Make domain users/groups members of local groups
Hello
I have a need to add a domain account to the local admin group and
also grant it 'Log on as a service' right.
I have a VBScript to add the account to the admin group and a batch
file that uses the Res Kit util NTRIGHTS.EXE to agrant the 'Log on as
a service' right.
The problem I have is getting the things to execute. My apps have to
be deployed via GPOs so there is no domain access granted during the
MSI install.
If I set these as RunOnce values or as ActiveSetup values in the
registry they will only run if the user logging in has the necessary
rights.
How can I get these rights granted without leaving a trail of
sensitive passwords around?
Thanks,
lurchajn
PS: I know I can do this via GPO settings but I'd rather have a 'one-
stop-shop' approach to save the customer support monkeys from
conscious thought and the potential trauma that entails.
I have a need to add a domain account to the local admin group and
also grant it 'Log on as a service' right.
I have a VBScript to add the account to the admin group and a batch
file that uses the Res Kit util NTRIGHTS.EXE to agrant the 'Log on as
a service' right.
The problem I have is getting the things to execute. My apps have to
be deployed via GPOs so there is no domain access granted during the
MSI install.
If I set these as RunOnce values or as ActiveSetup values in the
registry they will only run if the user logging in has the necessary
rights.
How can I get these rights granted without leaving a trail of
sensitive passwords around?
Thanks,
lurchajn
PS: I know I can do this via GPO settings but I'd rather have a 'one-
stop-shop' approach to save the customer support monkeys from
conscious thought and the potential trauma that entails.
0 Comments
[ + ] Show comments
Answers (1)
Please log in to answer
Posted by:
KPrinz
17 years ago
You deploy via GPO, so you use MSIs, right?
How about adding a custom action that runs the needed actions? Then you can put the sources needed inside the msi.
How about adding a custom action that runs the needed actions? Then you can put the sources needed inside the msi.
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.
