Guy’s Scripting Ezine 112 – Adding Users to Local Administrators’ Group

Guy’s Scripting Ezine 112 – Adding Users to Local Administrators’ Group

Amendment with a reminder to change strComputer = "Shorthorn"

 ♣

This Week’s Secret

This week I am returning to VBScript, but first a quick review of the PowerShell ezines.  I don’t know what to make of readers’ responses to PowerShell, from my position a record number of people (1655) clicked on the download link, but only a handful sent me any comments about this new scripting language.  My conclusion is that people are too busy for proper testing yet.  Meanwhile, I stand by my three assertions

1) That PowerShell is useful here and now, especially for WMI.

2) Eventually PowerShell cmdlets will become the natural way to configure Windows Servers.

3) Above all PowerShell is not difficult to learn; you get maximum reward for minimum effort.

This Week’s Mission Adding a user to the Local Administrator’s account

I suggest that there are two ways that you can benefit from this week’s examples.  Firstly, learn how to project manage the task of adding a list of users to the Administrators group.  Secondly, acquire useful commands that you can apply to other scripts, for example, GetObject("WinNT://"xyz), Loop Until objTextFile.AtEndOfLine = true.

I never tire of stressing the need to breakdown VBScript project into manageable phases.  For This Week’s Mission, our first task is to add a user to the Local Administrators group on a standalone server or workstation.  The key difference from adding users to domain accounts is starting with GetObject("WinNT://computername/groupname") and not GetObject("LDAP://RootDSE")

Once we have the core script, which adds one user to the Administrator’s group in the SAM database, we need to open, then read a list of usernames from a text file.  Not a trivial task as in addition to mastering FSO, we must select CONST For Reading = 1 and not CONST For Writing = 2.

As soon as we have obtained the data (user names), we need to build a loop which cycles through the instructions using a variable to hold the name of each user. I chose the simple but elegant ‘Do… Loop Until’ construction.

Phase 1 – Adding a user to the Local Administrator’s account

The point of this scriplet is that it adds users to a SAM database on a standalone machine.  One use that springs to mind would be creating accounts ready for adding to a SQL server database.

Pre-requisites

You need a standalone server or to be logged on to an XP machine with a local account.  For once, Active Directory is a liability.

Important: As a pre-requisite you need to create a User Account for the name in strPeople.  Later you need to create more User accounts for the names in your textfile.  Normally you would use a script to create these SAM accounts, but to reduce complexity I have not included that step.

More a suggestion than a pre-requisite, do get yourself a good script editor such as OnScript.  If time means money and you want to avoid frustration at least try the free version of OnScript.

Instructions for Adding a user to the Local Administrator’s account.

  1. N.B. Change strComputer="Shorthorn" to the name of your machine.  Incidentally, I found that "." did not work for me.

  2. Copy and paste the example script below into notepad or use a VBScript editor. E.g. OnScript.

  3. Save the file with a .vbs extension, for example: NewAdmin.vbs 

  4. Double click NewAdmin.vbs, the check Control Panel, Users for the change in account membership.

strComputer = "Shorthorn"
strPeople ="Guido"
Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")
Set objUser = GetObject("WinNT://" & strPeople)

Learning Points

Note 1: The word that leaps out at me from this script is ‘WinNT’.  Normally I despise WinNT preferring LDAP, but when scripting for a SAM database rather than Active Directory we absolutely require GetObject(Winnt://…)

Guy Recommends:  SolarWinds’ Free Bulk Import ToolFree Download Solarwinds Bulk Import Tool

Import users from a spreadsheet.  Just provide a list of the users with their fields in the top row, and save as .csv file.  Then launch this FREE utility and match your fields with AD’s attributes, click and import the users.

Optionally, you can provide the name of the OU where the new accounts will be born. Download your FREE bulk import tool.

If you need more comprehensive software, download a free trial of SAM (Server & Application Monitor)

Phase 2 – Opening, then reading the text file

The Phase 2 script merely opens the text files and echoes one name to the screen.  This fits with my master plan of building a script in stages.

Note: There is pre-requisite to edit the path in strFile = "\\grand\Scripts\MPeople.txt"; switch to a local drive and folder if you prefer.  Naturally to add a few names to MPeople.txt

‘ OpenRead.vbs
‘ Sample VBScript to Open and read to a file.
‘ Author Guy Thomas https://computerperformance.co.uk/
‘ Version 2.2 – May 2006
‘ —————————————————————‘
Option Explicit
Dim objFSO, objShell, objTextFile, objFile, objGroup, objUser
Dim strDirectory, strFile, strText, strPeople, strComputer
strFile = "\\grand\Scripts\MPeople.txt"

‘ Create the File System Object to read text
Set objFSO = CreateObject("Scripting.FileSystemObject")
‘ OpenTextFile Method needs a Const value
‘ ForAppending = 8 ForReading = 1, ForWriting = 2
Const ForReading = 1
Set objTextFile = objFSO.OpenTextFile _
(strFile, ForReading, True)
strPeople = objTextFile.ReadLine
Wscript.Echo strPeople

objTextFile.Close

WScript.Quit
‘ End of VBScript

Learning Points

Note 1: The file we are reading (strFile) is stored on a UNC path, this makes it easier to run the script from several machines on your network.

Note 2: Observe how we create a file system object to handle the text:
Set objFSO = CreateObject("Scripting.FileSystemObject").  Alternatively we could have worked from a spreadsheet, but not all member servers will have Excel installed, thus a text file is more versatile.

Note 3: All these FSO constructions need a CONST statement, in this instance For Reading =1.

Note 4: This script is designed solely to echo the first name in the file.  Phase 3 covers both looping through all the names in the file and adding these names to the Local Administrator’s group.

Phase 3 – Complete Script (Adding the Loop)

Finally we bolt all the parts together and persuade the script to cycle through each username in the text file. One way of looking at the Do… Loop Until, is that the ‘Do’ is the header and Loop Until is the footer or end of the command block.

Important: 17 people have failed to get the script working because they ignored at least one of these notes.

Note 1: It’s not possible to test this machine on Doman Controller, you need a standalone machine.
Note 2: The usernames in strFile must exist on the test machine.  To keep the script as simple as possible I have not included a create user in the script.
Note 3:  Change strComputer="Shorthorn" to the name of your machine.  Line 22 – another use for a script editor such as OnScript.

‘ AddUsersAdmin.vbs
‘ Add users in a text file to Local Administrators group
‘ Author Guy Thomas https://computerperformance.co.uk/
‘ Version 3.3 – May 2006
‘ —————————————————————‘
Option Explicit
Dim objFSO, objShell, objTextFile, objFile, objGroup, objUser
Dim strDirectory, strFile, strText, strPeople, strComputer
strFile = "\\grand\Scripts\MPeople.txt"

‘ Create the File System Object to read text
Set objFSO = CreateObject("Scripting.FileSystemObject")
‘ OpenTextFile Method needs a Const value
‘ ForAppending = 8 ForReading = 1, ForWriting = 2
Const ForReading = 1
Set objTextFile = objFSO.OpenTextFile _
(strFile, ForReading, True)

‘ Start the Do …. Loop Until
Do
strPeople = objTextFile.ReadLine
strComputer = "Shorthorn"
Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")
Set objUser = GetObject("WinNT://" & strPeople)
objGroup.Add(objUser.ADsPath)

Loop Until objTextFile.AtEndOfLine = true
‘ Loop ends, tidy up the text file.
objTextFile.Close
WScript.Quit
‘ End of VBScript

Learning Points

Note 1: The purpose of this script is to bring together the two previous scripts and also add: ‘Do… Loop until’.  As a result the script cycles through each line of the file adding the names to the Local Administrators group.  Mission accomplished.

Guy Recommends: Tools4ever’s UMRAUMRA The User Management Resource Administrator

Tired of writing scripts? The User Management Resource Administrator solution by Tools4ever offers an alternative to time-consuming manual processes.

It features 100% auto provisioning, Helpdesk Delegation, Connectors to more than 130 systems/applications, Workflow Management, Self Service and many other benefits. Click on the link for more information onUMRA.

Summary of Groups and Loops

This week it’s back to VBScript.  My examples satisfy the two goals; firstly, to show you how to break down the task of adding a list of users to the Local Administrators group.  Secondly, to collect techniques that you can reuse in other scripts.  For example GetObject(WinNT://..), Const ForReading = 1 and Loop Until objTextFile.AtEndOfLine = true.

See More Active Directory Group VBScripts

• User Spreadsheet  • Add User to Group  • Create User  • Free Solarwinds Permissions Monitor

Ezine 57 Groups  •Ezine 58 Groups  • Ezine 73 primaryID  • Ezine 112 Local Groups

Ezine 113 Multiple Groups  • Ezine 115 Map Groups  •Ezine 138 Groups Join  • Ezines