Scripting Question

Kace script to give local admin rights to logged in user in windows.

11/09/2015 2008 views
Hello guys, I have been thinking on implementing a script to do this but I can't figure out how to do that for the logged in user who has of course no admin rights. Any ideas on how this could be done?
I know this is better done from AD but I have no management of it and the AD team is extremely busy to implement small changes like this.

Thanks in advance for your ideas.
Answer Summary:
SMal.tmcc came up with a great idea for a scrip. Visit his answer here: http://www.itninja.com/blog/view/kace-script-to-give-local-admin-rights-to-logged-in-user-in-windows
0 Comments   [ + ] Show comments


Answer Chosen by the Author

  • Awesome, works like a charm. I didn't think about using a text file. Shame on me. Thank you very much for your help :D

    I will also use this to map printers for users who don't have admin rights :)
    • We have a use for it here at TMCC also, so well worth the effort. Having to think out of the box it whats helps us learn, I started on computers in the USAF in 1979 with DOS 1.0, UNIX and HPrpn. A lot of the old time tricks to manipulate things still apply. I had it in memory only at first but it was either dropping the last letter or adding other crap to have to filter so I went with a easy solution temp file. The programdata\dell\kace\user directory is the perfect target for this, you can run scripts as users and they can write files there for CIR to read. I use this technique to look for user installed apps and malware
    • you want to implement this one also to help track who is a local admin

      • Awesome, thanks for that. I started with computers when I was 8 but of course I didn't do much back then haha. Nowadays it's been 6 years working as an IT pro. It's great to learn things from the days where things were not served on a silver platter :D

Community Chosen Answer

Sorry I pulled a homer this morning.  You cannot add yourself.  I deleted that stupid answer

How we accomplish what you want to do without server crew intervention.
Open computer management on your admin tech machine
under action choose connect to another computer and put in the system name you want connect to
under local users and groups and open administrators group and add the name you need.
Answered 11/09/2015 by: SMal.tmcc
Red Belt

  • Hey thanks for that, I didn't consider it. It is actually a good alternative. Still some of our service desk technicians use Ubuntu and Mac so they will not be able to do that. I will try to find a way to accomplish it via script but your input is very appreciated.
    • For kace we have a script they change the name and target machine each time we need to run it. It is very seldom we use it though.

      Another alternative for the non MS users to to setup a VMAN (virtual management server) with all the tools. We have this for that purpose, techs can remote it from our ipads and manage.
    • I will explore a method to make a vanilla script to do this.
      • Thanks I will be looking into it too. If I have any news I'll post it.

All Answers

This content is currently hidden from public view.
Reason: Removed by member request For more information, visit our FAQ's.
Of course, the target user will need to log off and back on again in order to pick up the new access token.

Are you sure you're approaching this from the right angle? Why would you need to grant users local admin rights [shudder...]?
Answered 11/09/2015 by: VBScab
Red Belt

  • I'm not sure why this was downvoted but I upvoted it (back to zero, haha) because I think this is a very valid comment. The consideration of why you're doing this aside, there is no magic script to suddenly enable someone admin rights immediately. From a workstation standpoint, if there was a "simple" way to do this it would be exploited.

    However, if the reason you're trying to do this is simply to install software or make a config change, you can accomplish this remotely by running the script as the system user.
    • This content is currently hidden from public view.
      Reason: Removed by member request For more information, visit our FAQ's.
    • It should also be noted that any changes you make could possibly be superseded by GPOs anyway.
  • Yep, very sure about this. Most of our users are developers and know their way around computers, some of them need to set up their own environments and are allowed to that by corporate policies.
    What we usually do is take remote management on their pcs and add them manually but I wanted to have a more automatic way of doing this, like shooting a script from our Kace server.
    BTW GPOs are set not to affect user rights on devices. Only local policies apply to that.
    And yes, no problem having the user log off and back on. I just want to remove the need to take remote control of the pc, that would shorten SLA times on this kind of tickets since there would be no need to coordinate a remote session with the user. Besides, as I state in my comment to the first replier I would like to have no need to edit the user name on my script every time, but that is the hard part and the main reason why I asked the question, since windows would always add the user who is shooting the command instead of the current logged in user.
    • Sounds like a unique circumstance, I'm not sure what the best solution would be but you've got me curious how you'll accomplish this...
      • Yeah it is indeed a pretty peculiar situation. As most on the company I work for :P. I will post if I find a solution but I'm starting to think there is no way around this without some heavy programming.
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ