[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2680
  • Last Modified:

VBScript: Removing specific Local Administrators group member...(

Hello
 I have a situation where I need to randomly go to 100s of servers and remove member of a specific domain e.g. DOMAIN1.   This servers are mostly Windows 2003 (but some W2k and XP).  

For example,  here's how a Local Administrators group membership look like for servers

XYZ1234 (Windows 2003 ) and ABC1234 (Windows XP) - Obviously machine name changes..

XYZ1234\Administrator
XYZ1234\USER1
DOMAIN1\USR1
DOMAIN1\USR2
DOMAIN2\usr1
DOMAIN2\usr2
DOMAIN1\Domain Admins
DOMAIN1\group1
DOMAIN2\group1

My goal is not to remove any groups, any local users, administrator account and only remove any users from DOMAIN1 domain.

Here's the script I run

strComputer="."
Set oGroup = GetObject("WinNT://" & StrComputer & "/Administrators")

On Error Resume Next

' loop through all members of the Administrators group of type users

For Each oMember In oGroup.Members
If oMember.Class = "User" Then
Set wUser = GetObject("WinNT://" & "WORLDSPAN" & "/" & oMember.Name & ",user")

If Err.Number <> 0 Then

' remove the user from Administrators group
oGroup.Remove wUser.ADsPath

End If
End if
next

This works flawlessly everytime in XP (tested in multiple box) but it will not work in Windows 2003 box (tested in multiple box).   Can you see why?

I removed the last line oGroup.Remove wUser.ADsPath   with wscript.echo wUser.ADsPath  and XP displays users in this format:
WinNT://DOMAIN1/usr1
WinNT://DOMAIN1/usr2
 
But Windows 2003 doesn't.  So I see why it ins't working there (but why?)

I made a little modification

strComputer="."

' group to remove user from
Set oGroup = GetObject("WinNT://" & StrComputer & "/Administrators")

' suppress errors, e.g. trying to remove the builtin Administrator
' account from the Administrators group will fail.
 On Error Resume Next

' loop through all members of the Administrators group of type users
For Each oMember In oGroup.Members
If oMember.Class = "User" Then
set wUser= GetObject("WinNT://" & "DOMAIN1" & "/" & oMember.Name & ",user")  
wscript.echo oMember.ADsPath

End if
next

But now that displays all users (including DOMAIN2 users, Local users etc).  So other than Administrator account, it deletes all (which I don't want).  I am confused.. thanks for your help!

0
impu007
Asked:
impu007
1 Solution
 
impu007Author Commented:
Problem is solved this way

strComputer="."

' group to remove user from
Set oGroup = GetObject("WinNT://" & StrComputer & "/Administrators")

' suppress errors, e.g. trying to remove the builtin Administrator
' account from the Administrators group will fail.
 On Error Resume Next

' loop through all members of the Administrators group of type users
For Each oMember In oGroup.Members
If oMember.Class = "User" Then
set wUser= GetObject("WinNT://" & "DOMAIN1" & "/" & oMember.Name & ",user")  
if INSTR(1,oMember.ADsPath,"DOMAIN1",1)<>0 then
oGroup.Remove oMember.ADsPath
end if

End if
next




Now, I would like to know if I can remove that specific user only based on number of hours he or she was part of the group?  Maybe read security log and determine (say 4 hours from that time) and remove after 4 hours?  Do-able?
0
 
EE_AutoDeleterCommented:
impu007,
Because you have presented a solution to your own problem which may be helpful to future searches, this question is now PAQed and your points have been refunded.

EE_AutoDeleter
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now