30 November 2013

Home » » Adding a User to the Local Administrators Group with Verification

Adding a User to the Local Administrators Group with Verification

  Saturday, November 30, 2013    No comments
This script will add a user to the local administrators group. It will also verify if the user is added and write both a registry key for the add/remove programs and a key for the WMI entry so that it will appear in a WMI query. There were already scripts out there to do this function, but I wrote this one for our SCCM build so that there is a verification in the build process that one of the accounts we add to the local admin group is actually there. All you have to do is to add the name of the account to the variable $Member.

You can download the script from here.


 #*******************************************************************************  
 #   Author: Mick Pletcher  
 #    Date: 25 November 2013  
 #  
 #   Program: Add User to Local Administrator Group in Active Directory  
 #*******************************************************************************  

 #Define Global Memory  
 Set-Variable -Name Member -Scope Local -Force  
 Set-Variable -Name Results -Value $false -Scope Global -Force  

 Function AddRemovePrograms($KeyName, $DisplayName, $Version){  

      #Define Local Memory  
      New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT  
      Set-Variable -Name AddRemKey -Scope Local -Force  
      Set-Variable -Name guid -Scope Local -Force  
      Set-Variable -Name ProductsKey -Scope Local -Force  

      If (!(Test-Path c:\windows\GSPBox_Icon.bmp)){  
           Copy-Item -Path \\global.gsp\data\clients\na_clients\Build\Add-ins\GSPBox_Icon.bmp -Destination c:\Windows -Force  
      }  
      $AddRemKey = "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall"  
      $ProductsKey = "HKCR:\Installer\Products\"  
      New-Item -Path $AddRemKey -Name $KeyName –Force  
      New-ItemProperty -Path $AddRemKey"\"$KeyName -Name DisplayName -Value $DisplayName -PropertyType String  
      New-ItemProperty -Path $AddRemKey"\"$KeyName -Name DisplayVersion -Value $Version -PropertyType String  
      New-ItemProperty -Path $AddRemKey"\"$KeyName -Name UninstallString -Value " " -PropertyType String  
      New-ItemProperty -Path $AddRemKey"\"$KeyName -Name Publisher -Value "Gresham, Smith and Partners" -PropertyType String  
      New-ItemProperty -Path $AddRemKey"\"$KeyName -Name DisplayIcon -Value "c:\windows\GSPBox_Icon.bmp" -PropertyType String  
      $guid = [guid]::NewGuid().ToString("N")  
      $guid.ToString()  
      $guid = $guid.ToUpper()  
      New-Item -Path $ProductsKey -Name $guid –Force  
      New-ItemProperty -Path $ProductsKey"\"$guid -Name ProductName -Value $DisplayName -PropertyType String -Force  

      #Cleanup Local Memory  
      remove-psdrive -name HKCR  
      Remove-Variable -Name AddRemKey -Scope Local -Force  
      Remove-Variable -Name guid -Scope Local -Force  
      Remove-Variable -Name ProductsKey -Scope Local -Force  

 }  

 Function CheckADForUser ($Member){  

      #Define Local Memory  
      Set-Variable -Name Computer -Scope Local -Force  
      Set-Variable -Name Group -Scope Local -Force  
      Set-Variable -Name LocalGroup -Scope Local -Force  
      Set-Variable -Name User -Scope Local -Force  
      Set-Variable -Name UserNames -Scope Local -Force  
      Set-Variable -Name Users -Scope Local -Force  

      $LocalGroup = "Administrators"  
      $UserNames = @()  
      $Computer = $env:computername  
           $Group= [ADSI]"WinNT://$Computer/$LocalGroup,group"  
           $Users = @($Group.psbase.Invoke("Members"))  
           $Users | ForEach-Object {  
                $UserNames += $_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)  
                Foreach ( $User in $UserNames) {  
                     If ($User -eq $Member) {  
                          $Global:Results = $true  
                          Write-Host $User  
                     }  
                }  
           }  

      #Cleanup Local Memory  
      $UserNames.Clear()  
      Remove-Variable -Name Computer -Scope Local -Force  
      Remove-Variable -Name Group -Scope Local -Force  
      Remove-Variable -Name LocalGroup -Scope Local -Force  
      Remove-Variable -Name User -Scope Local -Force  
      Remove-Variable -Name UserNames -Scope Local -Force  
      Remove-Variable -Name Users -Scope Local -Force  

 }  

 Function AddUserToAD ($Member) {  

      $group = [ADSI]"WinNT://./Administrators,group"  
      $group.Add("WinNT://$Member,user")  

 }  

 cls  
 $Member = ""  
 CheckADForUser $Member  
 If ($Results -eq $true) {  
      AddRemovePrograms $Member $Member "Installed"  
      cls  
      Write-Host $Member" is already in the local administrators group"  
 } else {  
      AddUserToAD $Member  
      CheckADForUser $Member  
      If ($Results -eq $true) {  
           AddRemovePrograms $Member $Member "Installed"  
           cls  
           Write-Host $Member" has been added to the local administrators group"  
      }  
 }  

 #Cleanup Global Memory  
 Remove-Variable -Name Member -Scope Local -Force  
 Remove-Variable -Name Results -Scope Global -Force

Related Posts:

  • Automating Microsoft Endpoint Full System Scan upon Infection with Email Notification While helping to manage Microsoft Endpoint, a former colleague suggested that I setup Endpoint to automatically run a full system scan each time an infection is detected. I googled the blog posting on it and although it i… Read More
  • NIC Power Management Properties I wrote and published a script that enabled wake on lan two years ago. Since then, I have needed to write new scripts to modify the advanced tab of the NIC properties. I began by looking at my old script to see about adding… Read More
  • Query Event Logs to a Central Log File Recently, we have had sporadic issues with Outlook and needed to see who all was experiencing the problem. We knew it was logged in the event viewer logs. I decided to write a PowerShell script, with the help of Sapien Tech… Read More
  • NIC Advanced Properties Recently, we started having issues with our new Dell Latitude E7450 laptops. They would be put to sleep and then they could not restore the network connection once the laptop was docked again. The problem came from the Ener… Read More
  • Local Administrators Automated Reporting Tool Back in November 2016, I posted the blog entry on reporting local administrators on machines. That script is deployed to machines via an SCCM package that reports the local administrators back to SCCM to be able to be queri… Read More

0 comments:

Post a Comment