• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

Unattend - Set domain user as local administrator

Scheduled Pinned Locked Moved Solved
Windows Problems
4
6
5.6k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R
    Rusty
    last edited by Jan 14, 2016, 5:20 AM

    Adding local accounts and domain accounts to the unattend file is straight forward. However I am having trouble giving a domain account local administrator rights.
    I can add domain username as a local user account in Administrators group, but its not quite right, the Domain needs to be set to the Domain, not the local computer name
    Doing it manually to each computer is obviously not desirable

    <UserAccounts>
                <AdministratorPassword>
                    <Value>xxxxxxxxxxxxxxxxxx</Value>
                    <PlainText>false</PlainText>
                </AdministratorPassword>
                <LocalAccounts>
                    <LocalAccount wcm:action="add">
                        <Description>LocalAdministrator</Description>
                        <DisplayName>Administrator</DisplayName>
                        <Group>Administrators</Group>
                        <Name>Administrator</Name>
                    </LocalAccount>
                    <LocalAccount wcm:action="add">
                        <Password>
                            <Value>xxxxxxxxxxxxxxxxxxxxxxxxxxx</Value>
                            <PlainText>false</PlainText>
                        </Password>
                        <Description>Production local admin</Description>
                        <DisplayName>Production</DisplayName>
                        <Group>Administrators</Group>
                        <Name>Production</Name>
                    </LocalAccount>
                    <LocalAccount wcm:action="add">
                        <Description>Bobs account</Description>
                        <DisplayName>bob.smith</DisplayName>
                        <Group>Administrators</Group>
                        <Name>bob.smith</Name>
                    </LocalAccount>
                    <LocalAccount wcm:action="add">
                        <Password>
                            <Value>UgBlAGQARABvAGcANwBQAGEAcwBzAHcAbwByAGQA</Value>
                            <PlainText>false</PlainText>
                        </Password>
                        <Description>temp</Description>
                        <DisplayName>temp</DisplayName>
                        <Group>Administrators</Group>
                        <Name>temp</Name>
                    </LocalAccount>
                </LocalAccounts>
                <DomainAccounts>
                    <DomainAccountList wcm:action="add">
                        <DomainAccount wcm:action="add">
                            <Group>Administrators</Group>
                            <Name>bob.smith</Name>
                        </DomainAccount>
                        <DomainAccount wcm:action="add">
                            <Group>Administrators</Group>
                            <Name>production</Name>
                        </DomainAccount>
                        <Domain>elexon</Domain>
                    </DomainAccountList>
                </DomainAccounts>
            </UserAccounts>```
    1 Reply Last reply Reply Quote 0
    • W
      Wayne Workman
      last edited by Wayne Workman Jan 14, 2016, 8:37 AM Jan 14, 2016, 2:37 PM

      @Rusty

      When I want to give a user Administrative privileges to a specific computer, I do it locally on that computer. Using the gui in Win7 classic view, inside of Control Panel -> User Accounts -> Manage User Accounts -> Advanced tab -> Advanced -> Groups -> Administrators -> Add -> Querry the user's domain name -> Click Apply and OK till you're out of all the windows.

      If you can find a scripting solution for that, that’d be great.

      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
      Daily Clean Installation Results:
      https://fogtesting.fogproject.us/
      FOG Reporting:
      https://fog-external-reporting-results.fogproject.us/

      1 Reply Last reply Reply Quote 0
      • G
        george1421 Moderator
        last edited by george1421 Jan 14, 2016, 9:35 AM Jan 14, 2016, 3:34 PM

        This is precisely what we use (which appears to be in your unattend.xml file. I can say for sure this below works in Win7.

        <UserAccounts>
  <DomainAccounts>
    <DomainAccountList wcm:action="add">
      <DomainAccount wcm:action="add">
        <Group>Administrators</Group>
        <Name>joe_sombody</Name>
      </DomainAccount>
      <Domain>domain.com</Domain>
    </DomainAccountList>
  </DomainAccounts>
</UserAccounts>

        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

        W 1 Reply Last reply Jan 15, 2016, 4:05 AM Reply Quote 1
        • W
          Wayne Workman @george1421
          last edited by Jan 15, 2016, 4:05 AM

          @george1421 Does this make them a domain admin or just an admin over the local pc ?

          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
          Daily Clean Installation Results:
          https://fogtesting.fogproject.us/
          FOG Reporting:
          https://fog-external-reporting-results.fogproject.us/

          G 1 Reply Last reply Jan 15, 2016, 11:09 AM Reply Quote 0
          • G
            george1421 Moderator @Wayne Workman
            last edited by Jan 15, 2016, 11:09 AM

            @Wayne-Workman The section I provided makes a (normal) domain account a local admin. We do this to allow applications like pdq deploy and other utilities admin access to the workstation without using a domain level admin account.

            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

            1 Reply Last reply Reply Quote 0
            • Y
              YuYo
              last edited by Feb 10, 2016, 10:05 AM

              We do that with a GPO. Even with groups from a trusted domain.

              1 Reply Last reply Reply Quote 0
              • 1 / 1
              • First post
                Last post

              154

              Online

              12.1k

              Users

              17.3k

              Topics

              155.4k

              Posts
              Copyright © 2012-2024 FOG Project