globalhawk
Contributor
Contributor

Add NT User to Local Admin Group (VM in a domain)

Jump to solution

Is there any custom script we could write to add a NT User to a Local Admin of a VM which is in a domain as well ? Any ideas ? Thanks.

0 Kudos
1 Solution

Accepted Solutions
Burke-
VMware Employee
VMware Employee

In what context did you use it? That code is part of a larger solution, with specific steps required...

the only command that needs to be run actually is the net localgroup .... command... the workflow has slightly older code where I echoed text into a temp reg file, then imported the reg file... the reg file created a runOnce entry in the registry that was apparently only running if you login to the new VM as a domain administrator first -- not ideal... but using ONLY the net localgroup command in there is what I found to work more consistently.

If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you! Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator for vRealize Orchestrator tips and tutorials - @TechnicalValues on Twitter

View solution in original post

0 Kudos
8 Replies
Burke-
VMware Employee
VMware Employee

There are a number of ways to do this, but likely the easiest is to have the command to do so part of the runOnce of a VM that is being joined to a domain. I illustrate exactly this in the "Custom Deploy vApp" package that is available from the Documents tab here in the communities.

Essentially, you need to get this to run once the vm is in a domain:

net localgroup administrators @domain@\\@username@ /add" >>%TEMP%\tmp1.reg

where @domain@ is the name of the domain the user account resides and @username@ is the account name.

In a pre vSphere 5.x environment for existing Windows based VMs that are ALREADY in a domain, you could use the VIX plug-in to issue commands within the guest os to do this. ANd with vSphere 5.0 and later you can use the GuestOperations feature (VIX replacement, no extra plug-in required other than the vSphere 5 plug-in) to accomplish running the command within the guest.

If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you! Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator for vRealize Orchestrator tips and tutorials - @TechnicalValues on Twitter
globalhawk
Contributor
Contributor

Burke,

I tried to use that code you mentioned in vApp Cutom Deploy. It looks like the script runs with no errors. But, it doesn't add the specified user to the Local Admin group ?

cmd /c echo REGEDIT4 > %TEMP%\tmp1.reg &
cmd /c echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] >> %TEMP%\tmp1.reg &
cmd /c echo "addLocal"="net localgroup administrators @domain@\\@username@ /add" >>%TEMP%\tmp1.reg &
cmd /c regedit /s %TEMP%\tmp1.reg
0 Kudos
Burke-
VMware Employee
VMware Employee

In what context did you use it? That code is part of a larger solution, with specific steps required...

the only command that needs to be run actually is the net localgroup .... command... the workflow has slightly older code where I echoed text into a temp reg file, then imported the reg file... the reg file created a runOnce entry in the registry that was apparently only running if you login to the new VM as a domain administrator first -- not ideal... but using ONLY the net localgroup command in there is what I found to work more consistently.

If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you! Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator for vRealize Orchestrator tips and tutorials - @TechnicalValues on Twitter

View solution in original post

0 Kudos
globalhawk
Contributor
Contributor

I was using that line only to add. The argument to run a guest operation i used.

arguments = "cmd /c net localgroup Administrators @domain@\\@username@ /add >>%TEMP%\\tmp1.reg"

0 Kudos
globalhawk
Contributor
Contributor

And, I logged in as domain admin too.

0 Kudos
globalhawk
Contributor
Contributor

Burke - I got that working. It was a typo in my command which was blocking it. thanks.

0 Kudos
Burke-
VMware Employee
VMware Employee

Cool! Happy I could help!

If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you! Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator for vRealize Orchestrator tips and tutorials - @TechnicalValues on Twitter
0 Kudos
AlexMITS
Contributor
Contributor

Using the SDK not the VIX

programPath = c:\windows\system32\net.exe

programArguments = 'localgroup Administrators /add '+activeUser

I did attach workflow for orchestrator 5.1 / for 4.2 you need to import package http://communities.vmware.com/docs/DOC-19918

user have to be typed as DOMAIN\USERANAME and workflow executed as local admin - otherwise UAC blocks it.

0 Kudos