I asked this question in another thread after I found a solution so i apologize if this is a repeat for some.
Situation: Newly imaged Windows 7 PC
We run the Part1 script to:
- Add the PC to the Domain and specific OU based on Computer Type.
- Add a user to Local Administrators Group
- Reboots the PC and adds a reg entry to start Part2
Part2 simply adds a 4 digit code to the Description field of the PC's Active Directory entry and then kicks off the install script for System Center Configuration Manager.
The problem is that when i was testing everything I forgot that Joe User whose name we would be entering as the Local Admin does not have the same rights as me.
I am looking for a way to add a 4 digit value to the Description Field of the PC's Active Directory entry. here are the scripts i am using:
Part1
## ADD PC TO BLAIRNET USING SETUP ID
$CN = $env:COMPUTERNAME
$type = (Get-WmiObject win32_computersystem).pcsystemtype
$domain = "DOMAIN"
$username = "$domain\user"
$password = "123PASSword" | ConvertTo-SecureString -asPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential($username,$password)
$OUPath1 = "OU=ComputersWB,DC=DOMAIN,DC=NET"
$OUPath2 = "OU=ComputersUTIMACO,DC=DOMAIN,DC=NET"
switch -Regex ($type)
{
"1" {Add-Computer -DomainName $domain -Credential $credential -OUPath $OUPath1}"2" {Add-Computer -DomainName $domain -Credential $credential -OUPath $OUPath2}"3" {Add-Computer -DomainName $domain -Credential $credential -OUPath $OUPath1}
}
## ADD USER, Rights-PC-All AS LOCAL ADMINISTRATORS
$domain = "DOMAIN.NET"
$PCUser = Read-Host 'PLEASE ENTER THE USERNAME OF THE USER YOU WANT AS A LOCAL ADMINISTRATOR'
$DomainUser = "WinNT://" + $domain + "/" + $PCUser + ",user"
$RPA = "WinNT://DOMAIN.NET/Rights-PC-All,user"
$group = [ADSI]("WinNT://"+$env:COMPUTERNAME+"/administrators,group")
$group.add($DomainUser)
$group.add($RPA)
# CHANGE DEFAULT LOGIN TO USER YOU JUST ADDED
$domain = "DOMAIN"
$Key1 = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI"
$NewKeyValue = $domain + "\" + $PCUser
Set-ItemProperty -path $Key1 -name LastLoggedOnSamUser $NewKeyValue
Set-ItemProperty -path $Key1 -name LastLoggedOnUser $NewKeyValue
#Add REGISTRY KEY TO RUN NEXT STEP AFTER LOGIN
$RunOnceKey = "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce"
$RegValue = "C:\DOMAIN\Run2.cmd"
New-ItemProperty -Path $RunOnceKey -Name Part2 -Value $RegValue
## RESTART COMPUTER TO COMPLETE PROCESSES
Restart-ComputerPart2
## ADD DEPT CODE TO AD AND START SCCM INSTALL
$CN = $env:COMPUTERNAME
$type = (Get-WmiObject win32_computersystem).pcsystemtype
$domain = "DOMAIN"
$OUPath1 = "OU=ComputersWB,DC=DOMAIN,DC=NET"
$OUPath2 = "OU=ComputersUTIMACO,DC=DOMAIN,DC=NET"
switch -Regex ($type)
{
"1" {$computerDN = 'LDAP://' + "CN=" + $CN + "," + $OUPath1}"2" {$computerDN = 'LDAP://' + "CN=" + $CN + "," + $OUPath2}"3" {$computerDN = 'LDAP://' + "CN=" + $CN + "," + $OUPath1}
}
do
{$DeptCode = Read-Host 'PLEASE ENTER THE 4 DIGIT DEPT. CODE FOR THIS USER'}
until ($DeptCode.Length -eq 4)
$computer=[adsi]$computerDN
$computer.put("description",$DeptCode)
$computer.SetInfo()I'm still a newbie with PowerShell, but trying to learn. Can I credential or use a different session to run Part2?
Matt Dillon