The Realm of the Verbal Processor

Jarvis's Ramblings

Add domain user to local administrators group

As part of the SCCM system that I am implementing, I am trying to streamline and automate as many functions as possible. I currently have an SCCM Task Sequence set up that can run a complete computer install (partition disk, format, install Vista, apply device drivers, install programs, install updates, etc) with no administrative input. One aspect that I am not able to automate is adding the domain user to the local administrators group on the workstation. I don’t want to use Group Policy to add a group…I don’t want everyone to be an admin on all workstations. I want to limit it to just the user being an admin of their single computer.

I had hunted for a way to do this in as fast a way as possible, which rules out using the GUI…it needs to be scripted. I tried it in VBscript, but simply could not get it to successfully add a user who was in a sub-domain. It would work for the top domain, but not for the sub-domain.

So I switched my thought process to PowerShell. I don’t know that I will ever go back. I had a working script in probably ten minutes. I then modified it and gave it some better logic, but even that went quickly. Honestly, the part that took the longest was learning the syntax for PowerShell. The script is below. You can also download it here. (PDF…my hosting provider doesn’t allow script or txt file uploads.)

###################################################################
# Name:            Add2Admin.ps1
# Author:        Jarvis Davis
# Company:        Campus Crusade for Christ
# Creation Date:    April 2, 2008
#
# Purpose:        To quickly and easily add/remove a domain user to/from
#            the local administrators group on a computer
#
# Inputs:        It accepts the first four strings after the script name
#            and puts them into variables Continue reading

April 8, 2008 Posted by | ConfigMgr, tech | , | Leave a comment

   

%d bloggers like this: