Navigation-Menus (Do Not Edit Here!)

Friday, November 18, 2011

Create local administrator account using Group pol...

Domain Trust relationship failures, it may be a virus making it impossible to login using domain are bound to run in to scenario's like this while managing a AD will have to login to a local administrator account on the client pc and re join the domain or do what ever the necessary troubleshooting procedures. in some cases you don't have local admin passwords on some pc's. so this will be a life saver cause i my self had the unfortunate incident where i had to guide a user to reset the local admin password of a pc over the phone using hiren bootcd.

its very simple actually. use this VB script file, modify it accordingly and add it as a computer start up script via Group policy.

this script first queary for the user name you have specified in the script on the local pc, if it doesn't exist it will create it as an member of the local administrator group. if the user name already exist it will change the password to the one specified.

'this section creates the new user called localsupport if it doesn't existDim AdminPassword
AdminPassword = "password"

                Set objNetwork = CreateObject("Wscript.Network")
                strComputer = objNetwork.ComputerName
                Set objComputer = GetObject("WinNT://" &strComputer)

                Set colAccounts = GetObject("WinNT://" & strComputer & "")
                Set objUser = colAccounts.Create("user", "localsupport")
                objUser.SetPassword AdminPassword
                objUser.Put "UserFlags", 65600 '

'add to administrators group
                Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators,group")
                Set objUser = GetObject("WinNT://" & strComputer & "/localsupport,user")

           'msgbox "user was created"

'this section just changes the password if the user exists

 Sub QueryForUser(strlocalsupport)
    Set objlocal = GetObject("WinNT://.")
    objlocal.Filter = Array("user")
    For Each User In objlocal
        If lcase(User.Name) = lcase(strlocalsupport) Then

                strComputer = "."
                Set objUser = GetObject("WinNT://" & strComputer & "/localsupport, user")
                objUser.SetPassword AdminPassword

            'msgbox User.Name & " already exists." & vbCrLf & "The password was re-set."
        End If   
 End Sub


to change the password modify the password within the quotes (marked in red), in the following code section. this also allows you to easily change the password in case you have to give the password to a end user.

Dim AdminPassword
AdminPassword = "password"


hope this helps someone, cause this saved my ass so many time. :P

No comments:

Post a Comment