Using
NETDOM.EXE, and
PsExec.exe,
I have scripted
Workstation.bat.
The usage syntax is:
Workstation Domain Account Password Object Batch ReportFile
where:
| Domain | The NetBIOS domain name. |
| Account | A Domain Admin account in the Domain, used to reference account "Domain\Account". |
| Password | The password for the "Domain\Account" account. |
| Object | A list of computer types to be included:
W - Member Workstations
S - Member Servers
P - PDC (emulator)
D - Domain Controllers. |
| Batch | The fully qualified URL to the program or batch (\\Server\Share\program or batch). |
Workstation.bat contains:
@echo off
setlocal
if {%1} EQU {} goto syntax
if {%2} EQU {} goto syntax
if {%3} EQU {} goto syntax
if {%4} EQU {} goto syntax
if {%5} EQU {} goto syntax
if {%6} EQU {} goto syntax
set pw=%3
set pw=%pw:"=%
set Object=%4
set object=%object:"=%
set batch=%5
set report=%6
set domacct=%1\%2
set domacct="%domacct:"=%"
if NOT "%batch:~1,1%" EQU "\" goto syntax
if NOT exist %batch% goto syntax
if exist %report% del /q %report%
if "%object:~4,1%" NEQ "" goto syntax
set OK=Y
for /f "Tokens=*" %%a in ('@echo %object:~0,1%^|Findstr /I /V "W S P D"') do (
set OK=N
)
for /f "Tokens=*" %%a in ('@echo %object:~1,1%^|Findstr /I /V "W S P D"') do (
set OK=N
)
for /f "Tokens=*" %%a in ('@echo %object:~2,1%^|Findstr /I /V "W S P D"') do (
set OK=N
)
for /f "Tokens=*" %%a in ('@echo %object:~3,1%^|Findstr /I /V "W S P D"') do (
set OK=N
)
if "%OK%" EQU "N" goto syntax
for /f "Tokens=*" %%a in ('@echo %object%^|Findstr /I /C:"W"') do (
for /f "Skip=1 Tokens=1" %%i in ('netdom query /d:%USERDNSDOMAIN% WORKSTATION^|findstr /I /V /C:"The command completed successfully."') do (
call :computer "%%i"
)
)
for /f "Tokens=*" %%a in ('@echo %object%^|Findstr /I /C:"S"') do (
for /f "Skip=1 Tokens=1" %%i in ('netdom query /d:%USERDNSDOMAIN% SERVER^|findstr /I /V /C:"The command completed successfully."') do (
call :computer "%%i"
)
)
for /f "Tokens=*" %%a in ('@echo %object%^|Findstr /I /C:"P"') do (
for /f "Skip=1 Tokens=1" %%i in ('netdom query /d:%USERDNSDOMAIN% PDC^|findstr /I /V /C:"The command completed successfully."') do (
call :computer "%%i"
)
)
for /f "Tokens=*" %%a in ('@echo %object%^|Findstr /I /C:"D"') do (
for /f "Skip=1 Tokens=1" %%i in ('netdom query /d:%USERDNSDOMAIN% DC^|findstr /I /V /C:"The command completed successfully."') do (
call :computer "%%i"
)
)
endlocal
goto :EOF
:syntax
@echo Syntax: Workstation Domain Account Password Object Batch
endlocal
goto :EOF
:computer
set machine=%1
set machine=%machine:"=%
for /f "Tokens=*" %%j in ('@echo %%machine:.%USERDNSDOMAIN%^=%%') do set machine=%%j
@echo Begin Computer=%machine%>>%Report%
PsExec \\%machine% -u %domacct% -p %pw% %batch%>>%Report%
Demonstration of Usage:
To add the
Domain Users group to the local
Administrators group, on every member Workstation and Server in your domain:
1. Create a \\Server\Share\admin.bat that contains:
@echo off
net localgroup Administrators "<YourDomainName>\Domain Users" /ADD
2. Run Workstation Domain Account Password WS \\Server\Share\admin.bat \\Server\Share\Report.log
NOTE: You can run this from your workstation, if all the required tools are installed.