none
Powershell: add multiple users to remote remote desktop users group RRS feed

  • Question

  • Hi,

    I'd like to add multiple users to remote remote desktop users group (not a group).

    Please advise, this doesn't work whereas net localgroup "Remote Desktop Users" /add domain\user1 domain\user2 works fine:

    $users = "domain\user1 domain\user2"
    $usergroup = "Remote Desktop Users"
    $computername = computername
    Invoke-Command -ComputerName $computername -ScriptBlock {  net localgroup $using:usergroup /add $using:users } -Verbose
    


    Jan Hoedt

    Monday, August 17, 2015 2:55 PM

Answers

All replies

  • Monday, August 17, 2015 3:13 PM
  • What 's the difference?
    $using
    is the Powershell 3 version of -argumentlist. I don't see what that would make a difference.

    Jan Hoedt

    Monday, August 17, 2015 4:00 PM
  • Have you bothered trying it? I can't test here, so you'll have to do some heavy lifting yourself.

    Also, post your error.


    Monday, August 17, 2015 4:06 PM
  • Why do this in a script when you can configure in group policy?

    -- Bill Stewart [Bill_Stewart]

    Monday, August 17, 2015 4:13 PM
    Moderator
  • Because users added to those remote desktop group vary all the time (test system for approving software, different people will test).

    Jan Hoedt

    Tuesday, August 18, 2015 9:17 AM
  • I did test and it didn't work with $using, since $using is the powershell 3.0 version of -argumentlist I don't see a reason why that would work. I'll post the output later.

    Jan Hoedt

    Tuesday, August 18, 2015 9:19 AM
  • Output was ($using)

    The syntax of this command is:
        + CategoryInfo          : NotSpecified: (The syntax of this command is::String) [], RemoteException
        + FullyQualifiedErrorId : NativeCommandError
        + PSComputerName        : computername

    NotSpecified: (:) [], RemoteException
    NET LOCALGROUP
    [groupname [/COMMENT:"text"]] [/DOMAIN]
                  groupname {/ADD [/COMMENT:"text"] | /DELETE}  [/DOMAIN]
                  groupname name [...] {/ADD | /DELETE} [/DOMAIN]

     

    Jan Hoedt

    Tuesday, August 18, 2015 9:38 AM
  • There is a remote local account management module which will do this and other things.  You should use that.

    https://gallery.technet.microsoft.com/scriptcenter/Local-Account-Management-a777191b


    \_(ツ)_/

    • Marked as answer by janhoedt Wednesday, August 19, 2015 1:28 PM
    Tuesday, August 18, 2015 10:24 AM
  • Because users added to those remote desktop group vary all the time (test system for approving software, different people will test).

    Create an AD group. Add the AD group to the local group in Group Policy. Then change the AD group when you need different people to test. No need to remotely connect to that computer and make local group changes.


    -- Bill Stewart [Bill_Stewart]

    Tuesday, August 18, 2015 12:58 PM
    Moderator
  • if you must do it without using GPOs you could also do this:

    
    $user = "username"
    $computer= "servername"
    $objOu = [ADSI]"WinNT://$computer"
    $objGroup = [ADSI]"WinNT://$computer/Remote Desktop Users,group"
    $objGroup.add("WinNT://$user,User")
    and then use the .remove method when they're done


    • Edited by -Nick Wednesday, August 19, 2015 3:16 PM
    Wednesday, August 19, 2015 3:14 PM
  • Thanks, but the goal is to have everything in variables.
    So adding user straight in there  looks messy to me.


    Jan Hoedt

    User should be $user = "user1 user2 user3"
    Group should be $Usergroup = "Remote Desktop Users"

    • Edited by janhoedt Thursday, August 20, 2015 9:35 AM Update
    Thursday, August 20, 2015 9:34 AM
  • The least "messy" is to use a GPO and an AD group. You don't even need a script.

    -- Bill Stewart [Bill_Stewart]

    Thursday, August 20, 2015 2:07 PM
    Moderator
  • understand it's a little messy, but the idea of this forum is to provide ideas and help, not provide a perfect working script for free.  Anyhow if you want multiple server and user handling maybe something like this: you could also take the time to manually type in the servers and users if you want.. commented variables below

    $servers = get-content c:\servers.txt
    
    #$servers = "server1","server2","server3","etc"
    $users = get-content c:\users.txt
    
    #$users = "user1","user2","user3","etc"
    
    $group = "Remote Desktop Users" #this seems silly since it's a static
    
    #group defined per server in the foreach loop below... 
    
    foreach ($server in $servers) 
       {$objOU = [ADSI]"WinNT://$server"
        $objGroup = [ADSI]"WinNT://$server/$group,group"
        foreach ($user in $users)
            {$objGroup.Add("WinNT://$user,user)}
    
       }
    
    

    add error handling, help info etc. may need to troubleshoot those nested quotes in groups with spaces.
    • Edited by -Nick Thursday, August 20, 2015 3:26 PM
    Thursday, August 20, 2015 3:23 PM
  • Add-LocalGroupMember -Group 'Remote Desktop Users' -Member 'domain\username'

    Got to run as administrator then work in multiple users in script block or loop


    • Edited by William1x Wednesday, October 2, 2019 9:22 PM
    Wednesday, October 2, 2019 9:21 PM
  • Add-LocalGroupMember -Group 'Remote Desktop Users' -Member 'domain\username'

    Got to run as administrator then work in multiple users in script block or loop


    The request was to do this remotely.  This is how,

    $sb = {
    	$members = 'domain\user01','domain\user02','domain\user04'
    	Add-LocalGroupMember -Group 'Remote Desktop Users' -Member $members
    }
    Invoke-Command -ScriptBlock $sb -Computername remotepc01,remotepc02,remotepc03 
    No loops required.


    \_(ツ)_/


    • Edited by jrv Wednesday, October 2, 2019 9:34 PM
    Wednesday, October 2, 2019 9:34 PM