MSFN Forum: Add domain user to Administrator group of this PC - MSFN Forum

Jump to content



Unattended CD/DVD Guide Homepage · MSFN Forum Rules
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Add domain user to Administrator group of this PC Rate Topic: -----

#1 User is offline   Grenky 

  • Group: Members
  • Posts: 6
  • Joined: 27-January 05

Posted 01 February 2005 - 03:45 AM

If .sif is arranged like this:
........
[Identification]
    JoinDomain=domainname
    DomainAdmin=Administrator
    DomainAdminPassword=xxxxxxx
........

then after the Windows installation we can see the following:
Posted Image
so when entering, we have to select domain enter and use domain name & password. Let’s assume user was created – he is not an administrator of the computer so far, hence is not allowed to install software… RunOnceEx.cmd tries in vain.

Question:
How to add user (selected) into the group “administrators” of the computer prior to entering the system.

sorry fo my Eng.

#2 User is offline   andrewpayne 

  • XP/2003/Vista & Exchange Server
  • PipPip
  • Group: Members
  • Posts: 201
  • Joined: 29-August 03

Posted 01 February 2005 - 04:12 AM

Hi Grenky

the command used is 
net localgroup Administrators /add "DOMAIN\username"


where DOMAIN is your Domain Name and username is the Domain User

this needs to be inserted into your cmdlines or other batch file before runonceex.cmd is run and will then enable this user to be a local admin from the word go.

hope this helps!

#3 User is offline   Grenky 

  • Group: Members
  • Posts: 6
  • Joined: 27-January 05

Posted 01 February 2005 - 06:21 PM

It must run at T-12. But at T-12 "cmd" run as SYSTEM AUTHORITY (not Domain Administrator)
So, I have'nt right to add Domain Users to localgroup Administrators.

And I want select User from Domain Users List.

#4 User is offline   andrewpayne 

  • XP/2003/Vista & Exchange Server
  • PipPip
  • Group: Members
  • Posts: 201
  • Joined: 29-August 03

Posted 02 February 2005 - 01:53 AM

You want to select a domain user during the installation?

You will need to modify the Group Policy for your OU in AD to include a startup script to run the above command I mentioned - however insert the name of a group rather than user (eg LOCALADMIN) and add all domain users who require local administrator rights to this group.

By default - Domain Users are Power Users not Local Admin - as I know you are aware.

I had a similar problem with ensuring control over Local Administrators and the Startup Script appled to Computer using GP in OU was my method of overcoming this.

However - Unattended Installations should be automated and require little if any interaction. So personally I would setup the installation using the default Administrator account with auto logon etc - and keep the selection of domain users to become local admins as a 'post installation' - done by Group Policy for your AD.

This would be much easier and far more efficient to manage.

Just my thoughts... ;)

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users



All trademarks mentioned on this page are the property of their respective owners
Copyright © 2001 - 2011 msfn.org
Privacy Policy