Due to the fact I'm not fully utilizing the MDT integration nonetheless and i am over a crunch to automate the local admin group I created a deal that contains the VBS as well as a BAT to run the VBS.
Stack Exchange community contains 174 Q&A communities like Stack Overflow, the largest, most trusted on line Neighborhood for developers to find out, share their awareness, and Make their Occupations. Visit Stack Trade
I do precisely the same thing but I hold the users that must be local admins within an Advert Group. Then I 'run command line' working with this: Internet localgroup administrators "DOMAINGROUP" /incorporate
We've got some devices that need to have to acquire their users added as a local administrator to them. I'm considering I'm able to do this having a sure bet sequence and command line utilizing the following...
Unsure That which you're basing that on but it isn't suitable. Restricted Groups can be employed to simply increase one principal into a local group precisely as Gerry outlined without destruction. This continues to be Component of Restricted Group features given that Server 2000 SP2 (I do think).
The offer appears for being managing devoid of faults during OSD, but when I login to the computer the DomainUser isn't really shown from the Administrators group. Any Thoughts I could try to look at? Do I have to F8 more info in the course of OSD and evaluate smsts.log?
That’s high-quality, but then the issue is In which you can do these actions. A local administrator has a special set of objects they can affect when compared with a Domain Administrator. This is their scope (local or domain). In ConfigMgr you grant a user a scope to determine check here what objects from the hierarchy the user is permitted to workout their actions in opposition to.
Flair is reserved for Microsoft workers and MVPs. Please mail mod mail when you qualify and would really like flair established on your account.
So I switched my thought method to PowerShell. I don’t recognize that I'll ever go back. I'd a Doing the job script in most likely 10 minutes. I then modified it and gave it some superior logic, but even that went quickly.
If you'd like to operate this with also creating a new local user, make sure that you've this action once the create local user stage or it's going to fall short.
user195296 1114 add a remark
Because the SCCM is a lot more than probable functioning with community admin qualifications during imaging, I wouldn't see a cause that Internet creds would want provided. Just swap the C:Home windowsfilename.txt route which has a UNC of your selecting.
For some of you this is likely to be plenty of for the “lite bulb to go on,” but in case you weren’t so lucky, Listed here are the methods try to be getting to build this user Within this scenario:
What I'm hoping is one of it is possible to support me to combine the two so Every single equipment crafted will retain a singular username password and the method will keep on being automated.