Need a simple way to add a local computer account to the a..

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

In my environment, which is still an NT 4 domain, but 90% XP clients, I need
to add the NT Authority\System account to the local administrtors group on
all of my computers. I would imagine scripting is the way to go. If so, can
anyone point me in the direction of how to write that script (I am a novice
script writer.. nothing past a basic batch file), or is there aother way that
I can get that account into the local administrators group.

Signed HELP
7 answers Last reply
More about need simple local computer account
  1. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Hello Booker,

    The System account is not network routable. It has no authority outside of
    the local machine account. What exactly are you looking to accomplish?


    This posting is provided "AS IS" with no warranties, and confers no rights.
  2. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    When using SMS, when i try to distribute XP sp2, or MS office, or anything
    that requires administrative crednetials, SMS will use either the priviliges
    of the logged on user, or the NT AUthority\System account. In our
    environment, the NT Authority\System Account was removed from the
    administrators group in our image before we pushed it out to all of the
    machines. Now I want to see if it is possible to put that account back in
    the admin group via a script, logon script, or some type of method other than
    SNEAKER NET :)

    The alternative is to try and figure out how to embed some admin credentials
    in the executable file that I am pushing out


    "Curtis Clay III [MSFT]" wrote:

    >
    > Hello Booker,
    >
    > The System account is not network routable. It has no authority outside of
    > the local machine account. What exactly are you looking to accomplish?
    >
    >
    > This posting is provided "AS IS" with no warranties, and confers no rights.
    >
    >
  3. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    "BookerW" <BookerW@discussions.microsoft.com> wrote in message
    news:DA17FD5F-5C16-4CD5-81E2-B53285B9EE63@microsoft.com...
    > When using SMS, when i try to distribute XP sp2, or MS office, or anything
    > that requires administrative crednetials, SMS will use either the
    > priviliges
    > of the logged on user, or the NT AUthority\System account. In our
    > environment, the NT Authority\System Account was removed from the
    > administrators group in our image before we pushed it out to all of the
    > machines. Now I want to see if it is possible to put that account back in
    > the admin group via a script, logon script, or some type of method other
    > than
    > SNEAKER NET :)
    >
    > The alternative is to try and figure out how to embed some admin
    > credentials
    > in the executable file that I am pushing out
    >
    >

    You can use the NET LOCALGROUP command in a batch file...

    But by default (out of the box install), NT AUTHORITY\SYSTEM is *not* a
    member of the administrators group.


    --
    Colin Nash
    Microsoft MVP
    Windows Shell/User
  4. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    i am "slowly" becoming a batch file/scripting guru, so if you could provide
    te exact command line to put in batch file, that would help. Would I be able
    to remove the account as well with this command. While i wait on your reply,
    i will look at the net localgroup /? options. Thanks


    "Colin Nash [MVP]" wrote:

    >
    > "BookerW" <BookerW@discussions.microsoft.com> wrote in message
    > news:DA17FD5F-5C16-4CD5-81E2-B53285B9EE63@microsoft.com...
    > > When using SMS, when i try to distribute XP sp2, or MS office, or anything
    > > that requires administrative crednetials, SMS will use either the
    > > priviliges
    > > of the logged on user, or the NT AUthority\System account. In our
    > > environment, the NT Authority\System Account was removed from the
    > > administrators group in our image before we pushed it out to all of the
    > > machines. Now I want to see if it is possible to put that account back in
    > > the admin group via a script, logon script, or some type of method other
    > > than
    > > SNEAKER NET :)
    > >
    > > The alternative is to try and figure out how to embed some admin
    > > credentials
    > > in the executable file that I am pushing out
    > >
    > >
    >
    > You can use the NET LOCALGROUP command in a batch file...
    >
    > But by default (out of the box install), NT AUTHORITY\SYSTEM is *not* a
    > member of the administrators group.
    >
    >
    >
    > --
    > Colin Nash
    > Microsoft MVP
    > Windows Shell/User
    >
    >
    >
  5. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    And, under what security context does the batch file run. Wouldn't i need
    administrator rights to add the account to the group?!

    "Colin Nash [MVP]" wrote:

    >
    > "BookerW" <BookerW@discussions.microsoft.com> wrote in message
    > news:DA17FD5F-5C16-4CD5-81E2-B53285B9EE63@microsoft.com...
    > > When using SMS, when i try to distribute XP sp2, or MS office, or anything
    > > that requires administrative crednetials, SMS will use either the
    > > priviliges
    > > of the logged on user, or the NT AUthority\System account. In our
    > > environment, the NT Authority\System Account was removed from the
    > > administrators group in our image before we pushed it out to all of the
    > > machines. Now I want to see if it is possible to put that account back in
    > > the admin group via a script, logon script, or some type of method other
    > > than
    > > SNEAKER NET :)
    > >
    > > The alternative is to try and figure out how to embed some admin
    > > credentials
    > > in the executable file that I am pushing out
    > >
    > >
    >
    > You can use the NET LOCALGROUP command in a batch file...
    >
    > But by default (out of the box install), NT AUTHORITY\SYSTEM is *not* a
    > member of the administrators group.
    >
    >
    >
    > --
    > Colin Nash
    > Microsoft MVP
    > Windows Shell/User
    >
    >
    >
  6. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    I just tested a simple bacth script

    net localgroup administrators /add system

    if it tries to run under a non administrative account, i get a
    System error 5 has occurred: Access is denied


    Which i expected, so i still need to find a way to pass along admin
    credentials to perform some of thee tasks.......
    "BookerW" wrote:

    >
    > And, under what security context does the batch file run. Wouldn't i need
    > administrator rights to add the account to the group?!
    >
    > "Colin Nash [MVP]" wrote:
    >
    > >
    > > "BookerW" <BookerW@discussions.microsoft.com> wrote in message
    > > news:DA17FD5F-5C16-4CD5-81E2-B53285B9EE63@microsoft.com...
    > > > When using SMS, when i try to distribute XP sp2, or MS office, or anything
    > > > that requires administrative crednetials, SMS will use either the
    > > > priviliges
    > > > of the logged on user, or the NT AUthority\System account. In our
    > > > environment, the NT Authority\System Account was removed from the
    > > > administrators group in our image before we pushed it out to all of the
    > > > machines. Now I want to see if it is possible to put that account back in
    > > > the admin group via a script, logon script, or some type of method other
    > > > than
    > > > SNEAKER NET :)
    > > >
    > > > The alternative is to try and figure out how to embed some admin
    > > > credentials
    > > > in the executable file that I am pushing out
    > > >
    > > >
    > >
    > > You can use the NET LOCALGROUP command in a batch file...
    > >
    > > But by default (out of the box install), NT AUTHORITY\SYSTEM is *not* a
    > > member of the administrators group.
    > >
    > >
    > >
    > > --
    > > Colin Nash
    > > Microsoft MVP
    > > Windows Shell/User
    > >
    > >
    > >
  7. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    "BookerW" <BookerW@discussions.microsoft.com> wrote in message
    news:A5153F37-2A1C-4D31-B7C8-92BAB41B9B74@microsoft.com...
    >
    > I just tested a simple bacth script
    >
    > net localgroup administrators /add system
    >
    > if it tries to run under a non administrative account, i get a
    > System error 5 has occurred: Access is denied
    >
    >
    > Which i expected, so i still need to find a way to pass along admin
    > credentials to perform some of thee tasks.......


    OK... you can remotely manage local groups from your own workstation, logged
    on with your credentials (as long as the remote system is turned on, of
    course.)

    On your XP machine, go to Start--> Run and type COMPMGMT.MSC
    Right-click on top where it says "Computer Management (Local)" ... choose
    "Connect to another computer" and type the name of the remote system.
    There's a local users and groups area where you can do what you need to do.

    You can also use a command-line version... cusrmgr.exe available in the
    Windows 2000/2003 resource kit. See
    http://support.microsoft.com/?kbid=297307 for a similar but slightly
    different scenario.

    This is of course a bit tedious because you need to manually punch in the
    computer names so there are some third-party tools that will let you
    highlight all online computers in the domain and do this in one shot. A
    popular tool is Hyena (and it can do a LOT more... great tool for network
    admins) See http://www.systemtools.com/index.html Of course, there is a
    cost but they have a free trial.


    --
    Colin Nash
    Microsoft MVP
    Windows Shell/User
Ask a new question

Read More

Computers Windows XP