Join to Domain, adding deligated group to local admin group via scripting
-
Friday, January 11, 2013 3:56 AM
Hello
I have created a gold image for windows 7 ent which will install on variaty of pcs and laptops we have at work.
I'm looking for a script to do 2 things on the image;
1- join the pc to the domain ( the computer name will be entered during the imaging process )
2- add a deligated admin group like wksadmin to the local administrator group on the pc.
I know that I can join the pc to the domain via the answer file or add a group to the local admin group via the GP, but due the reasons bellow I can't do either one.
a- if I use answer file I have to specify a username and it's password in the answer file , which for security reason i rather not to that and also our password policy requiers to change the password every 30 days , therefore I have change the password in answer file every 30 days.
b- our administrator doesn't want to add the wksadmin group via the GP.
so, my only option is to come up with a script to join the computers to the domain and also add the wksadmin group to local admin with dynamic username and password, so every tech can easily do both tasks by simply using their username and password.
any idea?
Thanks
All Replies
-
Friday, January 11, 2013 5:42 AM
Hello
I have created a gold image for windows 7 ent which will install on variaty of pcs and laptops we have at work.
I'm looking for a script to do 2 things on the image;
1- join the pc to the domain ( the computer name will be entered during the imaging process )
2- add a deligated admin group like wksadmin to the local administrator group on the pc.
I know that I can join the pc to the domain via the answer file or add a group to the local admin group via the GP, but due the reasons bellow I can't do either one.
a- if I use answer file I have to specify a username and it's password in the answer file , which for security reason i rather not to that and also our password policy requiers to change the password every 30 days , therefore I have change the password in answer file every 30 days.
b- our administrator doesn't want to add the wksadmin group via the GP.
so, my only option is to come up with a script to join the computers to the domain and also add the wksadmin group to local admin with dynamic username and password, so every tech can easily do both tasks by simply using their username and password.
any idea?
Thanks
You have decided to do the impossible. Good luck. Always start a project by creating a set of rules that make the project impossible then ask someone else how to do it.
Use MDT as it can solve all of these problems.
¯\_(ツ)_/¯
-
Friday, January 11, 2013 6:12 PM
Hello JRV
I have also used MDT, and just so you know it's is possible to do both with MDT.
as you may know MDT is all about scripting
if MDT can do it both tasks via it's scripts, I should be able to do it on my ghost image too.
so it is possible.
Thanks
-
Friday, January 11, 2013 6:14 PM
Hello JRV
I have also used MDT, and just so you know it's is possible to do both with MDT.
as you may know MDT is all about scripting
if MDT can do it both tasks via it's scripts, I should be able to do it on my ghost image too.
so it is possible.
Thanks
-
Friday, January 11, 2013 6:48 PM
I found this powershell script that joins the pc to domain by asking for the password, which can be changed so it will ask for the user too.
all I need to know is if I could put the user name and password into variables and use them for adding a domain group into a local administrator group on a pc.
Ps c:\> add-computer -domainname test.local -cred test.local\ _passthru -OUPath "OU=computers, DC=test,
DC=local"Thanks
- Edited by Saeidans Friday, January 11, 2013 6:49 PM
-
Friday, January 11, 2013 6:50 PM
I found this powershell script that joins the pc to domain by asking for the password, which can be changed so it will ask for the user too.
all I need to know is if I could put the user name and password into a variable and use them for add a domain group into a local administrator group on a pc.
Ps c:\> add-computer -domainname test.local -cred test.local\ _passthru -OUPath "OU=computers, DC=test,
DC=local"Thanks
There are scripts to do this in the repository¯\_(ツ)_/¯
-
Monday, January 14, 2013 5:36 PM
this is interesting that I post the answer to my question;
here is what I did.
Works like a charm.
@echo off
powershell Add-computer -DomainName "test.local" -credential test\Echo Adding the Group WKSADMIN to local Administration Group
@echo off
net localgroup administrators "test\wksadmin" /add- Marked As Answer by Saeidans Monday, January 14, 2013 5:37 PM
.png)
