RayMcD Posted February 12, 2009 Share Posted February 12, 2009 Let me start off by saying that I am new to AutoIT. I have been working on a way to control the local administrators group on our desktops. Currently"Domain Users" are local admins on every computer and I would like to change this so that only the currently logged on user is a local admin. I have a vb script that works but only if the user is already a local admin. If the user is not a local admin they get access denied when trying to edit the local admin group. I thought AutoIT would allow me to us the RunAs function to add domain users or the local user to the admins group. I have been working on this for a while now and just can't get it to work in AutoIT. I also tried a vbs to AutoIT converter which didn't work for me. This is what I am trying to accomplish: 1. Define permitted local admins (Administrator, Domain Admins, @UserName) 2. Enumerate the local admin group 3. Check to see if the local admin group matches the permitted admins group 4. If not RunAs admin to add Domain users to the local admin group (So the user can later add themselves) 5. Run as the current user to add @UserName to the admin group if it isnt there 6. Run as the current user to add Domain Admins to the admin group if it isnt there 7. Run as the current user to add the local Administrator to the local admin group if it isnt there 8. Run as the current user to remove Domain Users This is the vb script that I have which works if you are already a local admin: ' Remove Unapproved Local Administrators. 'vbscript '** Define Variables Dim PermittedAdmins' As Array Dim objNetwork Dim strUserName Dim objSrv strDomain ="Domain" strDomainAdmins = "Domain Admins" '** Extract the username Set objNetwork = WScript.CreateObject("WScript.Network") strUserName = objNetwork.UserName '** Define Permited Administrators List PermittedAdmins = Array("Administrator", "Domain Admins", strUserName) '** Get Local Administrator Group Set AdminGroup = GetObject("WinNT://./Administrators, Group") '** Search for Invalid Members & Remove Them For Each GroupMember in AdminGroup.Members Debug.WriteLine GroupMember.Name, GroupMember.Class, IsPermitedAdmin(GroupMember.Name) If Not IsPermitedAdmin(GroupMember.Name) Then AdminGroup.Remove GroupMember.ADsPath End If '** Add the current user to the local admins group strComputerName=objNetwork.ComputerName '** Checking local Administrator group Set objSrv = GetObject("WinNT://" & strComputerName & "/Administrators,group") if objSrv.IsMember("WinNT://" & strDomain & "/" & strUserName) then ' wscript.Echo "found " & strDomain & "\" & strUserName else ' wscript.Echo "not found " & strDomain & "\" & strUserName ' wscript.Echo "Adding WinNT://" & strDomain & "/" & strUserName objSrv.Add("WinNT://" & strDomain & "/" & strUserName) end If '** Add domain admins to the local admins group if objSrv.IsMember("WinNT://" & strDomain & "/" & strDomainAdmins) then ' wscript.Echo "found " & strDomain & "\" & strDomainAdmins else ' wscript.Echo "not found " & strDomain & "\" & strDomainAdmins ' wscript.Echo "Adding WinNT://" & strDomain & "/" & strDomainAdmins objSrv.Add("WinNT://" & strDomain & "/" & strDomainAdmins) end If Next '** Functions ***************************************************************** Function IsPermitedAdmin(MemberName)' As Boolean Dim i' As Long For i = LBound(PermittedAdmins) To UBound(PermittedAdmins) If UCase(MemberName) = UCase(PermittedAdmins(i)) Then IsPermitedAdmin = True Exit Function End If Next IsPermitedAdmin = False End Function If anyone can help me get this converted to AutoIT it will be appreciated. Thanks RayMcD Link to comment Share on other sites More sharing options...
Bert Posted February 12, 2009 Share Posted February 12, 2009 http://www.autoitscript.com/forum/index.ph...l=Domain+Adminshttp://www.autoitscript.com/forum/index.ph...st&p=499954 The Vollatran project My blog: http://www.vollysinterestingshit.com/ Link to comment Share on other sites More sharing options...
RayMcD Posted February 12, 2009 Author Share Posted February 12, 2009 Thanks Volly... I'll take a look at the examples but I have already seen most of them. Even with all of the examples I just can't get this to work. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now