for commercial tools, I believe Hyena (http://www.systemtools.com/hyena/) can do what you want with both W2k and NT4...
Credit travels up, blame travels down -- The Boss
March 11th, 2003, 12:10 AM
Where's NTSA when you need him? No offence to your answer, ammo. I'm sure it would work, but NTSA has all the nifty utilites and such and he could probably dig around on his hard drive and find a solution you could just cut and paste. That man knows his Windows servers.
March 11th, 2003, 03:09 AM
The resouce kit has some utilities and samples that will let you do this. In addition you can also use something like Winbatch (www.winbatch.com) and write your own compiled scripts to manipulate user and user information.
Work... Some days it's just not worth chewing through the restraints...
March 11th, 2003, 04:51 AM
http://www.dynawell.com/support/ResKit/win2k.asp as was said before.. use the resource kit, it has some of those "nifty tools" that were hinted at before...all of which are relevant.
such as usrtogrp
Antionline in a nutshell
\"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"
Trust your Technolust
March 11th, 2003, 03:18 PM
I saw a nifty process using some tools from the resource kit on the M$ website. The problem is my boss (the NT Security Admin) is lazy. He wants to be able to do this with a GUI and not with batch files. I think he is afraid of the command line. Basically he is a point and click kind of guy.
I googled the hell out of this but cant find an app that will do this. We use Hyena but I dont think it will do this automatically. I will look into it though.
Thanks for the input
I checked and it looks like I can do this with Hyena. Thanks a lot AMMO!