• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    Unattend - Set domain user as local administrator

    Scheduled Pinned Locked Moved Solved
    Windows Problems
    4
    6
    5.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      Rusty
      last edited by

      Adding local accounts and domain accounts to the unattend file is straight forward. However I am having trouble giving a domain account local administrator rights.
      I can add domain username as a local user account in Administrators group, but its not quite right, the Domain needs to be set to the Domain, not the local computer name
      Doing it manually to each computer is obviously not desirable

      <UserAccounts>
                      <AdministratorPassword>
                          <Value>xxxxxxxxxxxxxxxxxx</Value>
                          <PlainText>false</PlainText>
                      </AdministratorPassword>
                      <LocalAccounts>
                          <LocalAccount wcm:action="add">
                              <Description>LocalAdministrator</Description>
                              <DisplayName>Administrator</DisplayName>
                              <Group>Administrators</Group>
                              <Name>Administrator</Name>
                          </LocalAccount>
                          <LocalAccount wcm:action="add">
                              <Password>
                                  <Value>xxxxxxxxxxxxxxxxxxxxxxxxxxx</Value>
                                  <PlainText>false</PlainText>
                              </Password>
                              <Description>Production local admin</Description>
                              <DisplayName>Production</DisplayName>
                              <Group>Administrators</Group>
                              <Name>Production</Name>
                          </LocalAccount>
                          <LocalAccount wcm:action="add">
                              <Description>Bobs account</Description>
                              <DisplayName>bob.smith</DisplayName>
                              <Group>Administrators</Group>
                              <Name>bob.smith</Name>
                          </LocalAccount>
                          <LocalAccount wcm:action="add">
                              <Password>
                                  <Value>UgBlAGQARABvAGcANwBQAGEAcwBzAHcAbwByAGQA</Value>
                                  <PlainText>false</PlainText>
                              </Password>
                              <Description>temp</Description>
                              <DisplayName>temp</DisplayName>
                              <Group>Administrators</Group>
                              <Name>temp</Name>
                          </LocalAccount>
                      </LocalAccounts>
                      <DomainAccounts>
                          <DomainAccountList wcm:action="add">
                              <DomainAccount wcm:action="add">
                                  <Group>Administrators</Group>
                                  <Name>bob.smith</Name>
                              </DomainAccount>
                              <DomainAccount wcm:action="add">
                                  <Group>Administrators</Group>
                                  <Name>production</Name>
                              </DomainAccount>
                              <Domain>elexon</Domain>
                          </DomainAccountList>
                      </DomainAccounts>
                  </UserAccounts>```
      1 Reply Last reply Reply Quote 0
      • Wayne WorkmanW
        Wayne Workman
        last edited by Wayne Workman

        @Rusty

        When I want to give a user Administrative privileges to a specific computer, I do it locally on that computer. Using the gui in Win7 classic view, inside of Control Panel -> User Accounts -> Manage User Accounts -> Advanced tab -> Advanced -> Groups -> Administrators -> Add -> Querry the user's domain name -> Click Apply and OK till you're out of all the windows.

        If you can find a scripting solution for that, that’d be great.

        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
        Daily Clean Installation Results:
        https://fogtesting.fogproject.us/
        FOG Reporting:
        https://fog-external-reporting-results.fogproject.us/

        1 Reply Last reply Reply Quote 0
        • george1421G
          george1421 Moderator
          last edited by george1421

          This is precisely what we use (which appears to be in your unattend.xml file. I can say for sure this below works in Win7.

          <UserAccounts>
            <DomainAccounts>
              <DomainAccountList wcm:action="add">
                <DomainAccount wcm:action="add">
                  <Group>Administrators</Group>
                  <Name>joe_sombody</Name>
                </DomainAccount>
                <Domain>domain.com</Domain>
              </DomainAccountList>
            </DomainAccounts>
          </UserAccounts>
          

          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

          Wayne WorkmanW 1 Reply Last reply Reply Quote 1
          • Wayne WorkmanW
            Wayne Workman @george1421
            last edited by

            @george1421 Does this make them a domain admin or just an admin over the local pc ?

            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
            Daily Clean Installation Results:
            https://fogtesting.fogproject.us/
            FOG Reporting:
            https://fog-external-reporting-results.fogproject.us/

            george1421G 1 Reply Last reply Reply Quote 0
            • george1421G
              george1421 Moderator @Wayne Workman
              last edited by

              @Wayne-Workman The section I provided makes a (normal) domain account a local admin. We do this to allow applications like pdq deploy and other utilities admin access to the workstation without using a domain level admin account.

              Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

              1 Reply Last reply Reply Quote 0
              • Y
                YuYo
                last edited by

                We do that with a GPO. Even with groups from a trusted domain.

                1 Reply Last reply Reply Quote 0
                • 1 / 1
                • First post
                  Last post

                215

                Online

                12.0k

                Users

                17.3k

                Topics

                155.2k

                Posts
                Copyright © 2012-2024 FOG Project