Adding domain user to local groups

I think this is a bad idea. You're going to impersonate the web
application's running identity to by the "domain admins" to do this, and
this can lead to all kinds of trouble if your web site is being attacked.

"Rocky" <Ro***@discussions.microsoft.com> ¼¶¼g©ó¶l¥ó·s»D:26********************************* *@microsoft.com...

Hi,

I have a webform, with 2 textboxs and a submit button. In the text box1, i
enter a username and in textbox2 I enter the computer name. Both the
username
and computer name is in active directory.

When i click submit, I want to add the username from textbox1 into the
local
administrators group on the computer name from textbox2.

I want to use vb.net as the programming language.

can someone please give me some code examples on how i should do this?

Thank yo so much!

I don't want to add to the domain admins, i want to add to the LOCAL Admins
of a machine.

"Lau Lei Cheong" wrote:

I think this is a bad idea. You're going to impersonate the web
application's running identity to by the "domain admins" to do this, and
this can lead to all kinds of trouble if your web site is being attacked.

"Rocky" <Ro***@discussions.microsoft.com> ¼¶¼g©ó¶l¥ó·s»D:26*********************** ***********@microsoft.com...

Hi,

I have a webform, with 2 textboxs and a submit button. In the text box1, i
enter a username and in textbox2 I enter the computer name. Both the
username
and computer name is in active directory.

When i click submit, I want to add the username from textbox1 into the
local
administrators group on the computer name from textbox2.

I want to use vb.net as the programming language.

can someone please give me some code examples on how i should do this?

Thank yo so much!

But you need the Web Application to be run as "domain admins" to add a user
to administrators group of "Any computer in domain"

This is obvious. To add the user in "local administrators" group you'll also
need to be one of the members in the group, and the only AD entry
that is "local administrators" of all computers in the domain is the "domain
admin" group.

If you create other group/user that is the "local administrators" of all
computers in the domain, you're creating another "domain admin"
group/user anyway, and will have similar security risk.

"Rocky" <Ro***@discussions.microsoft.com> ¼¶¼g©ó¶l¥ó·s»D:85********************************* *@microsoft.com...

I don't want to add to the domain admins, i want to add to the LOCAL Admins
of a machine.

"Lau Lei Cheong" wrote:

I think this is a bad idea. You're going to impersonate the web
application's running identity to by the "domain admins" to do this, and
this can lead to all kinds of trouble if your web site is being attacked.

"Rocky" <Ro***@discussions.microsoft.com> ???gco?l¢Do¡Ps?D:26******************************* ***@microsoft.com...

> Hi,
>
> I have a webform, with 2 textboxs and a submit button. In the text
> box1, i
> enter a username and in textbox2 I enter the computer name. Both the
> username
> and computer name is in active directory.
>
> When i click submit, I want to add the username from textbox1 into the
> local
> administrators group on the computer name from textbox2.
>
> I want to use vb.net as the programming language.
>
> can someone please give me some code examples on how i should do this?
>
> Thank yo so much!

I know i need to run it as a domain admin, i know i have to be one of the
members, i know all the security risks. MY QUESTION IS HOW DO I DO IT?????
WHAT IS THE ASP.NET AND VB.NET
CODE??????????????????????????????????????????????/

"Lau Lei Cheong" wrote:

But you need the Web Application to be run as "domain admins" to add a user
to administrators group of "Any computer in domain"

This is obvious. To add the user in "local administrators" group you'll also
need to be one of the members in the group, and the only AD entry
that is "local administrators" of all computers in the domain is the "domain
admin" group.

If you create other group/user that is the "local administrators" of all
computers in the domain, you're creating another "domain admin"
group/user anyway, and will have similar security risk.

"Rocky" <Ro***@discussions.microsoft.com> ¼¶¼g©ó¶l¥ó·s»D:85*********************** ***********@microsoft.com...

I don't want to add to the domain admins, i want to add to the LOCAL Admins
of a machine.

"Lau Lei Cheong" wrote:

I think this is a bad idea. You're going to impersonate the web
application's running identity to by the "domain admins" to do this, and
this can lead to all kinds of trouble if your web site is being attacked.

"Rocky" <Ro***@discussions.microsoft.com> ???gco?l¢Do¡Ps?D:26***************************** *****@microsoft.com...

> Hi,
>
> I have a webform, with 2 textboxs and a submit button. In the text
> box1, i
> enter a username and in textbox2 I enter the computer name. Both the
> username
> and computer name is in active directory.
>
> When i click submit, I want to add the username from textbox1 into the
> local
> administrators group on the computer name from textbox2.
>
> I want to use vb.net as the programming language.
>
> can someone please give me some code examples on how i should do this?
>
> Thank yo so much!

Ok, having reminded you about the security risks, here are probably what you
want:

a VB script that will allow the chang of the local admin password from a
remote box
http://www.experts-exchange.com/Secu..._20946526.html

Add User to Group w/COM
http://www.adminscripteditor.com/scr...view.asp?id=44

Although the above 2 are not the direct anwser, but you should have no
problem combine both to get what you want.

"Rocky" <Ro***@discussions.microsoft.com> ¼¶¼g©ó¶l¥ó·s»D:DA********************************* *@microsoft.com...

I know i need to run it as a domain admin, i know i have to be one of the
members, i know all the security risks. MY QUESTION IS HOW DO I DO IT?????
WHAT IS THE ASP.NET AND VB.NET
CODE??????????????????????????????????????????????/

"Lau Lei Cheong" wrote:

But you need the Web Application to be run as "domain admins" to add a
user
to administrators group of "Any computer in domain"

This is obvious. To add the user in "local administrators" group you'll
also
need to be one of the members in the group, and the only AD entry
that is "local administrators" of all computers in the domain is the
"domain
admin" group.

If you create other group/user that is the "local administrators" of all
computers in the domain, you're creating another "domain admin"
group/user anyway, and will have similar security risk.

"Rocky" <Ro***@discussions.microsoft.com> ???gco?l¢Do¡Ps?D:85******************************* ***@microsoft.com...

>I don't want to add to the domain admins, i want to add to the LOCAL
>Admins
> of a machine.
>
> "Lau Lei Cheong" wrote:
>
>> I think this is a bad idea. You're going to impersonate the web
>> application's running identity to by the "domain admins" to do this,
>> and
>> this can lead to all kinds of trouble if your web site is being
>> attacked.
>>
>> "Rocky" <Ro***@discussions.microsoft.com> ???gco?l¢FDo!Ps?D:26****************************** ****@microsoft.com...
>>
>> > Hi,
>> >
>> > I have a webform, with 2 textboxs and a submit button. In the text
>> > box1, i
>> > enter a username and in textbox2 I enter the computer name. Both the
>> > username
>> > and computer name is in active directory.
>> >
>> > When i click submit, I want to add the username from textbox1 into
>> > the
>> > local
>> > administrators group on the computer name from textbox2.
>> >
>> > I want to use vb.net as the programming language.
>> >
>> > can someone please give me some code examples on how i should do
>> > this?
>> >
>> > Thank yo so much!
>>
>>
>>