RVY200410: Create User for ZeroTouch Execution

Description:

The script will configure an existing AD-User on a local machine to have all the necessary rights for a remote console zero touch inventory.

Therefore the script will perform the following tasks:

  • It will add the user to the following local groups: „Performance Monitor Users“, „Distributed COM Users“, „Remote Management Users“.
  • It will add the user to the root namespace in the WMI control with only read rights.
  • It will add the user to all the existing services with only read rights.

Prerequisites:

The following prerequisites need to befullfilled in order to execute this script:

  • The target user must be an existing AD-User where the following information are known:
    • the name of the user
    • the SID of the user
    • the domain of the user
  • Furthermore the user used for the installation must have admin rights on the target machine.

Preparation:

Get the user SID:

wmic useraccount where name=‘[SERVICEACCOUNT]‘ get sid

Open the script using a text editor (e.g Notepad++) and navigate tot he „Parameters“ section. Replace  „UserName“ with the name of the user, „UserSID“ with the SID of the user, and „Domain“ with the domain of the user (all values need to be entered between the two quotation marks).

Execution:

Run the script using either the command line or powershell. Use the following syntax:

cscript <pathToScript>\WMIUser_Script_v1.0.vbs

Troubleshooting:

For further information check the log file that has been created.

Example:

Example_Parameters.png

Attachment:

CreateUser_ZeroTouchExecution_v1.1.vbs.zip

Have more questions? Submit a request

Comments

Powered by Zendesk