My goal is to add the current user (who does not have administrative rights) to the local administrators group on the PC, execute the script, and then remove the user from the local administrators group. The code below will do that.
Code:
SHELL '\\server\runnas.exe /user:@WKSTA\administrator "\\server\GrpMaint.exe --sam \\@WKSTA --name Administrators --add --member Domain\@userID" /password:xxxx'
The problem I have is that even though the user is added to the local Administrator group, the registry changes are not being made. I "assume" the reason is because group membership is determined at the point of login and not at the point of script processing. So, after that long description, my question is: Is it possible to have the system "refresh" its cache of group membership after executing GrpMaint.exe? And if so, what would that code look like?
