Automating Updates to Local Groups On Member Servers

• Microsoft Windows NT Workstation versions 3.5, 3.51, and 4.0
• Microsoft Windows NT Server versions 3.5, 3.51, and 4.0

SUMMARY

Batch files can be used to remotely add user accounts to local groups on all computers running Windows NT Server or Windows NT Workstation in a domain environment.

MORE INFORMATION

This article demonstrates how to create a batch file system that will add a user to all local administrators groups located on every computer running Windows NT Server and Workstation within a domain environment.

The batch file system uses Netdom.exe from the Windows NT 4.0 Resource Kit to create a list of computers running Windows NT that are operating as member servers or workstations in a domain. After the list is created, each computer from the list is pinged to determine if the computer is currently online. If the computer is online, Addusers.exe will be called to place a new user in the computer's local administrators group. If a computer was online, its name will be placed in a temporary file. After all computers have been processed, the temporary file will be compared to the list of computers from the domain, to create a new list of computers that have not yet been updated. This batch file system can be run multiple times to target only the computers that still need to be processed.

To create these batch files, perform the following steps:

1. Create the following batch files from the listing below:

         INSUSER.BAT, SUB1.BAT, SUB2.BAT, SUB3.BAT, SUB4.BAT,
         SUB5.BAT, and ADDUSERS.DAT.
   

2. Edit the first line of INSUSER.BAT to reflect the domain name where the target computers are located.

3. Change the <domain\user> in the second line in Addusers.dat to reflect the name of the user you wish to add to each computer's local administrators group. Make sure there are no blank lines at the top of the Addusers.dat file.

4. Log on into the network with domain administrator credentials for the domain you wish to modify. Make sure the Windows NT 4.0 Resource Kit has been installed, and is accessible through the system path. This system uses Netdom.exe and Addusers.exe from the resource kit.

5. Cary out the INSUSER.BAT. This batch file may take many hours to complete.

6. Examine the contents of Complete.txt and Working.txt. The Complete.txt file contains the names of the computers that were updated, the Working.txt file contains the names of the computers that still need processing.

If you need start the entire process over from scratch, delete all .txt Files, then start at Step 1.

Filename: INSUSER.BAT

set CurrentDomain=mydomain echo off cls if (%CurrentDomain%) == (mydomain) echo Edit the first line of INSUSER.BAT. if (%CurrentDomain%) == (mydomain) echo then rerun INSUSER.BAT if (%CurrentDomain%) == (mydomain) goto verybottom if not exist addusers.dat goto DisplayAddUsers rem *** Display current variable settings *** echo Current domain is %CurrentDomain%. echo. rem *** Determine if working list is present *** If exist working.txt echo Working list detected, resuming batch process. If exist working.txt goto SkipCreateList echo Creating a list of member servers in %CurrentDomain%. echo. netdom /d:%CurrentDomain% member > working.txt rem *** Remove NETDOM formatting from server names *** if exist temp.txt del temp.txt for /F "skip=6 delims=\\ tokens=2" %%a in (working.txt) do call sub1.bat %%a del working.txt ren temp.txt working.txt :SkipCreateList rem *** Determine if machine is online *** if exist online.txt del online.txt for /F "delims=\\ tokens=1" %%a in (working.txt) do call sub2.bat %%a rem *** Remove servers that have been processed from WORKING.TXT *** if not exist online.txt goto NoServersOnline echo. echo Updating list of servers that need to be processed. for /F "delims= tokens=1" %%a in (online.txt) do call sub4.bat %%a echo List complete. goto Bottom :DisplayAddUsers Echo. Echo. You must modify the contents of ADDUSERS.DA, then rename the Echo. file to ADDUSERS.DAT. Then re-run this batch file. goto verybottom :NoServersOnline Echo. Echo There are no servers currently online that can be processed. :Bottom echo. echo ------------------------------------ echo --- Finished processing servers. --- echo ------------------------------------ :verybottom

Filename: SUB1.BAT

rem *** Remove formatting from Netdom output *** echo %1 >> temp.txt

Filename: SUB2.BAT

echo Pinging %1... ping %1 > PING.TXT for /F "skip=6 delims= tokens=4" %%a in (PING.TXT) do call sub3.bat %%a %1 del PING.TXT

Filename: SUB3.BAT

rem *** If server is online it will be logged in online.txt for ***

rem *** processing later.                                       ***
rem ***    %2 is a bogus variable, thrown away.

Filename: SUB4.BAT

rem *** loop thru each name in working.txt and remove servers that were ***

rem *** in online.txt.                                                  ***

Filename: SUB5.BAT

rem *** Filter out servers that have been updated *** rem %1 is name from working.txt rem %2 is name from online.txt if (%1) == (%2) echo %1 >> complete.txt if not (%1) == (%2) echo %1 >> temp.txt

Filename: ADDUSERS.DAT

[Local] Administrators,Members can fully administer the computer,<domain\user>,

Keywords          : ntdomain ntsecurity NTSrvWkst
Version           : WinNT:3.5,3.51,4.0
Platform          : winnt
Hardware          : x86
Issue type        : kbinfo