bsharath
asked on
Remove all users from the Administrator group and add to Users group.
Hi,
Remove all users from the Administrator group and add to Users group.
Script that can remove the administrator group users and add them to Users Groups .
With a script run on a set of computers whose names are in a txt file.
Need a log that can show data as this
Machine name , Administrator group (Domain Admins,Sharath,Paul,French ) Users group (Sharath,Paul,French)
So i kno all success and failures.
Regards
Sharath
Remove all users from the Administrator group and add to Users group.
Script that can remove the administrator group users and add them to Users Groups .
With a script run on a set of computers whose names are in a txt file.
Need a log that can show data as this
Machine name , Administrator group (Domain Admins,Sharath,Paul,French
So i kno all success and failures.
Regards
Sharath
ASKER
Hi Rob thank U.... Out of network now...Shall check in some time....
Mailed you an info can you please have a look...
Mailed you an info can you please have a look...
ASKER
Hi Rob i just tested i get the Done box but nothing comes into the results biox and does not move any users.
Can you have a look at this please
https://www.experts-exchange.com/questions/24136273/Login-script-that-can-find-if-there-are-3-Softwares-installed-in-each-machine-If-any-one-or-more-is-missing-record-that-in-a-results-file-So-i-know-all-the-3-are-installed-or-not.html
Can you have a look at this please
https://www.experts-exchange.com/questions/24136273/Login-script-that-can-find-if-there-are-3-Softwares-installed-in-each-machine-If-any-one-or-more-is-missing-record-that-in-a-results-file-So-i-know-all-the-3-are-installed-or-not.html
ASKER
Any views on this Rob and this
https://www.experts-exchange.com/questions/24150820/OU-has-groups-Need-to-get-each-user-and-the-group-names-to-an-excel.html
https://www.experts-exchange.com/questions/24150820/OU-has-groups-Need-to-get-each-user-and-the-group-names-to-an-excel.html
Hi, what you need to change is this:
strGroupToCheck = "Administrators"
strGroupToAddTo = "Users"
so that
strGroupToCheck - is the local Administrators group that you are moving users out of.
strGroupToAddTo - is the local group that you want to move non-admins to
You also need to change this:
arrDefaultUsers = Array(strUserDomain & "/Domain Admins", strUserComputer & "/Administrator")
so the users listed there are *kept* in the strGroupToCheck that you specified. As an example, the above leaves
YOURDOMAIN\Domain Admins
LOCALPC\Administrator
in the group, but moves all others out.
The results.txt file should then tell you the members of both groups from that computer....
Regards,
Rob.
strGroupToCheck = "Administrators"
strGroupToAddTo = "Users"
so that
strGroupToCheck - is the local Administrators group that you are moving users out of.
strGroupToAddTo - is the local group that you want to move non-admins to
You also need to change this:
arrDefaultUsers = Array(strUserDomain & "/Domain Admins", strUserComputer & "/Administrator")
so the users listed there are *kept* in the strGroupToCheck that you specified. As an example, the above leaves
YOURDOMAIN\Domain Admins
LOCALPC\Administrator
in the group, but moves all others out.
The results.txt file should then tell you the members of both groups from that computer....
Regards,
Rob.
ASKER
Rob i did not change anything in the script.
As i want all users from Administrator to be removed and add the user to users.
Sorry i guess i did not follow your last comment
As i want all users from Administrator to be removed and add the user to users.
Sorry i guess i did not follow your last comment
Well I guess you don't really want to remove *all* people from the group, because that will remove Domain Admins too....I would leave at least Domain Admins and the local Administrator in there...
Regards,
Rob.
Regards,
Rob.
ASKER
Yes i need to leave them in there,. Just want to move
Domain\users
What should i change in the script. All looks same as you mentioned here " ID: 23666779"
Domain\users
What should i change in the script. All looks same as you mentioned here " ID: 23666779"
In that case it should work as is. All you should need is one computer name in computers.txt that it reads, and make sure you have admin rights on that machine, and it should work....
Regards,
Rob.
Regards,
Rob.
ASKER
Rob i get the done box but no results are populated...
Oh no! I had a variable name wrong! Sorry!
This line:
If Ping(strComputer) = True Then
should have been
If Ping(strUserComputer) = True Then
Regards,
Rob.
This line:
If Ping(strComputer) = True Then
should have been
If Ping(strUserComputer) = True Then
Regards,
Rob.
'Change_Local_Admin_Members_To_Power_Users.vbs
Set wshNetwork = WScript.CreateObject("WScript.Network")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Const intForReading = 1
strFile = "computers.txt"
Set objFile = objFSO.OpenTextFile(strFile, intForReading, False)
strResultsFile = "results.txt"
strUserDomain = wshNetwork.UserDomain
' Get the group that we are controlling
strGroupToCheck = "Administrators"
strGroupToAddTo = "Users"
While Not objFile.AtEndOfStream
'strUserComputer = wshNetwork.ComputerName
strUserComputer = objFile.ReadLine
If Ping(strUserComputer) = True Then
Set objAdmins = GetObject("WinNT://" & strUserComputer & "/" & strGroupToCheck)
Set objGroup1 = GetObject("WinNT://" & strUserComputer & "/" & strGroupToAddTo)
' Define the user groups or accounts that are required to be left in the Administrators group
arrDefaultUsers = Array(strUserDomain & "/Domain Admins", strUserComputer & "/Administrator")
' Make sure the DefaultUsers exist in the group
For intCount = LBound(arrDefaultUsers) To UBound(arrDefaultUsers)
' Check for the accounts membership in strGroupToCheck
Set objWinntUser = GetObject("WinNT://" & arrDefaultUsers(intCount))
If Err.Number = 0 Then
On Error GoTo 0
If IsMemberOfGroup(strUserComputer, objWinntUser, strGroupToCheck) = False Then
objAdmins.Add(objWinntUser.ADsPath)
'MsgBox strUserDomain & "/" & strUserName & " was added to the " & strGroupToCheck & " group."
'Else
'MsgBox strUserDomain & "/" & strUserName & " is already a member of the " & strGroupToCheck & " group."
End If
Else
MsgBox arrDefaultUsers(intCount) & " could not be found."
Err.Clear
On Error GoTo 0
End If
Next
' Now check remaining users in the Administrators group
For Each objMember In objAdmins.Members
' Get the proper account name
If InStr(objMember.ADsPath, strUserComputer) > 0 Then
strAccountName = Replace(objMember.ADsPath, "WinNT://" & strUserDomain & "/", "")
Else
strAccountName = Replace(objMember.ADsPath, "WinNT://", "")
End If
' Check if they "should" be there or not
boolValidMember = False
For intCount = LBound(arrDefaultUsers) To UBound(arrDefaultUsers)
If LCase(strAccountName) = LCase(arrDefaultUsers(intCount)) Then boolValidMember = True
Next
' If the account is not a required account, then move them to another group
If boolValidMember = False Then
objAdmins.Remove(objMember.AdsPath)
objGroup1.Add(objMember.ADsPath)
End If
Next
strAdminMembers = ""
For Each objMember In objAdmins.Members
If strAdminMembers = "" Then
strAdminMembers = objMember.Name
Else
strAdminMembers = strAdminMembers & ", " & objMember.Name
End If
Next
strGroup1Members = ""
For Each objMember In objGroup1.Members
If strGroup1Members = "" Then
strGroup1Members = objMember.Name
Else
strGroup1Members = strGroup1Members & ", " & objMember.Name
End If
Next
strResults = strResults & VbCrLf & "Computer: " & strUserComputer & VbCrLf & _
"Admin members: " & strAdminMembers & VbCrLf & _
"User members: " & strGroup1Members
End If
Wend
objFile.Close
Set objResults = objFSO.CreateTextFile(strResultsFile, True)
objResults.Write strResults
objResults.Close
MsgBox "Done"
Function IsMemberOfGroup(strUserDomain, objUser, strGroup) 'the user is a member of a specified group
IsMemberOfGroup = False
Dim objGroup
On Error Resume Next
Set objGroup = GetObject("WinNT://" & strUserDomain & "/" & strGroup & ",group")
If Err.Number Then
IsMemberOfGroup = "Error"
Else
IsMemberOfGroup = objGroup.IsMember(objUser.ADsPath)
'MsgBox objUser.ADsPath
End If
End Function
Function Ping(strComputer)
Dim objShell, boolCode
Set objShell = CreateObject("WScript.Shell")
boolCode = objShell.Run("Ping -n 1 -w 300 " & strComputer, 0, True)
If boolCode = 0 Then
Ping = True
Else
Ping = False
End If
End Function
ASKER
Rob i get this
-------------------------- -
Windows Script Host
-------------------------- -
Script: C:\Remove users from admin and add to users.vbs
Line: 65
Char: 5
Error: The specified account name is already a member of the local group.
Code: 80070562
Source: (null)
-------------------------- -
OK
-------------------------- -
--------------------------
Windows Script Host
--------------------------
Script: C:\Remove users from admin and add to users.vbs
Line: 65
Char: 5
Error: The specified account name is already a member of the local group.
Code: 80070562
Source: (null)
--------------------------
OK
--------------------------
ASKER
Rob i get this
-------------------------- -
Windows Script Host
-------------------------- -
Script: C:\Remove users from admin and add to users.vbs
Line: 65
Char: 5
Error: The specified account name is already a member of the local group.
Code: 80070562
Source: (null)
-------------------------- -
OK
-------------------------- -
--------------------------
Windows Script Host
--------------------------
Script: C:\Remove users from admin and add to users.vbs
Line: 65
Char: 5
Error: The specified account name is already a member of the local group.
Code: 80070562
Source: (null)
--------------------------
OK
--------------------------
ASKER
Any help Rob
ASKER
Any help Rob
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Rob worked perfect
Any help on this
https://www.experts-exchange.com/questions/24153987/Pinging-script-to-be-change-to-be-able-to-display-the-ip-address.html
Any help on this
https://www.experts-exchange.com/questions/24153987/Pinging-script-to-be-change-to-be-able-to-display-the-ip-address.html
ASKER
Thanks Rob worked perfect
Any help on this
https://www.experts-exchange.com/questions/24153987/Pinging-script-to-be-change-to-be-able-to-display-the-ip-address.html
Any help on this
https://www.experts-exchange.com/questions/24153987/Pinging-script-to-be-change-to-be-able-to-display-the-ip-address.html
ASKER
Rob these 2 also a bit urgent. Please have a look when time permits :-)
https://www.experts-exchange.com/questions/24164794/Delete-a-file-when-found-from-all-Archieved-files.html
https://www.experts-exchange.com/questions/24111223/Need-to-scan-all-computers-and-change-all-shares-in-all-machines-in-the-list-as-Everyone-group-as-read-only-if-given-full-access.html
https://www.experts-exchange.com/questions/24164794/Delete-a-file-when-found-from-all-Archieved-files.html
https://www.experts-exchange.com/questions/24111223/Need-to-scan-all-computers-and-change-all-shares-in-all-machines-in-the-list-as-Everyone-group-as-read-only-if-given-full-access.html
ASKER
Rob these 2 also a bit urgent. Please have a look when time permits :-)
https://www.experts-exchange.com/questions/24164794/Delete-a-file-when-found-from-all-Archieved-files.html
https://www.experts-exchange.com/questions/24111223/Need-to-scan-all-computers-and-change-all-shares-in-all-machines-in-the-list-as-Everyone-group-as-read-only-if-given-full-access.html
https://www.experts-exchange.com/questions/24164794/Delete-a-file-when-found-from-all-Archieved-files.html
https://www.experts-exchange.com/questions/24111223/Need-to-scan-all-computers-and-change-all-shares-in-all-machines-in-the-list-as-Everyone-group-as-read-only-if-given-full-access.html
ASKER
Hi Rob a view on this please
https://www.experts-exchange.com/questions/24176623/Script-that-checks-for-open-shares-Need-a-change.html
https://www.experts-exchange.com/questions/24176623/Script-that-checks-for-open-shares-Need-a-change.html
ASKER
Hi Rob any views on this please.
https://www.experts-exchange.com/questions/24153987/Pinging-script-to-be-change-to-be-able-to-display-the-ip-address.html
https://www.experts-exchange.com/questions/24153987/Pinging-script-to-be-change-to-be-able-to-display-the-ip-address.html
Change this line so that it includes members that you actually want to leave in the Administrators group:
arrDefaultUsers = Array(strUserDomain & "/Domain Admins", strUserComputer & "/Administrator")
Regards,
Rob.
Open in new window