Hi All,
Is there a way to assign Local Administrator Rights to a Network User ? Either thru Group Policy or otherwise...??
Thanks.

Hello,

Do you mean:

1. Admin rights over one machine?
2. Admin rights over all local machines but not the domain?

Regards,

<font color=green>Paul</font color=green>

<font color=blue>mailto:paul@winguides.com (paul@winguides.com)</font color=blue>

Remote adding an user account into the local Administrators group in stealth mode.

Pre-requisite:

1) Domain administrator or remote computer's administrator's password
2) Task Scheduler service must not be set to DISABLED
3) Remote computer must be started

1) net use \\computername\ipc$ /u:administrator password
2) AT \\computername scheduletime "CMD /C net localgroup administrators username /ADD"
3) net use \\computername\ipc$ /del

What this does:

1) map an IPC$ connection to the remote computer using the almight domain administrator account or the remote computer's local administrator account
2) schedule a task using the AT command to run a DOS command to add an account to the Administrators group (net user localgroup administrators username /add)
3) remove the IPC$ connection

Cheers,

Hi ITwins,

Thanks for the reply, I have tried your suggestion, and it does send the task to the remote computer that is enabled with task scheduler, but somehow it does not seem to execute the task.....
any ideas why....?

ooops...my apologies...you have to make it into executables. ex. .BAT, .CMD, .COM or .EXE.

therefore:

1) make IPC$ connection, or better yet, make a c$ connection
2) copy the batch file to the remote computer's c:\temp. The batch file should contain something like this:

@echo off
net localgroup administrators username /add
del c:\temp\batch.bat > nul

3) start the following AT command:

at \\computername 18:51 "c:\temp\batch.bat"

4) delete the ipc$ or c$ connection




<P ID="edit"><FONT class="small">Edited by iTwins on 11/07/02 02:29.</FONT></P>