Adding your Desktop Admin Groups to One Global Group for Administrators

One idea that has come up and is really handy, is creating a general support user so that you can login to machines and have Administrative rights to that machine. We have many groups, and each group has a Desktop Admin group that we add people to who need Administrative access. But we also use it to remove people that seem to abuse it.

Instead of manually adding the groups one by one, you can use dsquery and dsmod. You simple do a query to find the groups that you’ve created. In this example we’re looking for anything that ends in “Desktop Admin”:

dsquery group domainroot -name “*Desktop Admin”

Which returns all of the groups we need. Next step is to take the Global Desktop Admin group and add it to all of these groups. This is simple with dsmod:

dsquery group domainroot -name “*Desktop Admin” | dsmod group -addmbr “CN=Global Desktop Admin,OU=Network Admin,OU=Groups,DC=DOMAIN,DC=LAN”

Voila! Done.


Did you like this article?


0 Shares:
You May Also Like

Linksys WRT54G and WRT54GL Being Phased Out?

I went to pick up a Wireless Router from a local computer shop http://www.a-power.com in hopes of grabbing a WRT54GL or at least a WRT54GS. The main reason being that I could flash the hardware to run DD-WRT http://www.dd-wrt.com which is a third part open source router firmware.
Read More

Official Jailbreak for iPhone 2.1 Firmware Released OSX Only

There is now an official iphone-dev.org version of QuickPwn that supports the 2.1 firmware released by Apple on friday.
Some of the popular press and blogs have been backing the opposition. :-) While criticism and competition is fine it should be reported correctly, with all the facts. and certainly minus the FUD. Do you guys think we are “less and less relevant with each passing day” ? We don’t think so, and we certainly prefer our hacks to theirs. ;-) Though even if the world deems us irrelevant, the iPhone family of devices is still fun to hack!
Read More