[script attached]. I have a small script that adds and removes Domain groups from the Local Admin group. This script is part of a GPO and runs when users log on to their machines. I am not sure where to use this, but I want this script to only run on Windows XP or Windows 2000 Professional machines, essentially not %server%.
Because this is differnet than some newer type scripts in that I am not using collections or running against an OU, I do not know first the exact syntx nor where to enter the syntax in so this does not run against machines with %server% on them.
(where objOperatingSystem.Caption =)
Thanks in advance for the help.
'This script will loop the through the Local Admin group and add / remove members as defined in the'adGrp.Add and oGrp.Remove variable.
On Error Resume Next
'get main objects/variablesSet ws = WScript.CreateObject ( "WScript.Shell" )compname = ws.ExpandEnvironmentStrings ( "%COMPUTERNAME%" )'Add GroupsSet adGrp = GetObject ( "WinNT://" & compname & "/Administrators,group" )'Remove groupsSet oGrp = GetObject("WinNT://" & compname & "/Administrators,group")
'Add Domain Global Groups to Local Admin groupadGrp.Add ( "WinNT://domain1/Admins,group" )adGrp.Add ( "WinNT://domain2/Admins,group" )
'Remove Global Groups from Local Admin groupoGrp.Remove("WinNT://domain/Old_Group,group")new_user2007-06-06 11:03:06
Where Clause
Forum rules
Do not post any licensing information in this forum.
Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
Do not post any licensing information in this forum.
Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
Where Clause
[script attached]. I have a small script that adds and removes Domain groups from the Local Admin group. This script is part of a GPO and runs when users log on to their machines. I am not sure where to use this, but I want this script to only run on Windows XP or Windows 2000 Professional machines, essentially not %server%.
Because this is differnet than some newer type scripts in that I am not using collections or running against an OU, I do not know first the exact syntx nor where to enter the syntax in so this does not run against machines with %server% on them.
(where objOperatingSystem.Caption =)
Thanks in advance for the help.
'This script will loop the through the Local Admin group and add / remove members as defined in the'adGrp.Add and oGrp.Remove variable.
On Error Resume Next
'get main objects/variablesSet ws = WScript.CreateObject ( "WScript.Shell" )compname = ws.ExpandEnvironmentStrings ( "%COMPUTERNAME%" )'Add GroupsSet adGrp = GetObject ( "WinNT://" & compname & "/Administrators,group" )'Remove groupsSet oGrp = GetObject("WinNT://" & compname & "/Administrators,group")
'Add Domain Global Groups to Local Admin groupadGrp.Add ( "WinNT://domain1/Admins,group" )adGrp.Add ( "WinNT://domain2/Admins,group" )
'Remove Global Groups from Local Admin groupoGrp.Remove("WinNT://domain/Old_Group,group")new_user2007-06-06 11:03:06
Because this is differnet than some newer type scripts in that I am not using collections or running against an OU, I do not know first the exact syntx nor where to enter the syntax in so this does not run against machines with %server% on them.
(where objOperatingSystem.Caption =)
Thanks in advance for the help.
'This script will loop the through the Local Admin group and add / remove members as defined in the'adGrp.Add and oGrp.Remove variable.
On Error Resume Next
'get main objects/variablesSet ws = WScript.CreateObject ( "WScript.Shell" )compname = ws.ExpandEnvironmentStrings ( "%COMPUTERNAME%" )'Add GroupsSet adGrp = GetObject ( "WinNT://" & compname & "/Administrators,group" )'Remove groupsSet oGrp = GetObject("WinNT://" & compname & "/Administrators,group")
'Add Domain Global Groups to Local Admin groupadGrp.Add ( "WinNT://domain1/Admins,group" )adGrp.Add ( "WinNT://domain2/Admins,group" )
'Remove Global Groups from Local Admin groupoGrp.Remove("WinNT://domain/Old_Group,group")new_user2007-06-06 11:03:06
Where Clause
You cannot do this from a GPO except if it is an admin loggong on. Users cannot normally alter teh contents of groups.
If you want a script to run only on certain types of machines you can do this using a Group Policy Filter.
If machines are separated into OUs that reflect their roles then you could just apply it at the OU level. If machines are mixed use the GP filter.
If machines are in the "default" COmputers container then you will not be able to isolate a GPO. This is one of the major reasons for moving computers to OUs that track their roles.
Look into using a GP with "Restricted Groups Policy" as this is the recommended method.
(where objOperatingSystem.Caption =)
is a piece of a WMI query. I am not sure what you are trying to do with this piece of code.
If you want a script to run only on certain types of machines you can do this using a Group Policy Filter.
If machines are separated into OUs that reflect their roles then you could just apply it at the OU level. If machines are mixed use the GP filter.
If machines are in the "default" COmputers container then you will not be able to isolate a GPO. This is one of the major reasons for moving computers to OUs that track their roles.
Look into using a GP with "Restricted Groups Policy" as this is the recommended method.
(where objOperatingSystem.Caption =)
is a piece of a WMI query. I am not sure what you are trying to do with this piece of code.
Where Clause
jvierra thanks. This script is currently in a GPO, the scripts runs when a user logs on to a machine, the users in my environment are Local Admins so the script does run. What I am trying to accomplisg within the script is, I want to add code to it so when the script starts it looks at the OS of the machine, if the OS is not %professional% do not run the script [or if it is %professional%, run].
Seperating my machines into different OU's is not a option for my environment, and a GPO filter will not work on a Windows 2000 Version X machine, only XP or 2003+.
So I am just looking to see if I can get this script to look at the OperatingSystem caption if if its %server%, do not run.
Seperating my machines into different OU's is not a option for my environment, and a GPO filter will not work on a Windows 2000 Version X machine, only XP or 2003+.
So I am just looking to see if I can get this script to look at the OperatingSystem caption if if its %server%, do not run.