How to add a domain user to the local admin group remotely?

Question

I need to add a domain user in the local administrator group remotly and I have to the local admin password

score 8 · Answer 1 · edited Dec 14 '12 at 16:40

8

psexec will do it remotely combined with 'net localgroup' command.

from command line:

psexec \\remotename -u username -p pwd net localgroup Administrators "domain\user" /add

you can also then batch that or use some scripting to apply to a group of machines. or you could always use powershell.

edited Dec 14 '12 at 16:40

voretaq7

79,345
17
128
213

answered Oct 21 '11 at 13:58

jhayes

476
2
6
12

Maybe using Powershell can be possible. – Kiquenet Oct 16 '14 at 21:32

score 5 · Answer 2 · answered Mar 12 '15 at 16:01

5

Another option - you can open up Local Users and Groups for the remote computer using this command:

lusrmgr.msc /computer=computername

answered Mar 12 '15 at 16:01

Jon.Mozley

163
1
7

score 4 · Answer 3 · answered Dec 16 '10 at 14:19

You can add a user to a group remotely by using the Group Policy Management Console. I would do the following:

Create an OU for the hosts that will have the user placed in the local group
Load the Group Policy Management Console
Locate the OU you created above and create a new group policy (the arrow points to what would be an OU) by right mouse clicking on the OU folder and select "create a GPO in this domain and link it here"

alt text

Name it something that makes sense to you
right mouse and choose edit
Click down into the policy Windows Settings->Security Settings->Restricted Groups

alt text

Add a group called Administrators (This is the group on the remote machine)
Next to the "members in this group" click add
Add domain admins to the group first
Add the group or person you want to add second
Click ok
Move the host into the OU you created above
Log in to the host and run gpupdate
Check the local groups, the person or group you specified should be in there.

Great. And better all if is possible do all this tasks programmatically in powershell or CMD script. — Kiquenet, Oct 16 '14 at 21:33

score 4 · Answer 4 · answered Dec 16 '10 at 16:17

If you're looking for a one-off method, you can also open the remote computer in Computer Management, click on Local Users and Groups -> Groups -> Administrators. Then add the domain group there.

This is really only practical for a few workstations. Otherwise Group Policy (the method Tom mentioned, or using Group Policy Preferences) is preferred.

score 0 · Answer 5 · answered Apr 01 '14 at 16:12

You can also do it by "simply" using groups.

Create a domain group local_admin , then make it a member of the computers local administrators group.

Then its a simple matter of making the domain user account a member of the domain local_admin group

Since we use pre-configured templates for our company installations we already have this configured before a user ever gets his PC. Giving us a simple way to give a specific user or group local administrative privileges on all our computers domain computers

How to add a domain user to the local admin group remotely?

5 Answers5