On Error Resume Next if (wscript.Arguments.Count < 2) Then MsgBox ("Insuffient Arguements") Else Dim sUserName sUserName = Wscript.Arguments(0) Dim sPassword sPassword = Wscript.Arguments(1) Dim sUserDNSDomain sUserDNSDomain = Wscript.Arguments(2) Dim sGroupName, sDisplayName, sUserDomain Dim pos pos = InStr(sUserDNSDomain, ".") if (pos = 0)then sUserDomain = sUserDNSDomain else sUserDomain = Left(sUserDNSDomain,pos-1) end if Set oNetwork = createObject("WScript.Network") strComputer = oNetwork.ComputerName if IsUserExists(sUsername ,sDisplayName) then if (IsLocalAdmin(sUsername) = False) then Call Add2LocalAdminGroup(sUsername, sUserDomain) end if else call CreateNewUser(sUsername, sPassword, sUserDomain) call Add2LocalAdminGroup(sUsername, sUserDomain) end if sGroupName = "Intel(R) AMT MP Settings Managers" if (IsGroupExists(sGroupName,sDisplayName) = False) then call CreateGroup(sUsername, sUserDomain, sGroupName) call AddUser2Group(sUsername, sUserDomain, sGroupName) end if sGroupName = "Intel(R) AMT MP Redirection Managers" if (IsGroupExists(sGroupName,sDisplayName) = False) then call CreateGroup(sUsername, sUserDomain, sGroupName) call AddUser2Group(sUsername, sUserDomain, sGroupName) end if sGroupName = "Intel(R) AMT MP Console Users" if (IsGroupExists(sGroupName,sDisplayName) = False) then call CreateGroup(sUsername, sUserDomain, sGroupName) call AddUser2Group(sUsername, sUserDomain, sGroupName) end if sGroupName = "Intel(R) AMT MP System Defense Managers" if (IsGroupExists(sGroupName,sDisplayName) = False) then call CreateGroup(sUsername, sUserDomain, sGroupName) call AddUser2Group(sUsername, sUserDomain, sGroupName) end if End if '---------------------------------------- ' Function Namd: IsUserExists '---------------------------------------- Function IsUserExists(sUser,sDisplayName) Dim oConnection, oCommand, oRoot, sDNSDomain, sQuery, sFilter, oResults IsUserExists = False sDisplayName = sUser On Error Resume Next ' Use ADO to search the domain for all users. Set oConnection = CreateObject("ADODB.Connection") Set oCommand = CreateObject("ADODB.Command") oConnection.Provider = "ADsDSOOBject" oConnection.Open "Active Directory Provider" Set oCommand.ActiveConnection = oConnection ' Determine the DNS domain from the RootDSE object. Set oRoot = GetObject("LDAP://RootDSE") sDNSDomain = oRoot.Get("DefaultNamingContext") sFilter = "(&(ObjectClass=user)(ObjectCategory=person)(samAccountName=" & sUser & "))" sQuery = ";" & sFilter & ";displayName;subtree" oCommand.CommandText = sQuery oCommand.Properties("Page Size") = 100 oCommand.Properties("Timeout") = 30 oCommand.Properties("Cache Results") = False Set oResults = oCommand.Execute Do Until oResults.EOF if oResults.Fields("sAMAccountName") <> "" then sDisplayName = oResults.Fields("sAMAccountName") IsUserExists = True End if oResults.MoveNext Loop On Error Goto 0 End Function '---------------------------------------- ' Function Namd: IsGroupExists '---------------------------------------- Function IsGroupExists(sGroup,sDisplayName) Dim oConnection, oCommand, oRoot, sDNSDomain, sQuery, sFilter, oResults IsGroupExists = False sDisplayName = sGroup On Error Resume Next ' Use ADO to search the domain for all users. Set oConnection = CreateObject("ADODB.Connection") Set oCommand = CreateObject("ADODB.Command") oConnection.Provider = "ADsDSOOBject" oConnection.Open "Active Directory Provider" Set oCommand.ActiveConnection = oConnection ' Determine the DNS domain from the RootDSE object. Set oRoot = GetObject("LDAP://RootDSE") sDNSDomain = oRoot.Get("DefaultNamingContext") sFilter = "(&(ObjectClass=group)(samAccountName=" & sGroup & "))" sQuery = ";" & sFilter & ";displayName;subtree" oCommand.CommandText = sQuery oCommand.Properties("Page Size") = 100 oCommand.Properties("Timeout") = 30 oCommand.Properties("Cache Results") = False Set oResults = oCommand.Execute Do Until oResults.EOF if oResults.Fields("sAMAccountName") <> "" then sDisplayName = oResults.Fields("sAMAccountName") IsGroupExists = True End if oResults.MoveNext Loop On Error Goto 0 End Function '---------------------------------------- ' Function Namd: CreateNewUser '---------------------------------------- Function CreateNewUser(sUser, sPassword, sFQDN) const ADS_NEVER_EXPIRED_PASSWORD_TYPE = &H10000 Set objRootDSE = GetObject("LDAP://rootDSE") Set objContainer = GetObject("LDAP://cn=Users," & _ objRootDSE.Get("defaultNamingContext")) Set user = objContainer.Create("User", "cn=" & sUser) user.Put "sAMAccountName", sUser user.Put "userPrincipalName", sUser & "@" & sFQDN user.SetInfo user.SetPassword sPassword user.AccountDisabled = False user.SetInfo AddPassFlag = user.Get("userAccountControl") AddPassFlag = AddPassFlag or ADS_NEVER_EXPIRED_PASSWORD_TYPE user.Put "userAccountControl", AddPassFlag user.SetInfo End Function '---------------------------------------- ' Function Namd: IsLocalAdmin '---------------------------------------- Function IsLocalAdmin(CsUser) Set colGroups = GetObject("WinNT://" & strComputer & "") colGroups.Filter = Array("group") strAdminSid = "S-1-5-32-544" For Each objGroup In colGroups lSid = objGroup.Get("objectSID") strSidHex = OctetToHexStr(lSid) strSidDec = HexSIDtoSDDL(strSidHex) If Left(strSidDec,12) = strAdminSid Then For Each objUser in objGroup.Members If objUser.Name = CsUser Then IsLocalAdmin = True End If Next End If Next End Function '---------------------------------------- ' Function Namd: Add2LocalAdminGroup '---------------------------------------- Function Add2LocalAdminGroup(sUser, sUserDomain) Set colGroups = GetObject("WinNT://" & strComputer & "") colGroups.Filter = Array("group") strAdminSid = "S-1-5-32-544" For Each objGroup In colGroups lSid = objGroup.Get("objectSID") strSidHex = OctetToHexStr(lSid) strSidDec = HexSIDtoSDDL(strSidHex) If Left(strSidDec,12) = strAdminSid Then Set objUser = GetObject("WinNT://" & sUserDomain& "/" &sUser) objGroup.Add(objUser.ADsPath) End If Next End Function '---------------------------------------- ' Function Namd: CreateGroup '---------------------------------------- Function CreateGroup(sUser, sUserDomain, sGroup) Const ADS_PROPERTY_APPEND = 4 Const ADS_GROUP_TYPE_GLOBAL_GROUP = &h2 Const ADS_GROUP_TYPE_SECURITY_ENABLED = &h80000000 Set objRootDSE = GetObject("LDAP://rootDSE") Set objContainer = GetObject("LDAP://cn=Users," & objRootDSE.Get("defaultNamingContext")) Set objGroup = objContainer.Create("Group", "cn=" & sGroup) objGroup.Put "sAMAccountName", sGroup objGroup.Put "GroupType", ADS_GROUP_TYPE_GLOBAL_GROUP or ADS_GROUP_TYPE_SECURITY_ENABLED objGroup.SetInfo End Function '---------------------------------------- ' Function Namd: IsLogedOnUserOnGroup '---------------------------------------- Function IsLogedOnUserOnGroup(sGroup) IsLogedOnUserOnGroup = false Set sysinfo = CreateObject("ADSystemInfo") Set oLogedOnUser = GetObject("LDAP://" & sysinfo.username & "") aGroupMembers = GetGroupMembers(sGroup) For iI = LBound(aGroupMembers) To UBound(aGroupMembers) if sysinfo.username = aGroupMembers(iI) then IsLogedOnUserOnGroup = true End if Next End Function '---------------------------------------- ' Function Namd: AddLogedOnUser2Group '---------------------------------------- Function AddLogedOnUser2Group(sGroup) Dim strGroup, sDNSDomain Set sysinfo = CreateObject("ADSystemInfo") Set oLogedOnUser = GetObject("LDAP://" & sysinfo.username & "") Set objRootDSE = GetObject("LDAP://RootDSE") sDNSDomain = objRootDSE.Get("defaultNamingContext") strGroup = "cn=" & sGroup & ",cn=users," & sDNSDomain Set objGroup = GetObject("LDAP://" & strGroup & "") objGroup.Add(oLogedOnUser.ADsPath) End Function '---------------------------------------- ' Function Namd: GetGroupMembers '---------------------------------------- Function GetGroupMembers(sGroup) Dim objRootDSE, sDNSDomain, objCommand, objConnection, strQuery, objRecordSet Dim strFilter, strAttributes, aResult, aMembers ReDim aResult(-1) Set objRootDSE = GetObject("LDAP://RootDSE") sDNSDomain = objRootDSE.Get("defaultNamingContext") Set objCommand = CreateObject("ADODB.Command") Set objConnection = CreateObject("ADODB.Connection") objConnection.Provider = "ADsDSOObject" objConnection.Open "Active Directory Provider" objCommand.ActiveConnection = objConnection strFilter = "(&(objectClass=group)(samAccountName=" & sGroup & "))" strAttributes = "member" strQuery = ";" & strFilter & ";" & strAttributes & ";subtree" objCommand.CommandText = strQuery objCommand.Properties("Page Size") = 100 objCommand.Properties("Timeout") = 30 objCommand.Properties("Cache Results") = False Set objRecordSet = objCommand.Execute If Not objRecordSet.EOF Then aMembers = objRecordSet.Fields("member") End If if IsArray(aMembers) Then : aResult = aMembers GetGroupMembers = aResult End Function '---------------------------------------- ' Function Namd: IsServiceUserOnGroup '---------------------------------------- Function IsServiceUserOnGroup(sUser,sGroup) Dim strUser, sDNSDomain Set objRootDSE = GetObject("LDAP://RootDSE") sDNSDomain = objRootDSE.Get("defaultNamingContext") strUser = "cn=" & sUser & ",cn=users," & sDNSDomain IsServiceUserOnGroup = false Set oServiceUser = GetObject("LDAP://" & strUser & "") aGroupMembers = GetGroupMembers(sGroup) For iI = LBound(aGroupMembers) To UBound(aGroupMembers) if oServiceUser.distinguishedName = aGroupMembers(iI) then IsServiceUserOnGroup = true End if Next End Function '---------------------------------------- ' Function Namd: AddUser2Group '---------------------------------------- Function AddUser2Group(sUser, sUserDomain, sGroup) Dim strUserDN Dim strGroup, sDNSDomain set objTrans = CreateObject("NameTranslate") objTrans.Init 3, "" objTrans.Set 3, sUserDomain & "\" & sUser strUserDN = objTrans.GET(1) strUserDN = Replace (strUserDN, "/", "\/") Set objUser = GetObject("LDAP://" & strUserDN & "") Set objRootDSE = GetObject("LDAP://RootDSE") sDNSDomain = objRootDSE.Get("defaultNamingContext") strGroup = "cn=" & sGroup & ",cn=users," & sDNSDomain Set objGroup = GetObject("LDAP://" & strGroup & "") objGroup.Add(objUser.ADsPath) End Function '---------------------------------------- ' Function Namd: OctetToHexStr '---------------------------------------- Function OctetToHexStr(arrbytOctet) Dim k OctetToHexStr = "" For k = 1 To Lenb(arrbytOctet) OctetToHexStr = OctetToHexStr & Right("0" & Hex(Ascb(Midb(arrbytOctet, k,1))), 2) Next End Function '--------------------------------------------------- ' Function Namd: HexSIDtoSDDL ' ' Function to convert hex Sid to decimal (SDDL) Sid '--------------------------------------------------- Function HexSIDtoSDDL(strHexSID) Dim i Dim strA, strB, strC, strD, strE, strF, strG ReDim arrTemp(Len(strHexSID)/2 - 1) 'Create an array, where each element contains a single byte from the hex number For i = 0 To UBound(arrTemp) arrTemp(i) = Mid(strHexSID, 2 * i + 1, 2) Next 'Move through the array to get each section, then convert it to decimal format strA = CInt(arrTemp(0)) For i = 0 To UBound(arrTemp) 'Forward cycle for big-endian format Select Case i Case 2 strB = strB & arrTemp(i) Case 3 strB = strB & arrTemp(i) Case 4 strB = strB & arrTemp(i) Case 5 strB = strB & arrTemp(i) Case 6 strB = strB & arrTemp(i) Case 7 strB = strB & arrTemp(i) End Select Next strB = CInt("&H" & strB) For i = UBound(arrTemp) To 0 Step -1 'Reverse cycle for little-endian format Select Case i Case 11 strC = strC & arrTemp(i) Case 10 strC = strC & arrTemp(i) Case 9 strC = strC & arrTemp(i) Case 8 strC = strC & arrTemp(i) End Select Next strC = CInt("&H" & strC) For i = UBound(arrTemp) To 0 Step -1 'Reverse cycle for little-endian format Select Case i Case 15 strD = strD & arrTemp(i) Case 14 strD = strD & arrTemp(i) Case 13 strD = strD & arrTemp(i) Case 12 strD = strD & arrTemp(i) End Select Next strD = CLng("&H" & strD) For i = UBound(arrTemp) To 0 Step -1 'Reverse cycle for little-endian format Select Case i Case 19 strE = strE & arrTemp(i) Case 18 strE = strE & arrTemp(i) Case 17 strE = strE & arrTemp(i) Case 16 strE = strE & arrTemp(i) End Select Next 'strE = CLng("&H" & strE) For i = UBound(arrTemp) To 0 Step -1 'Reverse cycle for little-endian format Select Case i Case 23 strF = strF & arrTemp(i) Case 22 strF = strF & arrTemp(i) Case 21 strF = strF & arrTemp(i) Case 20 strF = strF & arrTemp(i) End Select Next 'strF = CLng("&H" & strF) For i = UBound(arrTemp) To 0 Step -1 'Reverse cycle for little-endian format Select Case i Case 27 strG = strG & arrTemp(i) Case 26 strG = strG & arrTemp(i) Case 25 strG = strG & arrTemp(i) Case 24 strG = strG & arrTemp(i) End Select Next 'strG = CLng("&H" & strG) HexSIDtoSDDL = "S-" & strA & "-" & strB & "-" & strC & "-" & strD & "-" & strE & "-" & strF & "-" & strG End Function