Windows

Mass Add a user to a local group with a batch file

If you need to add a user from the domain let’s say to the local administrators group on a Windows 7 workstation, you would simply launch “lusrmgr.msc” and add the user to the group.  However, if you have to mass add a user or remove a user to/from 100 workstations and you may be in an environment where time is essential, we can employ a script to do the hard work for us.  Let us take a look at the components of the script and the other files we need to have in place to accomplish our objective:

Components:

  • Batch file – Our batch file is going to employ a “for loop” which will allow us to loop through a list that we will create of all the workstations we need to add or remove from local groups
  • List.txt – Our list file is a simple notepad text document that contains the computer names of all the workstations we want to add/remove users to/from groups
  • PSEXEC.exe – Found on the Technet website here, PSEXEC is a lightweight telnet replacement that allows administrators to execute processes on remote systems
  • Log file – The logfile does not have to be created beforehand as the batchfile will create it for us

Prerequisites

  • User permissions – Besides having the files above in place and ready, we need to make sure that the user we are logged in with on our admin workstation is a user who has both domain permissions to add users as well as administrator privileges on the workstations to add users to the local administrators group.
  • Name Resolution – Be sure you are able to resolve each of the computer names that you specify in your “List.txt” document – If you cannot resolve the names, the script will fail to add the user to the group

Files Setup:

  • Add User Batch File Contents (copy and save to batch file with the .bat extension)
@echo ON
@setlocal
set USER=”Put Your user here”
set PASS=”Put Your Password here”
set LIST=”Put Your list here.txt”
SET LOG=log.txt

for /f %%A in (%LIST%) do call :ADDLOCAL %%A

:ADDLOCAL

SET SERVER=%1>>%LOG%

psexec \\\\%SERVER% net localgroup administrators “YourDomain\\Your User You Want to Add” /add

  •  List.txt Contents (replace with names of your workstations)
computer1
computer2
computer3
computer4
computer5
computer6
computer7
computer8
computer9
computer10
computer11
computer12
computer13
computer14
computer15
  • If you want to Remove a user from a group:
@echo ON
@setlocal
set USER=”Put Your user here”
set PASS=”Put Your Password here”
set LIST=”Put Your list here.txt”
SET LOG=log.txt

for /f %%A in (%LIST%) do call :ADDLOCAL %%A

:ADDLOCAL

SET SERVER=%1>>%LOG%

psexec \\\\%SERVER% net localgroup administrators “YourDomain\\Your User You Want to Remove” /delete

 

Running the Process:

After you have setup the files and have downloaded a copy of the PSEXEC utility, you are ready to run the batch fileAlso make sure you are running the files from within the same folder as the batch file will look for PSEXEC in the same folder.

Final Thoughts:

As administrators we have to look for ways to work smarter and more efficient.  Scripts including batch files can make things much easier to administer our environments. 

Back to top button