By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,836 Members | 2,057 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,836 IT Pros & Developers. It's quick & easy.

Adding domain user to local groups

P: n/a
Hi,

I have a webform, with 2 textboxs and a submit button. In the text box1, i
enter a username and in textbox2 I enter the computer name. Both the username
and computer name is in active directory.

When i click submit, I want to add the username from textbox1 into the local
administrators group on the computer name from textbox2.

I want to use vb.net as the programming language.

can someone please give me some code examples on how i should do this?

Thank yo so much!
Dec 23 '05 #1
Share this Question
Share on Google+
5 Replies


P: n/a
I think this is a bad idea. You're going to impersonate the web
application's running identity to by the "domain admins" to do this, and
this can lead to all kinds of trouble if your web site is being attacked.

"Rocky" <Ro***@discussions.microsoft.com> 级糶秎ン穝籇:26********************************* *@microsoft.com...
Hi,

I have a webform, with 2 textboxs and a submit button. In the text box1, i
enter a username and in textbox2 I enter the computer name. Both the
username
and computer name is in active directory.

When i click submit, I want to add the username from textbox1 into the
local
administrators group on the computer name from textbox2.

I want to use vb.net as the programming language.

can someone please give me some code examples on how i should do this?

Thank yo so much!

Dec 23 '05 #2

P: n/a
I don't want to add to the domain admins, i want to add to the LOCAL Admins
of a machine.

"Lau Lei Cheong" wrote:
I think this is a bad idea. You're going to impersonate the web
application's running identity to by the "domain admins" to do this, and
this can lead to all kinds of trouble if your web site is being attacked.

"Rocky" <Ro***@discussions.microsoft.com> 录露录g漏贸露l楼贸路s禄D:26*********************** ***********@microsoft.com...
Hi,

I have a webform, with 2 textboxs and a submit button. In the text box1, i
enter a username and in textbox2 I enter the computer name. Both the
username
and computer name is in active directory.

When i click submit, I want to add the username from textbox1 into the
local
administrators group on the computer name from textbox2.

I want to use vb.net as the programming language.

can someone please give me some code examples on how i should do this?

Thank yo so much!


Dec 23 '05 #3

P: n/a
But you need the Web Application to be run as "domain admins" to add a user
to administrators group of "Any computer in domain"

This is obvious. To add the user in "local administrators" group you'll also
need to be one of the members in the group, and the only AD entry
that is "local administrators" of all computers in the domain is the "domain
admin" group.

If you create other group/user that is the "local administrators" of all
computers in the domain, you're creating another "domain admin"
group/user anyway, and will have similar security risk.

"Rocky" <Ro***@discussions.microsoft.com> 级糶秎ン穝籇:85********************************* *@microsoft.com...
I don't want to add to the domain admins, i want to add to the LOCAL Admins
of a machine.

"Lau Lei Cheong" wrote:
I think this is a bad idea. You're going to impersonate the web
application's running identity to by the "domain admins" to do this, and
this can lead to all kinds of trouble if your web site is being attacked.

"Rocky" <Ro***@discussions.microsoft.com> ???gco?los?D:26******************************* ***@microsoft.com...
> Hi,
>
> I have a webform, with 2 textboxs and a submit button. In the text
> box1, i
> enter a username and in textbox2 I enter the computer name. Both the
> username
> and computer name is in active directory.
>
> When i click submit, I want to add the username from textbox1 into the
> local
> administrators group on the computer name from textbox2.
>
> I want to use vb.net as the programming language.
>
> can someone please give me some code examples on how i should do this?
>
> Thank yo so much!


Dec 23 '05 #4

P: n/a
I know i need to run it as a domain admin, i know i have to be one of the
members, i know all the security risks. MY QUESTION IS HOW DO I DO IT?????
WHAT IS THE ASP.NET AND VB.NET
CODE??????????????????????????????????????????????/

"Lau Lei Cheong" wrote:
But you need the Web Application to be run as "domain admins" to add a user
to administrators group of "Any computer in domain"

This is obvious. To add the user in "local administrators" group you'll also
need to be one of the members in the group, and the only AD entry
that is "local administrators" of all computers in the domain is the "domain
admin" group.

If you create other group/user that is the "local administrators" of all
computers in the domain, you're creating another "domain admin"
group/user anyway, and will have similar security risk.

"Rocky" <Ro***@discussions.microsoft.com> 录露录g漏贸露l楼贸路s禄D:85*********************** ***********@microsoft.com...
I don't want to add to the domain admins, i want to add to the LOCAL Admins
of a machine.

"Lau Lei Cheong" wrote:
I think this is a bad idea. You're going to impersonate the web
application's running identity to by the "domain admins" to do this, and
this can lead to all kinds of trouble if your web site is being attacked.

"Rocky" <Ro***@discussions.microsoft.com> ???gco?l垄Do隆Ps?D:26***************************** *****@microsoft.com...

> Hi,
>
> I have a webform, with 2 textboxs and a submit button. In the text
> box1, i
> enter a username and in textbox2 I enter the computer name. Both the
> username
> and computer name is in active directory.
>
> When i click submit, I want to add the username from textbox1 into the
> local
> administrators group on the computer name from textbox2.
>
> I want to use vb.net as the programming language.
>
> can someone please give me some code examples on how i should do this?
>
> Thank yo so much!


Dec 27 '05 #5

P: n/a
Ok, having reminded you about the security risks, here are probably what you
want:

a VB script that will allow the chang of the local admin password from a
remote box
http://www.experts-exchange.com/Secu..._20946526.html

Add User to Group w/COM
http://www.adminscripteditor.com/scr...view.asp?id=44

Although the above 2 are not the direct anwser, but you should have no
problem combine both to get what you want.

"Rocky" <Ro***@discussions.microsoft.com> 级糶秎ン穝籇:DA********************************* *@microsoft.com...
I know i need to run it as a domain admin, i know i have to be one of the
members, i know all the security risks. MY QUESTION IS HOW DO I DO IT?????
WHAT IS THE ASP.NET AND VB.NET
CODE??????????????????????????????????????????????/

"Lau Lei Cheong" wrote:
But you need the Web Application to be run as "domain admins" to add a
user
to administrators group of "Any computer in domain"

This is obvious. To add the user in "local administrators" group you'll
also
need to be one of the members in the group, and the only AD entry
that is "local administrators" of all computers in the domain is the
"domain
admin" group.

If you create other group/user that is the "local administrators" of all
computers in the domain, you're creating another "domain admin"
group/user anyway, and will have similar security risk.

"Rocky" <Ro***@discussions.microsoft.com> ???gco?los?D:85******************************* ***@microsoft.com...
>I don't want to add to the domain admins, i want to add to the LOCAL
>Admins
> of a machine.
>
> "Lau Lei Cheong" wrote:
>
>> I think this is a bad idea. You're going to impersonate the web
>> application's running identity to by the "domain admins" to do this,
>> and
>> this can lead to all kinds of trouble if your web site is being
>> attacked.
>>
>> "Rocky" <Ro***@discussions.microsoft.com> ???gco?lDo!Ps?D:26****************************** ****@microsoft.com...
>>
>> > Hi,
>> >
>> > I have a webform, with 2 textboxs and a submit button. In the text
>> > box1, i
>> > enter a username and in textbox2 I enter the computer name. Both the
>> > username
>> > and computer name is in active directory.
>> >
>> > When i click submit, I want to add the username from textbox1 into
>> > the
>> > local
>> > administrators group on the computer name from textbox2.
>> >
>> > I want to use vb.net as the programming language.
>> >
>> > can someone please give me some code examples on how i should do
>> > this?
>> >
>> > Thank yo so much!
>>
>>
>>


Dec 28 '05 #6

This discussion thread is closed

Replies have been disabled for this discussion.