This script was designed to be run by a domain administrator to grant other groups access to Administrators or Power Users on a local machine. It reads in a list of computers from a text file and attempts to add the specified domain group to a specified local group. An error log (success, fail, error message) will be written so that you know which workstations were correctly updated.
This is a useful script to grant a desktop support group access to a list of workstations without giving them domain administrator permissions.
On Error Resume Next
Set oFSO = CreateObject("Scripting.FileSystemObject")
Set oInFile = oFSO.OpenTextFile("computers.txt")
Set oLogFile = oFSO.OpenTextFile("Output.log",8,True)
StartTime = Now
ComputerCount = 0
While Not oInFile.AtEndOfStream
sComputerName = Trim(oInFile.ReadLine)
If Not sComputerName = "" Then
ComputerCount = ComputerCount + 1
sLGroup = "Administrators"
sGGroup = "Workstation Admins"
sDC = "testing.root.local"
Message = "Error adding Global to Local on " & sComputerName
Set oLGroup = GetObject("WinNT://" & sComputerName & "/" & sLGroup & ",group")
Set oGGroup = GetObject("WinNT://" & sDC & "/" & sGGroup & ",group")
ReturnCode = oLGroup.Add(oGGroup.ADsPath)
If Err.Number = "-2147023518" then
Message = sGGroup & " is already a member of " & sLGroup & " on " & sComputerName
ElseIf Err.Number = "0" Then
Message = oGGroup.Name & " is now in " & oLGroup.Name & " on computer " & sComputerName
End If
oLogFile.WriteLine (Message)
End If
Wend
MsgBox ComputerCount & " machines were processed in " & DateDiff("S", StartTime, Now) & " seconds."
WScript.Quit