Is there any custom script we could write to add a NT User to a Local Admin of a VM which is in a domain as well ? Any ideas ? Thanks.
In what context did you use it? That code is part of a larger solution, with specific steps required...
the only command that needs to be run actually is the net localgroup .... command... the workflow has slightly older code where I echoed text into a temp reg file, then imported the reg file... the reg file created a runOnce entry in the registry that was apparently only running if you login to the new VM as a domain administrator first -- not ideal... but using ONLY the net localgroup command in there is what I found to work more consistently.
There are a number of ways to do this, but likely the easiest is to have the command to do so part of the runOnce of a VM that is being joined to a domain. I illustrate exactly this in the "Custom Deploy vApp" package that is available from the Documents tab here in the communities.
Essentially, you need to get this to run once the vm is in a domain:
net localgroup administrators @domain@\\@username@ /add" >>%TEMP%\tmp1.reg
where @domain@ is the name of the domain the user account resides and @username@ is the account name.
In a pre vSphere 5.x environment for existing Windows based VMs that are ALREADY in a domain, you could use the VIX plug-in to issue commands within the guest os to do this. ANd with vSphere 5.0 and later you can use the GuestOperations feature (VIX replacement, no extra plug-in required other than the vSphere 5 plug-in) to accomplish running the command within the guest.
Burke,
I tried to use that code you mentioned in vApp Cutom Deploy. It looks like the script runs with no errors. But, it doesn't add the specified user to the Local Admin group ?
cmd /c echo REGEDIT4 > %TEMP%\tmp1.reg &
cmd /c echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] >> %TEMP%\tmp1.reg &
cmd /c echo "addLocal"="net localgroup administrators @domain@\\@username@ /add" >>%TEMP%\tmp1.reg &
cmd /c regedit /s %TEMP%\tmp1.reg
In what context did you use it? That code is part of a larger solution, with specific steps required...
the only command that needs to be run actually is the net localgroup .... command... the workflow has slightly older code where I echoed text into a temp reg file, then imported the reg file... the reg file created a runOnce entry in the registry that was apparently only running if you login to the new VM as a domain administrator first -- not ideal... but using ONLY the net localgroup command in there is what I found to work more consistently.
I was using that line only to add. The argument to run a guest operation i used.
arguments = "cmd /c net localgroup Administrators @domain@\\@username@ /add >>%TEMP%\\tmp1.reg"
And, I logged in as domain admin too.
Burke - I got that working. It was a typo in my command which was blocking it. thanks.
Cool! Happy I could help!
Using the SDK not the VIX
programPath = c:\windows\system32\net.exe
programArguments = 'localgroup Administrators /add '+activeUser
I did attach workflow for orchestrator 5.1 / for 4.2 you need to import package http://communities.vmware.com/docs/DOC-19918
user have to be typed as DOMAIN\USERANAME and workflow executed as local admin - otherwise UAC blocks it.