Mass Add a user to a local group with a batch file
If you need to add a user from the domain let’s say to the local administrators group on a Windows 7 workstation, you would simply launch “lusrmgr.msc” and add the user to the group. However, if you have to mass add a user or remove a user to/from 100 workstations and you may be in an environment where time is essential, we can employ a script to do the hard work for us. Let us take a look at the components of the script and the other files we need to have in place to accomplish our objective:
Components:
- Batch file – Our batch file is going to employ a “for loop” which will allow us to loop through a list that we will create of all the workstations we need to add or remove from local groups
- List.txt – Our list file is a simple notepad text document that contains the computer names of all the workstations we want to add/remove users to/from groups
- PSEXEC.exe – Found on the Technet website here, PSEXEC is a lightweight telnet replacement that allows administrators to execute processes on remote systems
- Log file – The logfile does not have to be created beforehand as the batchfile will create it for us
Prerequisites
- User permissions – Besides having the files above in place and ready, we need to make sure that the user we are logged in with on our admin workstation is a user who has both domain permissions to add users as well as administrator privileges on the workstations to add users to the local administrators group.
- Name Resolution – Be sure you are able to resolve each of the computer names that you specify in your “List.txt” document – If you cannot resolve the names, the script will fail to add the user to the group
Files Setup:
- Add User Batch File Contents (copy and save to batch file with the .bat extension)
| @echo ON @setlocal set USER=”Put Your user here” set PASS=”Put Your Password here” set LIST=”Put Your list here.txt” SET LOG=log.txt for /f %%A in (%LIST%) do call :ADDLOCAL %%A :ADDLOCAL SET SERVER=%1>>%LOG% psexec \\\\%SERVER% net localgroup administrators “YourDomain\\Your User You Want to Add” /add |
- List.txt Contents (replace with names of your workstations)
| computer1 computer2 computer3 computer4 computer5 computer6 computer7 computer8 computer9 computer10 computer11 computer12 computer13 computer14 computer15 |
- If you want to Remove a user from a group:
| @echo ON @setlocal set USER=”Put Your user here” set PASS=”Put Your Password here” set LIST=”Put Your list here.txt” SET LOG=log.txt for /f %%A in (%LIST%) do call :ADDLOCAL %%A :ADDLOCAL SET SERVER=%1>>%LOG% psexec \\\\%SERVER% net localgroup administrators “YourDomain\\Your User You Want to Remove” /delete |
Running the Process:
After you have setup the files and have downloaded a copy of the PSEXEC utility, you are ready to run the batch file. Also make sure you are running the files from within the same folder as the batch file will look for PSEXEC in the same folder.
Final Thoughts:
As administrators we have to look for ways to work smarter and more efficient. Scripts including batch files can make things much easier to administer our environments.
