Kace script to give local admin rights to logged in user in windows.
Hello guys, I have been thinking on implementing a script to do this but I can't figure out how to do that for the logged in user who has of course no admin rights. Any ideas on how this could be done?
I know this is better done from AD but I have no management of it and the AD team is extremely busy to implement small changes like this.
Thanks in advance for your ideas.
0 Comments
[ + ] Show comments
Answers (3)
Answer Summary:
SMal.tmcc came up with a great idea for a scrip. Visit his answer here: http://www.itninja.com/blog/view/kace-script-to-give-local-admin-rights-to-logged-in-user-in-windows
SMal.tmcc came up with a great idea for a scrip. Visit his answer here: http://www.itninja.com/blog/view/kace-script-to-give-local-admin-rights-to-logged-in-user-in-windows
Please log in to answer
Posted by:
SMal.tmcc
8 years ago
Sorry I pulled a homer this morning. You cannot add yourself. I deleted that stupid answer
How we accomplish what you want to do without server crew intervention.
Open computer management on your admin tech machine
under action choose connect to another computer and put in the system name you want connect to
under local users and groups and open administrators group and add the name you need.
How we accomplish what you want to do without server crew intervention.
Open computer management on your admin tech machine
under action choose connect to another computer and put in the system name you want connect to
under local users and groups and open administrators group and add the name you need.
Comments:
-
Hey thanks for that, I didn't consider it. It is actually a good alternative. Still some of our service desk technicians use Ubuntu and Mac so they will not be able to do that. I will try to find a way to accomplish it via script but your input is very appreciated. - Glaporte 8 years ago
-
For kace we have a script they change the name and target machine each time we need to run it. It is very seldom we use it though.
Another alternative for the non MS users to to setup a VMAN (virtual management server) with all the tools. We have this for that purpose, techs can remote it from our ipads and manage. - SMal.tmcc 8 years ago -
I will explore a method to make a vanilla script to do this. - SMal.tmcc 8 years ago
-
Thanks I will be looking into it too. If I have any news I'll post it. - Glaporte 8 years ago
Posted by:
SMal.tmcc
8 years ago
Top Answer
Ha! I love a challenge.
See:
http://www.itninja.com/blog/view/kace-script-to-give-local-admin-rights-to-logged-in-user-in-windows
See:
http://www.itninja.com/blog/view/kace-script-to-give-local-admin-rights-to-logged-in-user-in-windows
Comments:
-
Awesome, works like a charm. I didn't think about using a text file. Shame on me. Thank you very much for your help :D
I will also use this to map printers for users who don't have admin rights :) - Glaporte 8 years ago-
We have a use for it here at TMCC also, so well worth the effort. Having to think out of the box it whats helps us learn, I started on computers in the USAF in 1979 with DOS 1.0, UNIX and HPrpn. A lot of the old time tricks to manipulate things still apply. I had it in memory only at first but it was either dropping the last letter or adding other crap to have to filter so I went with a easy solution temp file. The programdata\dell\kace\user directory is the perfect target for this, you can run scripts as users and they can write files there for CIR to read. I use this technique to look for user installed apps and malware - SMal.tmcc 8 years ago
-
you want to implement this one also to help track who is a local admin
http://www.itninja.com/blog/view/create-a-cir-to-get-a-clean-list-of-your-local-admins-and-then-filter-out-the-it-approved-admins-also-presented-at-dell-world-user-forum-2014-lessions-from-the-field - SMal.tmcc 8 years ago-
Awesome, thanks for that. I started with computers when I was 8 but of course I didn't do much back then haha. Nowadays it's been 6 years working as an IT pro. It's great to learn things from the days where things were not served on a silver platter :D - Glaporte 8 years ago
Posted by:
anonymous_9363
8 years ago
Of course, the target user will need to log off and back on again in order to pick up the new access token.
Are you sure you're approaching this from the right angle? Why would you need to grant users local admin rights [shudder...]?
Are you sure you're approaching this from the right angle? Why would you need to grant users local admin rights [shudder...]?
Comments:
-
I'm not sure why this was downvoted but I upvoted it (back to zero, haha) because I think this is a very valid comment. The consideration of why you're doing this aside, there is no magic script to suddenly enable someone admin rights immediately. From a workstation standpoint, if there was a "simple" way to do this it would be exploited.
However, if the reason you're trying to do this is simply to install software or make a config change, you can accomplish this remotely by running the script as the system user. - nheyne 8 years ago-
It should also be noted that any changes you make could possibly be superseded by GPOs anyway. - nheyne 8 years ago
-
Yep, very sure about this. Most of our users are developers and know their way around computers, some of them need to set up their own environments and are allowed to that by corporate policies.
What we usually do is take remote management on their pcs and add them manually but I wanted to have a more automatic way of doing this, like shooting a script from our Kace server.
BTW GPOs are set not to affect user rights on devices. Only local policies apply to that.
And yes, no problem having the user log off and back on. I just want to remove the need to take remote control of the pc, that would shorten SLA times on this kind of tickets since there would be no need to coordinate a remote session with the user. Besides, as I state in my comment to the first replier I would like to have no need to edit the user name on my script every time, but that is the hard part and the main reason why I asked the question, since windows would always add the user who is shooting the command instead of the current logged in user. - Glaporte 8 years ago-
Sounds like a unique circumstance, I'm not sure what the best solution would be but you've got me curious how you'll accomplish this... - nheyne 8 years ago
-
Yeah it is indeed a pretty peculiar situation. As most on the company I work for :P. I will post if I find a solution but I'm starting to think there is no way around this without some heavy programming. - Glaporte 8 years ago
