How to…. add and check local account that has admin rights in multiple servers
Like I have said before, the corp environment we are often asked how to do simple things on multiple number of servers… Here today I would like to share how to check your local admin accounts and add domain groups for the local admin rights.
For some reason I always thought PSExec from Mark Russinovich, has been one of the most used tool for a windows administrator in a large corp environment. I was wondering why didn’t Microsoft include a tool like that for admins to administer their platform… looks like MS had a bigger and brighter idea… buy them!
Ever since, Microsoft bought them up, its getting better and better by coming out with a new version of PSTools. Linux enthusiast will moan that this would be nothing new to them…. well.. good for them..
Anyway using PSTools I will show how to add and check the local admin account membership for multiple servers, and you will scream at the simplicity of how powerful PSExec is.
See! How simple it is…What you see is actually a simple for loop that iterates through a serverlist.txt file. So you will need to have a serverlist.txt file in the same folder. Running psExec, we connect to the servers in the list one by one and run the command net localgroup. So using this command you can run /add or /delete if you need to add/delete the domain group that you would like to add for the local administrator. So in summary you will have two files in one folder, the bat file e.g. adding.bat and also the serverlist.txt file where you specify what servers you would like to do the change.
So here it is folks, the simple world of remote admin for windows.
P.S. You will need to have administrator access to the machines first before you can run these bat script.