Running NET localgroup command from a logon batch script as local system account

Discussion in 'Scripting' started by Kbalert, Dec 20, 2004.

  1. Kbalert

    Kbalert Guest

    I have a simple batch file that runs when ever a user logon to the NT4
    domain. I want to add a global group to the local administrators group on
    every machine.
    I am using the following command:
    net localgroup Administrators /add "DomainA\adm operators"

    The above command is succesdful when run on the local machine but isnot
    working when run as part of the logaon script. It does not give any error
    also.

    What is the simple way to run the above command successfully as part of the
    logon batch file?
    Note that the users have admini privilages on their machines.

    An early in thsi regard is highly appreciated. Thanks.

    --Kbalert
     
    Kbalert, Dec 20, 2004
    #1
    1. Advertisements

  2. Kbalert

    SubnetJO Guest

    I have an NT4 domain too...
    I tryed a logon script like your one... everything goes fine.

    If users have administrative privileges on their local machines, nothing
    should go wrong.

    I can only suppose that in the moment the logon script is run (locally), the
    services managing the local accounts security are not fully "up and running".

    I think the netologon service should be already running, because your users
    successfully logged in the domain... but is better to check...

    Try adding these few lines on your logon script, BEFORE the "net localgroup"
    command:

    ------------------
    :servicecheck
    rem Check "Remote Procedure Call" service
    sc interrogate rpcss | findstr /I "running"
    If errorleve 1 (goto wait) else goto continue

    rem Check "Netlogon" service
    sc interrogate netlogon | findstr /I "running"
    If errorleve 1 (goto wait) else goto continue

    :wait
    sleep 2
    goto servicecheck

    :continue
    -----------------------------

    This script check if the services name in the "rem lines", are running.
    If not, the script waits for 2 seconds and repeat the check again, and
    again... and again... until all services checked are running

    WARNING!
    You MUST have the tool "sleep.exe" in the netlogon folder or on your client
    machines!
    This tool is avaliable for free from Microsoft downloading the "Resource Kit
    tools".

    [tip and tricks]
    The "SC.exe" tool is embedded in WIndowsXp and Windows 2003 Server.
    For previous NT based operating systems (WindowsNT and Windows2000), you can
    use the "psservice.exe" tool, available for free among the others wonderful
    tools of the PStools suite.
    The suite is available for download (about 500KB) from the website of the
    producer, the "well known" "www.sysinternals.com".

    Try to check other system "core" services, if the two I suggested don't
    resolve your problem. I strongly think it is a "synch problem", from service
    starting and the requests of your logon script.

    Try a test.
    Logon from a client machine of yours, having local administrative privileges.
    As you say, the script will fail adding that group...
    Wait for a couple of minutes.
    Now logoff and then logon again with the same user.
    Do not reboot! Only "logoff and logon".
    I expect your logon script is fully executed...


    Bye,
    SubnetJO
    Italy
     
    SubnetJO, Dec 20, 2004
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.