After two questions are raised in the previous article "self-made Windows 7 registry key value Modification service", another new problem is encountered today. To avoid virus infection in the domain and prevent installation of pirated software. Domain Users are not allowed to join the Local Computer Administrator group in the company group policy. This means that no software can be installed without the local administrator (ladmin) or the domain administrator (dadmin) permission, for a user in Windows 7, the user UAC is required to enter the user name and password of ladmin or dadmin.
Solution
In fact, the best way to do this is to use the domain user (for example, companydomain \ user007) to enter the system and then use the ladmin or dadmin permission to add user007 to the local administrator group, however, you must have the administrator privilege. Someone may ask, "Is it okay to log on directly using the local administrator ?" This solution is indeed feasible, but after all, the user007 user in the domain has some permissions to Browse File Server directories and emails, So if you use ladmin to log on, you may also need to enter user007 username/password.
The most permanent way is to use services ). The service requires no manual settings, saving time and effort. Second, the service runs with the administrator privilege. That is to say, we can add user007 to the local administrator group without any ladmin or dadmin. This is also the root cause of service use. In this way, you can use system. directoryservices to complete a simple service.Program.
Using System; Using System. directoryservices;Using System. collections; Namespace adddomainusertoadmingroup { Class Adduseropt { Public static void Adduser (){
DirectoryentryAdroot = New Directoryentry( String. Format ( "Winnt ://"+ Environment. Userdomainname ));
DirectoryentryUser = adroot. Children. Find ( "User007", "User");
Bool Userin = False ; String Userpath = @ "Winnt: // companydomain/user007" ; Directoryentry Localroot = New Directoryentry ( "Winnt ://" + Environment . Machinename + ", Computer" ); Directoryentry Group = localroot. Children. Find ("Administrators" , "Group" ); Object Members = group. Invoke ( "Members" , Null ); Foreach ( Object Member In ( Ienumerable ) Members ){ Directoryentry Useringroup = New Directoryentry (Member );If (Useringroup. Path. tostring () = userpath) {userin = True ; Break ;}} If (! Userin) {group. Invoke ( "Add" , New Object [] {Userpath });}} }}
AboveCodeFirst, read all users in the local administrator group. If user007 does not exist in the user, add it through the directoryentry. Invoke method. In addition, the part is used to obtain the userpath value (the following Code). However, if the computer is not used in the domain or is not connected to the network, the service will not be able to detect user007, the Service will not work normally. Therefore, you can directly assign userpath to "winnt: // companydomain/user007.
StringUserpath = user. Path. tostring ();
Related Materials
1. directoryentry. Invoke Method
Http://msdn.microsoft.com/en-us/library/system.directoryservices.directoryentry.invoke (V = vs.80). aspx
2. directoryentry class
Http://msdn.microsoft.com/en-us/library/system.directoryservices.directoryentry (V = vs.80). aspx