Add domain users to the local administrator group (C #, Windows 7, and service)

Source: Internet
Author: User

After two questions are raised in the previous article "self-made Windows 7 registry key value Modification service", another new problem is encountered today. To avoid virus infection in the domain and prevent installation of pirated software. Domain Users are not allowed to join the Local Computer Administrator group in the company group policy. This means that no software can be installed without the local administrator (ladmin) or the domain administrator (dadmin) permission, for a user in Windows 7, the user UAC is required to enter the user name and password of ladmin or dadmin.

Solution

In fact, the best way to do this is to use the domain user (for example, companydomain \ user007) to enter the system and then use the ladmin or dadmin permission to add user007 to the local administrator group, however, you must have the administrator privilege. Someone may ask, "Is it okay to log on directly using the local administrator ?" This solution is indeed feasible, but after all, the user007 user in the domain has some permissions to Browse File Server directories and emails, So if you use ladmin to log on, you may also need to enter user007 username/password.

The most permanent way is to use services ). The service requires no manual settings, saving time and effort. Second, the service runs with the administrator privilege. That is to say, we can add user007 to the local administrator group without any ladmin or dadmin. This is also the root cause of service use. In this way, you can use system. directoryservices to complete a simple service.Program.

 Using System; Using System. directoryservices;Using System. collections; Namespace adddomainusertoadmingroup { Class  Adduseropt { Public static void Adduser (){
 
  
  
   DirectoryentryAdroot = New Directoryentry( String. Format ( "Winnt ://"+ Environment. Userdomainname )); 
   
 
             
 
  
  
   DirectoryentryUser = adroot. Children. Find ( "User007", "User"); 
   
 
             Bool Userin = False ; String Userpath = @ "Winnt: // companydomain/user007" ; Directoryentry Localroot = New  Directoryentry ( "Winnt ://" + Environment . Machinename + ", Computer" ); Directoryentry Group = localroot. Children. Find ("Administrators" , "Group" ); Object Members = group. Invoke ( "Members" , Null ); Foreach ( Object Member In ( Ienumerable ) Members ){ Directoryentry Useringroup = New  Directoryentry (Member );If (Useringroup. Path. tostring () = userpath) {userin = True ; Break ;}} If (! Userin) {group. Invoke ( "Add" , New  Object [] {Userpath });}}  }}

AboveCodeFirst, read all users in the local administrator group. If user007 does not exist in the user, add it through the directoryentry. Invoke method. In addition, the part is used to obtain the userpath value (the following Code). However, if the computer is not used in the domain or is not connected to the network, the service will not be able to detect user007, the Service will not work normally. Therefore, you can directly assign userpath to "winnt: // companydomain/user007.

 
StringUserpath = user. Path. tostring ();

Related Materials

1. directoryentry. Invoke Method

Http://msdn.microsoft.com/en-us/library/system.directoryservices.directoryentry.invoke (V = vs.80). aspx

2. directoryentry class

Http://msdn.microsoft.com/en-us/library/system.directoryservices.directoryentry (V = vs.80). aspx

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.