Zum Inhalt springen
- Edit SearchBase.xml to define the OU (Searchbase) where to find your computeraccounts and where to save the created users and groups.
- Edit 12beAdmin.ps1 to define the SearchBase for your administrative groups, or the set a password minimum, otherwise the Value from Default Domain Policy will be taken. Also, there is the definition of the Wortliste.txt for your passphrases.
- Edit .\Xaml\12beAdmin.xaml to define your Domain Controller Names and the ending of your account names.
- Create groups for each system you want to manage. This can be done by script Task-BulkCreation-AdminGroups_and_AdminUsers.ps1. The script will create a global group and in Version 1.0 a user for each system in SearchBase.xml using this pattern: computername-admins for groups and computername-admin for users , e.g. PC-12345-admins and PC-12345-admin.
Version 1.*, removed feature in in Version 2.0:
The script also added a computer specific user „PC-12345-admin“ as a member of PC-12345-admins. You can run the script as a task to automatically create groups and users for newly domain joined systems. It will also remove groups and users, if the machine no longer exists in the scope of the searchbase.
- Create a group policy object that integrates the computername-admins into Administrators on every computer you want to manage.
Computerconfiguration\Preferences\Control Panel Items\Local Users and Groups -> New Group -> Update: Administrators (BuiltIn) -> Member Add -> %computername%-Admins
Use the System variable %computername%. Each system itself will resolve this variable and uses its own hostname. It searches automatically for a group in AD.
The GPO will work similar to the CLI command net localgroup Adminstrators %computername%-Admins /add
- Run
12beAdmin.ps1.
In case you want to hide the powershell command window create a shortcut on your desktop, run powershell.exe -WindowStyle Hidden _yourpath_\12beAdmin\12beAdmin.ps1 and change the icon of the shortcut.
Hiding the PoSH window will hide error messages aswell.
