Adding user to local admingroup win7

Similar Messages

• Adding users in Local Administrators Group using GP Restricted Group

  Hi Experts.
  I have approx 200 servers. There are user1, user2 and user3 which I have added in
  Local Administrators Group using GP Restricted Group in all 200 servers. This works fine. In Add Group option I added "Administrator" and Added user1, user2 and user3 in "Members of this Group". Now all 3 users are reflected as a Local
  Administrators member.
  Now there is a need that user 4 should be in Local Administrators Group using GP Restricted Group for certain servers only. Lets say 50.
  In Add Group option I added "Administrator" and Added user4 in "Members of this Group". BUT it doesn't work.
  Any idea?
  Regards Suman B. Singh

  Hi,
  How is it going? I agree with Martin. To do this, we can configure the setting in two different GPOs. For instance, in GPO1, we add user1, user2, and user3 to the local admin group; in GPO2, we add user1, user2, user3, and user4 to the local admin group;
  and then we can use Security Filtering to apply the specific GPOs to specific computers.
  Regarding security filtering, the following article can be referred to for more information.
  Security filtering using GPMC
  https://technet.microsoft.com/en-us/library/cc781988(v=ws.10).aspx
  Filter Using Security Groups
  https://technet.microsoft.com/en-us/library/cc752992.aspx
  Besides, in addition to Restricted Groups, we can also use Group Policy Preferences Local Users and Groups to do this, in which way we can configure two Local Group items in one GPO and utilize Item-Level Targeting to apply the specific items to specific
  computers.
  Regarding GPP Local Users and Groups, the following article can be referred to for more information.
  Configure a Local Group Item
  https://technet.microsoft.com/en-us/library/cc732525.aspx
  How to use Group Policy Preferences to Secure Local Administrator Groups
  http://www.grouppolicy.biz/2010/01/how-to-use-group-policy-preferences-to-secure-local-administrator-groups/
  Regarding Item-Level Targeting, the following article can be referred to for more information.
  Preference Item-Level Targeting
  https://msdn.microsoft.com/en-us/library/cc733022.aspx
  Best regards,
  Frank Shen

• What is the difference between using the command "dsmgmt" and the "Managed By" tab when adding users to the local administrators Account on a Read-Only Domain Controller?

  When I use the
  "dsmgmt" command to add a user to the local administrators account of a RODC I can actually see the user when I use the "Show Role Administrators" parameter. However, I can't see the members of the
  group added to the "Managed By" tab of the RODC object in AD. Even though, the users added using
  "dsmgmt" and by the "Managed By" tab can all log in locally and have admin rights to the RODC. Are there any differences between these two ways of adding users to the local administrators account? 

  Hi,
  For groups, managedBy is an administrative convenience to designate “group admins”. Whatever principal listed in
  managedBy gets permission to update a group’s membership (the actual security is updated on the group’s AD object to allow this).
  In Win2008 and later managedBy also became the way you delegated local administration on an RODC, allowing branch admins to install patches, manage shares, etc. (http://technet.microsoft.com/en-us/library/cc755310(WS.10).aspx). 
  On the RODC, this is updating the RepairAdmin registry value within RODCRoles.
  So the difference between them should be only the way they do the same thing.
  For more details, please refer to the below article:
  http://blogs.technet.com/b/askds/archive/2011/06/24/friday-mail-sack-wahoo-edition.aspx
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• WINDOWS 8.1 - System Tools no longer displaying User and Group Settings after adding a new LOCAL user.

  I jumped on my parents computer, which is on a domain.  I added a new local user(with my live.com login) and gave it admin status.  That's when the trouble began.
  The main user profile disappeared.  I used the command prompt fix (see other fixes) to add the missing user back into admin.  I logged back in, and it set up the account for the first time (WTF?).  I cannot access any files from the main account
  (that I logged into just fine before to get this debacle started.)
  When going to Local Computer Management --> System Tools, my users and groups tool is missing.
  I ran lusrmgr.msc only to find out that the most current version of Windows 8.1 and this is what it said "This snapin may not be used with this edition of Windows 8.1.  To manage user accounts for this computer, use the User Accounts tool in the
  Control Panel."   <---- Awesome!  (that was sarcasm.)
  I have spent over two hours in the User Account tool during the course of this problem only to prove that a picture of a computer is more useful that that "tool".  
  To anyone reading this ticket, the best advice I can offer you (as long as its not a crucial machine) is to back up what you can gain access to, format your hard-drive and reinstall windows and start over again.  I wouldn't recommend reinstalling 8.1,
  I would say go back to 7 and wait until 10 comes out.   Windows 8 is the new Vista.  Good luck!

  Hello AhavahOlam,
  I can understand your feelings.
  If my understanding is right, after adding a new local user in domain-joined Windows 8.1, you can’t open the local users and groups.
  Can you still add account by going to Control Panel\User Accounts and Family Safety\User Accounts\Manage Accounts?
  As this computer is domain-based, it is recommended to contact the domain administrator to see if the option is blocked.
  Best regards,
  Fangzhou CHEN
  Fangzhou CHEN
  TechNet Community Support

• Error adding new users from local server

  Hello, BPC Gurus,
  We use BPC 7.0 MS SP4, MS SQL 2008 (Server name - BPCP01)
  In Administration Console we're trying to add user from local server (server with SQL Database), and warning window is appeared with message "The Server Is Not Operational [BPBCP01]"
  I checked Logging folder and found message:
  ==============[System Error Tracing]==============
  [System  Name] : OSoftAdminSecurity
  [Job Name]     : frmManageUser::GetAllObjectsFromDomainServer
  [DateTime]     : 2010-12-06 16:58:43
  [Exception]
      DetailMsg  : {System.Exception: The server is not operational [BPCP01]
     at Microsoft.VisualBasic.CompilerServices.LateBinding.LateGet(Object o, Type objType, String name, Object[] args, String[] paramnames, Boolean[] CopyBack)
     at OSoft.Consumers.Admin.Security50.ManageDataSet.GetAllObjectsFromDomainServer(String pDomainName, String pLDAPFullPath, Int32 pDomainObjectType, String pObjectValue, String pDomainType)
     at OSoft.Consumers.Admin.Security50.frmManageUser.GetAllObjectsFromDomainServer(String pDomainName, FILTER_TYPE pOptionType, String pOptionValue, String pDomainType)}
  ===========[System Error Tracing  End ]===========
  Any ideas?

  The installation was done with a local user or with a domain user?
  You know that BPC server can not be in the same time also domain controler.
  Are you using Windows authentication or CMS authentication.
  If you are using CMS authentication then again you can not add local users.
  If you are using Windows authentication then you have to go into server Manager
  Options - Define System User Groups
  Domain Type - Local Windows
  System User Group Name - Local Users.
  If you are using Windows 2008 make sure you addrole to have compatibility with IIS 6.because using this module bpc is adding new users.
  Regards
  Sorin Radulescu

• Remotely add Domain User to local group

  I've been playing with this for some time, and I seem to be missing something.  I am trying to develop a script that reads and XML file containing a list of computers, local groups, and names of domain users (and computers) to be added to the local
  groups.  I would like to be able to run this from a management workstation. 
  I've been working from these two posts.
  http://blogs.technet.com/b/heyscriptingguy/archive/2010/08/19/use-powershell-to-add-domain-users-to-a-local-group.aspx
  http://blogs.technet.com/b/heyscriptingguy/archive/2008/03/11/how-can-i-use-windows-powershell-to-add-a-domain-user-to-a-local-group.aspx
  It appears that the command $objGroup = [ADSI]("WinNT://atl-fs-001/Administrators") only works locally.  I have not been able to figure out any format that allows me to get the information remotely.  So I figured I would use Invoke-Command
  to execute the two lines of code remotely. 
  Invoke-Command -ComputerName RemoteServer {
  $de = [ADSI]"WinNT://RemoteServer/Administrators,Group"
  $de.psbase.invoke("Add",([ADSI]"WinNT://Domain/User").path)
  (I am trying it first with fixed, valid values - change to variables when I get things figured out.)  That gave me the error:
  Exception calling "Invoke" with "2" argument(s): "Number of parameters specified does not match the expected number."
  +CategoryInfo :NotSpecified: (:) [], MethodInvocationException
  +FullyQualifiedErrorID :DotNetMethodTargetInvocation
  +PSComputerName :RemoteServer
  I need help on what to try next.
  Thanks.
  . : | : . : | : . tim

  I've been playing with this for some time, and I seem to be missing something.  I am trying to develop a script that reads and XML file containing a list of computers, local groups, and names of domain users (and computers) to be added to the local
  groups.  I would like to be able to run this from a management workstation. 
  I've been working from these two posts.
  http://blogs.technet.com/b/heyscriptingguy/archive/2010/08/19/use-powershell-to-add-domain-users-to-a-local-group.aspx
  http://blogs.technet.com/b/heyscriptingguy/archive/2008/03/11/how-can-i-use-windows-powershell-to-add-a-domain-user-to-a-local-group.aspx
  It appears that the command $objGroup = [ADSI]("WinNT://atl-fs-001/Administrators") only works locally.  I have not been able to figure out any format that allows me to get the information remotely.  So I figured I would use Invoke-Command
  to execute the two lines of code remotely. 
  Invoke-Command -ComputerName RemoteServer {
  $de = [ADSI]"WinNT://RemoteServer/Administrators,Group"
  $de.psbase.invoke("Add",([ADSI]"WinNT://Domain/User").path)
  (I am trying it first with fixed, valid values - change to variables when I get things figured out.)  That gave me the error:
  Exception calling "Invoke" with "2" argument(s): "Number of parameters specified does not match the expected number."
  +CategoryInfo :NotSpecified: (:) [], MethodInvocationException
  +FullyQualifiedErrorID :DotNetMethodTargetInvocation
  +PSComputerName :RemoteServer
  I need help on what to try next.
  Thanks.
  . : | : . : | : . tim
  The ADSI commands work remotely as long as you are an administrator on the domain.
  Invoke-Command only works on systems set up for WinRM remoting and if you are an Administrator on the domain.
  Normally we would use AD and GP to add users to local groups.
  Your script is also incorrect.  Thisis the correct template.
  $remotepc='somepc'
  $de=[ADSI]"WinNT://$remotepc/Administrators,Group"
  $de.Add("WinNT://Domain/User")
  You should never the user to the admin group.  It is a formula for disaster.
  ¯\_(ツ)_/¯

• Script Help - Adding Users from AD Group to Computer Object Attribute

  Environment:
  Computer Objects have the following name convention - USERNAME-INV#-PC.  An example is TEST1-54321-D.  There is a GPO in place that adds any user populated under the managedBy attribute in a computer object to the administrators group for that computer
  object.
  Scenario:
  Create "Local PC Admin" group
  When user TEST1 gets added to the "Local PC Admin" group, a powershell script that runs on an hourly scheduled task goes out and finds any computer object (that is not a server) that has TEST1 in its name.  For example, TEST1-54321-D for desktop
  and TEST1-98765-L for laptop.
  It then adds the user to the managedBy attribute of the computer object and appends the text "added as local admin on <currentdate>" to the computerobject description.
  If TEST2 is added to the group later, the script should see that TEST1 has already been added and only add TEST2 to the managedBy attribute to the appropriate computer as well as the "added as local admin on <currentdate>".
  Still thinking how this can be automated when a user is removed from the "Local PC Admin" group.
  Can somebody please find holes in this scenario or suggest a better method to approach this?

  Security nightmare?  How so?  Regular domain users cannot modify the "managedBy"  computer object attribute.
  The "Local PC Admin" group would be a ADUC security group.  The Help Desk and Network Admins would be the only ones that can either add users to the group or directly modify the "managedBy" computer object attribute.
  The Group Policy that runs against the desktops/laptops looks to see if the managedBy attribute of the computer object is populated.  If so, it adds that user as a local admin to their workstation/laptop and removes any other user/group not specified
  and given local admin rights.  This would only be done for a handful of users (those in the Local PC Admin group) that need admin access ; in other words, the attribute would only be populated for a few computer objects and not the entire organization.
   If it is not populated, it does nothing and leaves the default admins on it. 
  More info on how the GPO works here: http://fbinotto.blogspot.com/2014/01/making-user-object-set-in-managedby.html

• Sharing a Calendar from Mountain Lion server with Snow Leopard users on local network

  Hello.
  I have a new Mac Mini Server running Mountain Lion Server and I want to create a shared calender for a mix of Lion, Mountain Lion and Snow Leopard users on our local network. Does anyone have any info on how to do this? I have tried using the Server App and Calender Help within the applications, but the content isn't available. I have managed to create a Shared Calender  from the Mini's Calendar App where I've  added users and I can see a 'wireless' transmit icon to the right of the Calendar name - but I cant get any of the users' iCal or Calendar apps to recognise the Calendar on the local network. I've also created a Location in the Server App under Calendar and still can't see anything on the local network. Am I missing something really obvious?
  Thanks in advance!

  Sorry, I hadn't explained everything fully. I don't want to open up my VPN to friends and family. I do have the router assigning the NAS a fixed IP, so that when I connect over the VPN I can use the local IP address to connect, as you have mentioned.
  What I would like is for my friends or family to connect to my server over AFP or SMB using the public IP of my network, which my router then forwards onto my server, and display the available sharepoints configured using Mountain Lion server. However, the NAS drive is not an available option this way as it has a separate IP to the server.
  As the NAS alllows guest access, I also don't want to configure the router to forward a specific port to it, as this way it will be open to the internet. I wanted to try and use my server as an authentication point, with profiles set using Mountain Lion server, and limited to file sharing services only.
  Hope this makes sense.

• No Start Menu, removed and added User Account then no "Built In" Apps - Build 1049

  So quick history, was having problem with start menu not working under build 1044 for the second user I'd added to the machine (Microsoft account). Rebuilt using "Remove everything and reinstall windows". Seemed to resolve the problem for the newly
  added user and was still working under the original user (also Microsoft Account).  Then along came build 1049 and now the same start menu issue occurred for the original user account.  So, as both were setup as admins, removed the original
  user account, restarted, checked all data removed and added the account again. 
  First attempt added the account as a local account then added the Microsoft account after login, result = start menu working but no "built in" apps (store beta, insider app etc).
  So removed account again and added again, this time using Microsoft account immediately, logged in and exactly the same result.
  Any ideas how to resolve?

  You cannot use the Start Menu logging in as anything that would be in the BUILTIN\administrator group on the computer.  I had the same problem when I added the machine to a domain, thus domain admins is in the BUILTIN\Administrator group.
  The reason being that the Windows 10 Start Menu is an appxpackage, and you can't run appxpackages using the built-in administrator account.  As is the case for example with Windows Store.  It doesn't however give you a warning message, you
  just click on the windows button and nothing happens.
  This is just total madness imv.  It kind of made sense when all the appxpackages where apps, but now they include parts of the OS, the OS is essentially non-functional when you log in using anything in the BUILTIN\ administrator group.
  If you really want to blow your mind, go into PowerShell and run the command: get-appxpackage|remove-appxpackage
  If you run that on Windows 8.1 it will remove all the bloatware apps for the logged on user.  Run it in Windows 10 and it removes various parts of the OS for that user as well, such as the Start Menu!

• Domain users and local users can't login to reporting service web environment

  Hello,
  We installed reporting services at one of our customers but aren't able to use domain users to login. We've tried to login with a domain user, a local user but both aren't working. We set the proper permissions for the users on the reports folders.
  We can only login with the buildin/administrator account on the local url: http://servername/reports
  How can we allow login with domain users on other report manager url's?

  Below link may be helpful,
  http://social.msdn.microsoft.com/Forums/sqlserver/en-US/623da309-21fa-42a8-905f-1424144a347d/setting-up-a-user-in-ssrs?forum=sqlreportingservices
  Regards, RSingh

• Error while Adding user to  'SunAccessManager' Resource

  Hi,
  I configured SAM Resource adapter in SIM 6.0. When I create a user and assign SAM Resource getting the following Error,
  com.waveset.util.WavesetException: An error occurred adding user 'uid=SIMUser2,ou=People,o=Employee,dc=nl,dc=dap,dc=com' to resource 'SunAccessManager'. com.waveset.util.WavesetException: An error occurred creating user. java.lang.IllegalArgumentException: Invalid parameters
  Pls help me to resolve this issue
  Thanks,
  Deva

  Hi Satish,
  The problem is that you added the table and the objetc that you used to add the table is not freed properly. You need to free the object and then the reference count to that table will be 0 - which will enable you to add the fields
  e.g
  Dim pUTables As SAPbobsCOM.UserTablesMD
  'Do your stuff
  Set pUTables = Nothing
  Dim pUFields As SAPbobsCOM.UserFieldsMD
  'Do your stuff
  Set pUFields = Nothing

• I lost the lan ethernet connection of an older windows 7 pc to my 3 Terabyte router when adding a new local printer to the pc. How do i set this up again so the PC is recognized and can get to the internet again through the time capsule?

  I recently added a new printer to a 2005 vintage PC that is running windows 7. It used to go through a router in my wifes upstairs office to the time capsule by wired ethernet (cat5) but when I added her new local printer thought I would network it, big mistaked, lost all my ethernet connection and she cannot get to the internet. Wireless not an option. How do i set up again the ethernet connection and i will only USB the printer locally this time for the windows pc?
  Tried windows diagnostics, and besides telling me to reset everything and turn router off and on etc. I am in an endless loop.
  Other Mac products are not impacted by this issue.

  I see no direct connection.. a printer and the computer setup for internet are not related.
  But it sounds like the router in the wife's office is now in the wrong mode..
  If you have an existing main router replace the second router for a switch .. that is the easy way.
  Otherwise you need to bridge the router if it has that option.. most do not. Or use wan bypass.. where you turn off the dhcp server in the router and fix its ip to match the range of the main router.. this is the hassle of using router as a switch.
  BUT I am making a huge number of assumptions.
  What I need is the full network layout.. a quick picture would help.
  I need main modem.. main router.. (maybe same box or different).. make model and current IP address and how dhcp is setup.
  I need secondary router.. if that is what it is, IP and settings.
  I want the printer type and model. How it is connected.
  BTW I much prefer to see a network printer plugged into the network rather than usb.. it is only a matter of sorting the IP settings and driver pointing to the network rather than local.
  Or you should think of it as a broken washing machine and call the technician.. who could fix the whole lot in an hour.

• Formatting a Date based on the user's Locale

  I'm having some trouble formatting a date based on the user's locale. I'm aware you can do something like this:
     public static String getAsString( Object dateObject, Locale locale ) {
        DateFormat dateFormat = DateFormat.getDateInstance( DateFormat.MEDIUM, locale );
        return dateFormat.format( dateObject );
  However, this is returning something like Jan 21, 2009. I need 01/21/2009. Of course, if this was the UK locale it'd have to be 21/01/2009. Any help would be appreciated.

  another issue I'm running into is that when I'm logged in as a users' locale which uses '-' instead of '/' (i.e. 21-01-2009), I get a parse error. Can anyone provide any input? Thanks.
      * Parse a Date
      * @param dateString
      * @param locale
      * @return parsed Date
     public static Object parseDate( String dateString, Locale locale ) {
        DateFormat dateFormat = DateFormat.getDateInstance( DateFormat.SHORT, locale );
        try {
           return dateFormat.parse( dateString );
        catch( Exception exception ) {
           throw new ExceptionUtl( UtlMessageHelper.getMessage( UtlMessageConstants.ERROR_FailedParseDateFromString, dateString ), exception );
      * Format the given value into a DateFormat
      * @param dateObject
      *           Object value to be formatted
      * @param locale
      *           Locale format to use
      * @return dateObject in SimpleDateFormat
     public static String formatDate( Object dateObject, Locale locale ) {
        DateFormat dateFormat = DateFormat.getDateInstance( DateFormat.SHORT, locale );
        if( dateFormat instanceof SimpleDateFormat ) {
           SimpleDateFormat simpleDateFormat = ( SimpleDateFormat )dateFormat;
           String pattern = simpleDateFormat.toPattern();
           if( !pattern.contains( "yyyy" ) ) {
              pattern = pattern.replace( "yy", "yyyy" );
           if( !pattern.contains( "dd" ) ) {
              pattern = pattern.replace( "d", "dd" );
           if( !pattern.contains( "MM" ) ) {
              pattern = pattern.replace( "M", "MM" );
           simpleDateFormat = new SimpleDateFormat( pattern );
           return simpleDateFormat.format( dateObject );
        return null;
     }

• How to write file in user's local desktop

  Hi,
  Using the WriteFile action, i can write the file in inetpub/wwwroot in server.
  Is there any way to write the file in user's local drive folder?
  Although now i am writing the file to server and allowing the user to access it through URL but I suspect that there could be user concurrent issue or file contamination issue.
  Constraint - The file should open with the default name.
  If i try to open a local copy to the user (thru SaveasCSV() or URL)  and allow the user to save the copy then the default name appear as Illumniator.
  Regards,
  Anil

  I think your current approach of saving to the web location and providing the user access via URL is the best approach.  From a security standpoint I can't see that writing directly to a user's desktop/laptop would be a good idea.
  If you are worried about naming or concurrency issues, then create sub folders that match their user name, or devise a naming convention that allows the objects to be unique between users and purpose.

• Adding users programmatically -- almost there

  ... getting close...
  Create this procedure in the PORTAL schema.
  It works if you call it when connected as PORTAL, but not when connected as anyone else.
  It is throwing a user-defined exception frmo inside WWCTX_SSO, so I am guessing that it is looking at the session context and deciding that the SESSION_USER shouldn't be adding users.
  Perhaps a true PL/SQL wiz can pick up the ball and figure out what is going on.
  FYI this is sandbox code at its grittiest, so don't even think of pasting it into your application 8^)
  create or replace procedure ci_add_portal_user
  (uname in varchar2,pwd in varchar2, email in varchar2,lname in varchar2,fname in varchar2,clr_lvl in integer)
  as
  l_guid varchar2(32);
  p_user_id number;
  sess dbms_ldap.session;
  err_code number;
  err_msg varchar2(300);
  INVALID_GRP_NAME_EXCEPTION exception;
  INVALID_SITE_EXCEPTION exception;
  VALUE_ERROR_EXCEPTION exception;
  DUPLICATE_GROUP_EXCEPTION exception;
  GROUP_NOT_FOUND_EXCEPTION exception;
  GROUP_MEMBER_EXCEPTION exception;
  GROUP_NOT_UNIQUE_EXCEPTION exception;
  USER_NOT_FOUND_EXCEPTION exception;
  USER_EXISTS_EXCEPTION exception;
  APP_NOT_FOUND_EXCEPTION exception;
  NO_MANAGER_EXCEPTION exception;
  DUPLICATE_GRANTEE_EXCEPTION exception;
  NO_ACCESSIBLE_OBJECT_EXCEPTION exception;
  ORG_NOT_EXIST_EXCEPTION exception;
  INVALID_PERSON_ID_EXCEPTION exception;
  ACCESS_DENIED_EXCEPTION exception;
  CIRCULAR_REFERENCE_EXCEPTION exception;
  UNEXPECTED_EXCEPTION exception;
  USER_NOT_DELETABLE_EXCEPTION exception;
  INVALID_ARGUMENT_EXCEPTION exception;
  INVALID_AUTH_FUNC_EXCEPTION exception;
  LDAP_CONNECTION_EXCEPTION exception;
  DEPRECATED_API_EXCEPTION exception;
  INVALID_ARGUMENT_EXCEPTION exception;
  BEGIN
  /* Create SSO User */
  begin
  l_guid := portal.wwsec_oid.create_user_entry
  p_base => portal.wwsec_oid.get_user_search_base,
  p_user_name => uname,
  p_password => pwd,
  p_email => email,
  p_first_name => fname,
  p_last_name => lname,
  p_create_state => null,
  p_bind_as_user => false
  exception when others then
  err_code:=SQLCODE;
  err_msg:=SQLERRM;
  dbms_output.put_line(' Exception :'||err_code||' '||err_msg);
  end;
  /* Create Portal User */
  begin
  p_user_id:=portal.wwsec_api.id_sso(p_username=>uname);
  dbms_output.put_line('USER ==>'||p_user_id||' '||portal.wwsec_api.user_name(p_user_id));
  exception when others then
  err_code:=SQLCODE;
  err_msg:=SQLERRM;
  dbms_output.put_line(' Exception :'||err_code||' '||err_msg);
  end;
  begin
  portal.wwsec_api.add_user_to_list(p_user_id,portal.wwsec_api.group_id('CI_USR'),0);
  portal.wwsec_api.set_defaultgroup(portal.wwsec_api.group_id('CI_USR'),uname);
  exception when others then
  err_code:=SQLCODE;
  err_msg:=SQLERRM;
  dbms_output.put_line(' Exception :'||err_code||' '||err_msg);
  end;
  begin
  portal.wwsec_api.add_user_to_list(p_user_id,portal.wwsec_api.group_id('CI_CLR_'||clr_lvl),0);
  exception when others then
  err_code:=SQLCODE;
  err_msg:=SQLERRM;
  dbms_output.put_line(' Exception :'||err_code||' '||err_msg);
  end;
  END ci_add_portal_user;

  Andrew,
  to add a user to a specific group in the FileRealm, try doing the following:
  import java.security.acl.Group;
  import weblogic.security.acl.BasicRealm;
  import weblogic.security.acl.ManageableRealm;
  import weblogic.security.acl.Security;
  // Create a user in WebLogic
  BasicRealm bRealm = Security.getRealm();
  ManageableRealm mRealm = (ManageableRealm)bRealm;
  if (null == mRealm) { throw new SecurityException("Security Realm is null");
  weblogic.security.acl.User oNewUser = mRealm.newUser("username", "password",
  null);
  // -- Put the new user into the selected group
  Enumeration eGroups = mRealm.getGroups();
  Group oGroup = mRealm.getGroup("group name you want to add to");
  if (null != oGroup) {
  oGroup.addMember(oNewUser);
  try { mRealm.save("FileRealm.Properties"); } catch (IOException e) { }
  Andrew Dunn <[email protected]> wrote:
  Thanks, Mike.
  I'm trying to use the Default realm in WLS7.0 (which uses LDAP), so
  I'm looking for the classes specific to the Default realm - I assume
  BEA provides some, but I can't find them in the docs.
  On 2 Dec 2002 10:15:18 -0800, "mike" <[email protected]>
  wrote:
  You will not find implementing classes in general. The thing is thatthey (classes)
  are specific to particular implementation of realm you are using (assumingyou
  use 6.x or below, but that is logically true for 7). So you need tofind what
  are the classes used in your realm and work with those. If you are usingan implementation
  shipped with WLS (eg. FIleRealm or LDAP) you will have to use reflection...
  Andrew Dunn <[email protected]> wrote:
  How can I add users/groups via the Weblogic API? All I can find in
  the documenattion is interfaces, but no implementation classes. How
  can I instantiate the classes?
  Thanks, Andrew