'Alan Kaplan for VA Salisbury 'akaplan@msdinc.com www.msdinc.com 'also alan@akaplan.com, www.akaplan.com/tools.html 'Written 8/25/01 'Revised 8/27/01 added DC info and skip after first not reached failure 'Revised 11/5/01 to fix authentication issues, error handling 'This script adds global group(s) to local group(s) on all workstations 'and dumps information into a spreadsheet option explicit Dim wshshell, objreg,objcontainer,objremote,objregkey dim dnameobj,objgroup,objdgroup,lgrp dim key,key2,major,minor,ver,quote, command,username dim rdname, colpcs,rserver dim logfile,comma,message,cdname,title dim fso,appendout,ofile, skiprest public password, user,space, IsGlobalAccnt dim dso, objserver,errinfo, ereport, fflag const ADS_SECURE_AUTHENTICATION = 0 'message format helpers.. comma = "," quote = chr(34) space = chr(32) Set WshShell = WScript.CreateObject("WScript.Shell") Set dso = GetObject("WinNT:") '*********** OPTIONAL EDITS HERE ***************** '*** Name of log file. UNC path is okay. Leave extension as CSV '*** to have it opened by Excel. Change to TXT '*** if Excel not loaded on workstation running script logfile = "c:\GlobalGroupsAdded.csv" '*** if this is left blank, you will be prompted for the information password = "" '*********** EDIT ENDS *************************** 'Test for ADSI and current WSH, host set to Cscript, regobj installed 'Do not comment out! SysTest 'get resource domain name as default search string within logon domain key = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Currentversion\Winlogon\CachePrimaryDomain" RDname = WshShell.RegRead (key) ' Define dialog box variables. message = message & "You will overwrite the logfile " & logfile & " if it exists." &vbCrLf & vbCrLf message = message & "Please enter domain name to search:" title = "Add Global Group membership" 'get resource domain name, domain default CDName = InputBox(message, title, RDName) ' Evaluate the user input. If CDName = "" Then ' Canceled by the user WScript.quit End If message = "Please enter the name of an account with membership " message = message & " in the local administrators group." &vbcrlf &vbcrlf message = message & "Example: "&CDNAME & "\NetGeek" &vbcrlf message = message & "Example: Administrator" title = "User with Rights" username = InputBox(message, title,"Administrator") ' Evaluate the user input. If username = "" Then ' Canceled by the user WScript.quit End If 'test to see if local account or domain account IsGlobalAccnt=InStr(1,username,"\",1) if Password = "" Then message = "Please enter password for local user: " & username &vbcrlf &vbcrlf message = message & "PASSWORD WILL BE ECHOED IN PLAIN TEXT!" title = "Password" password = InputBox(message, title) ' Evaluate the user input. If password = "" Then ' Canceled by the user WScript.quit End If End IF wscript.echo "Working... " & vbcrlf 'setup log 'logfile is set to append. Const ForAppend = 8 set fso = CreateObject("Scripting.FileSystemObject") 'delete old log if (fso.FileExists(logfile))then set oFile = fso.GetFile (logfile) oFile.Delete end if 'create header for log set AppendOut = fso.OpenTextFile(logfile, ForAppend, True) appendout.writeline "Computername,Message,Status" 'run getinfo on all computers in resource domain 'This should work with with Win2k Active directory per docs.... DnameObj = "WinNT://" & cdname 'Case counts here! Set objContainer=GetObject(DnameObj) objContainer.Filter=Array("computer") 'For each computer in domain... For Each colPCs in objContainer rserver = colPCs.Name skiprest = FALSE 'Run Global Group to Local Group Subroutine '*********** OPTIONAL EDITS HERE ***************** 'Syntax: GG2LG "LocalGroup", "Domain/GlobalGroup" GG2LG "Administrators", "MyDomain/BigGeeks" GG2LG "Users", "MyDomain/HappyUsers" '*********** EDIT ENDS *************************** 'add a space on screen for each computer processed wscript.echo vbcrlf Next 'Done. open file with associated app, Excel if installed. command = "cmd.exe /c start " & logfile WshShell.Run command wscript.quit 'The end 'Functions and Subroutines sub GG2LG (Rgroup, Dgroup) if IsGlobalAccnt = 0 then 'not global? prefix system name to local account username = rserver & "\" & username End If If Skiprest = TRUE Then Exit Sub End If 'Add Global domain group as member of local group on remote workstation subroutine 'While logged into master domain..... err.clear on error resume next Set Lgrp = dso.OpenDSObject("WinNT://" &_ rserver & "/" & Rgroup,_ username,_ password,_ ADS_SECURE_AUTHENTICATION) Errinfo=err.number Select Case errinfo Case "-2147023570" ereport = " (password failure)" FFlag = "Failure" Skiprest = TRUE Case "-2147023677" ereport = "(password failure)" FFlag = "Failure" Skiprest = TRUE Case "-2147024843" ereport = "(Not reached)" FFlag = "Failure" Skiprest = TRUE Case Else ereport = "(Unknown error)" FFlag = "Failure" End Select if err <> 0 then EchoAndLog RServer & comma & "Failed adding " & Dgroup & " to group " & Rgroup & space & ereport & comma & FFlag EXIT SUB end if '.Add or .Remove group err.clear errinfo=0 Lgrp.add("WinNT://"& DGroup & ",group") Errinfo=err.number Select Case errinfo Case "424" ereport = " (computer not reached)" FFlag = "Failure" Skiprest = TRUE Case "-2147024843" ereport = "(computer not reached)" FFlag = "Failure" Skiprest = TRUE Case "-2147023518" ereport = "(group already member)" FFlag = "Success" Case "-2147022670" ereport = "(cannot change accounts on BDC)" FFlag = "Failure" Case Else ereport = "(Unknown error)" FFlag = "Failure" End Select if err <> 0 then EchoAndLog RServer & comma & "Failed adding " & Dgroup & " to group " & Rgroup & space & ereport & comma & FFlag Else EchoAndLog RServer & comma & "Added " & Dgroup & " to group " & Rgroup & comma & "Success" end if set LGrp = Nothing on error goto 0 end sub Sub EchoAndLog (message) 'Subroutine to echo to screen and write to log Wscript.Echo message 'appendout is defined as part of log setup AppendOut.WriteLine message End Sub Sub SysTest() on error resume next ' WSH version tested Major = (ScriptEngineMinorVersion()) Minor = (ScriptEngineMinorVersion())/10 Ver = major + minor 'Need version 5.5 If err.number or ver < 5.5 then message = "You have must load Version 5.5 (or later) of Windows Script Host" &vbCrLf End If 'Test for ADSI err.clear key = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}\version" key2 = WshShell.RegRead (key) if err <> 0 then message = message & "ADSI must be installed on local workstation to continue" & vbCrLf WshShell.Popup message,0,"Workstation Setup Error",vbCritical WScript.Quit End if ' Create object reference to Regobj.dll. err.clear on error resume next Set objReg = WScript.CreateObject("RegObj.Registry") 'if fails tell why if err <> 0 then message = "You must have regobj.dll in c:\winnt\system32" &_ " and registered using regsvr32 for this to work" WshShell.Popup message,0,"Workstation Setup Error",vbCritical WScript.Quit End if 'Test whether the host is CScript.exe. 'G. Born code... If IsBatch = "TRUE" Then If (Not IsCScript()) Then message = "You must set default host to cscript to run as a batch." &vbcrlf &_ "Use the command wscript //h:cscript" 'popup closes to avoid desktop hell WshShell.Popup message,3,"Workstation Setup Error",vbCritical WScript.Quit ' Terminate script. End If End if End Sub Function IsCScript() ' Check whether CScript.exe is the host. If (InStr(UCase(WScript.FullName), "CSCRIPT") <> 0) Then IsCScript = True Else IsCScript = False End If End Function