|
Hello Jaap, I am trying to run the script but got this error: PS C:\Users\aarwf\documents> ".\Set-ADAccoun tasLocalAdminis trator.ps1" -Computer CNc.nih.gov -Trustee NIH\irtsecurefu sion At line:1 char:43 + ".\Set-ADAccoun tasLocalAdminis trator.ps1" -Computer CNc.nih.gov -Trustee NIH\irt ... + ~~~~~~~~~ Unexpected token '-Computer' in expression or statement. At line:1 char:53 + ".\Set-ADAccoun tasLocalAdminis trator.ps1" -Computer CNc.nih.gov -Trustee NIH\irt ... + ~~~~~~~~~~~ Unexpected token 'CNc.nih.gov' in expression or statement. + CategoryInfo : ParserError: (:) [], ParentContainsE rrorRecordExcep tion + FullyQualifiedE rrorId : UnexpectedToken Can you please help? thanks Ron
Ran your script and got: PS C:\Users\vision\Desktop> .\Set-ADAccount asLocalAdminist rator.ps1 -Trustee vision C:\Users\vision \Desktop\Set-AD AccountasLocalA dministrator.ps 1 : Parameter set cannot be resolved using the specified named parameters. At line:1 char:1 + .\Set-ADAccount asLocalAdminist rator.ps1 -Trustee vision + ~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~ ~~~~~~~~~~ + CategoryInfo : InvalidArgument : (:) [Set-ADAccounta sLocalAdministr ator.ps1], ParameterBindin gException + FullyQualifiedE rrorId : AmbiguousParame terSet,Set-ADAc countasLocalAdm inistrator.ps1
Hi Jaap, May I know the port requirements for running this script? Lets say the local and target machines are on different subnets with a physical firewall in between? Many thanks.
Hi Jaap, Your script to add users to the Local Admin group worked great. How would I go about changing it to Remove Users from Local Admin group?
Hi There Jaap, Here is my situation. Hope you can help me. I have a file that has the MAC addresses, Computernames and AD usernames. Once the laptop has joined the domain I would like to run this script where it checks the above text/csv file and adds the corresponding user (based on the computername) to the local admins group on the laptop. Hope this makes sense. Would love it if you can help out. Cheers Dan
Sure that seems relatively simple, what you can do is the following assuming you have a csv file with columns named computername and username, if not change it accordingly: Import-Csv -Path InputForLocalAdmins.csv | ForEach-Object { .\Set-ADAccount asLocalAdminist rator.ps1 -Computer $_.computername -Trustee $_.username }
Sorry Jaap, Does that mean I put in the above code at the top of the script file and then run it? Cheers Dan
Assuming you are in the same folder as the script you can just run the code. If you are not in the same folder you should enter the complete path of the Set-ADAccountasLocalAdministra tor script.
Hi Jaap, Thanks very much for your help. Unfortunately powershell scripts have been disabled on the computers. I dont know if its a GP or something else like me not enabling PS1. Either way I was wondering if you can convert it to VBScript. I know they work. So that I can still use a csv file to import the data. Thanks heaps mate. Dan
Assuming you have domain administrative credentials you could create an OU that has policy inheritance blocked and place the computer object of your management server in there. This will allow you to execute the script. You could also check if the PowerShell execution policy is set to the correct level, verify this by typing the following: Get-ExecutionPolicy Set-ExecutionPo licy Unrestricted -Force Although it is possible to do this in vbscript I would advise getting PowerShell up and running in your environment as it is an order of magnitude more useful in a corporate environment.
Hi Jaap, Great got. Powershell working yeah!!! Thanks mate "Set-ExecutionPolicy Unrestricted -Force" Now I come across another problem. When I run it, it sits and tries to add the usernames to their corresponding computers in the csv file around the network. Is there a way to only detect the local computerName and add the relavant userName to this current computer. Thanks Jaap Dan
Yes you could, depending on the list of user names you would like to add to the local computer you could do something along these lines: Import-Csv -Path InputForLocalAdmins.csv | ForEach-Object { .\Set-ADAccount asLocalAdminist rator.ps1 -Computer $env:computerna me -Trustee $_.username } This will add all usernames listed in the csv file to the current computer. I am using the environment variable computername to determine the local computer name. Is that what you meant?
Sorry Jaap, That's not what I require. If for instance there are 100 laptops and 100 users. I would like each of the laptops to have it's corresponding user as the local administrator. I might only issue 1 or 2 laptops each month and will not know the username of the next user that will have the next laptop. The reaon why I want the names there is that when I re-image(Ghost) the laptop, the user details for that particular laptop will be retireved from the .csv file. So I dont want the script to add the all user details to all the laptops at one run, but at different runs when needed. computername username Laptop001 User1 Laptop002 User2 Laptop003 User3 Laptop004 User4 Laptop005 User5 Hope this makes sense. Thank you so much Regards
Yes that makes sense, then you can change the code to look like this: Import-Csv -Path InputForLocalAdmins.csv | ForEach-Object { .\Set-ADAccount asLocalAdminist rator.ps1 -Computer $_.computername -Trustee $_.username } How does that work for you?
Hi Japp! I'm trying to do that with a CSV file 20 laptops and 20 different users but when I run the script, I can read "Please Input Trustee" and then "Please Imput computer name" and regarding your explanation, I understand that the proccess has to be automatic. That's correct? so I don't understand where is failing. CSV is so Computername Username Computer1 8146 Computer1 7023 Computer1 7472 Computer1 c2357 Computer1 c301a Computer1 c243o Computer1 c301d Computer1 c3553 Computer1 c327f Computer1 c343c Thanks!
Good afternoon, I'm new in the management of scripts, and I would do this test with your script that looks sensational. Well, how do I run it in a GPO? and what parameters should I put in the file to make it work? Thanks and I await response.
I have a situation where i need to re add a domain administrative account to the local administrators group on a remote computer where i know the local admin account credentials, can i accomplish this using your script
They are typo mistakes in your script description The script name should "Set-ADAccountasLocalAdministr ator.ps1", not "Get-Set-ADAcco untasLocalAdmin istrator.ps1.ps 1". They are also located in this page and the content of the script description.
Hi Jaap- I would like to know how to add the helpdesk domain user to the local admin security group on my domain? I get the following error. The term 'Get-Set-ADAccountasLocalAdmin istrator.ps1.ps 1' is not recognized as the name of a cmdlet, function, script fi le, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:1 char:46 + Get-Set-ADAccou ntasLocalAdmini strator.ps1.ps1 <<<< -Computer hyvjvm1 -Trustee progenics\helpd esk + CategoryInfo : ObjectNotFound: (Get-Set-ADAcco u...strator.ps1 .ps1:String) [], CommandNotFound Exception + FullyQualifiedE rrorId : CommandNotFound Exception
Because it is a typo mistake in his script The script name should "Set-ADAccountasLocalAdministr ator.ps1", not "Get-Set-ADAcco untasLocalAdmin istrator.ps1.ps 1"
This script ROCKS. Saved me so much time. Any chance we can get one for REMOVING user/group?