Improve company productivity with a Business Account.Sign Up

x
?
Solved

Use a vb script to add/remove groups from local administrator

Posted on 2008-06-19
7
Medium Priority
?
559 Views
Last Modified: 2012-05-05
Hello everyone. I would like to use a vbscript to cleanup the groups that are local administrators on workstation.

My plan is to look at the first four in the computer name and add the correct groups using that. For example, computers beginning with USAT would have the USAT_PC_TECH group added and all others removed.

Is this possible? I looked at doing a change in the registry but had no luck so far. Any advice would be greatly appreciated.
0
Comment
Question by:Lorrec
  • 4
  • 2
7 Comments
 
LVL 7

Expert Comment

by:ms-pro
ID: 21823687
try this
Removes other from the local Administrators group on a computer named MyComputer. 
 
strComputer = "MyComputer"
Set objGroup = GetObject("WinNT://" & strComputer & "/Adminstrators,group")
Set objGroup = GetObject("WinNT://" & strComputer & "/other,group")
 
objGroup.Remove(objUser.ADsPath)
----------------------------------------------------------------------
 
Adds a group (everyone) to the local Administrators group on a computer named MyComputer. 
 
strComputer = "MyComputer"
Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators,group")
Set objGroup = GetObject("WinNT://" & strComputer & "/everyone,group")
objGroup.Add(objGroup.ADsPath)

Open in new window

0
 
LVL 38

Expert Comment

by:Shift-3
ID: 21823716
It might be easier to do this using the Restricted Groups setting in Group Policy.
http://www.windowsecurity.com/articles/Using-Restricted-Groups.html

If you do decide to go the script route then the below should work.  Customize the value of the strDomain variable with the NETBIOS name of your domain.  Customize entries in the objGroups dictionary with the 4-character prefix and the corresponding group to add.


strDomain = "YOURDOMAIN"
 
Set objGroups = CreateObject("Scripting.Dictionary")
objGroups.Add "USAT", "USAT_PC_TECH"
objGroups.Add "USXX", "USXX_PC_TECH"
objGroups.Add "USYY", "USYY_PC_TECH"
 
arrGroups = objGroups.Keys
 
Set WshShell = WScript.CreateObject("WScript.Shell")
strPrefix = Left(WSHShell.ExpandEnvironmentStrings("%computername%"), 4)
 
For Each strGroup in arrGroups
	If strGroup = strPrefix Then
		Set objLocalGroup = GetObject("WinNT://./Administrators")
		strADGroup = "WinNT://" & strDomain & "/" & objGroups.Item(strGroup)
		Set objADGroup = GetObject(strADGroup)
		objLocalGroup.Add(objADGroup.ADsPath)
	End If
Next

Open in new window

0
 

Author Comment

by:Lorrec
ID: 21824775
Thank you for the responses.

I have changed my approach and now am only going to remove two groups. I have worked on a modification based on the two scripts but I am having a few issues.

Any suggestions?
strDomain = "FDS"
 
Set objGroups = CreateObject("Scripting.Dictionary")
objGroups.Remove "USAT", "USAT_PC_TECH"
objGroups.Remove "USAT", "USAT_Packaging"
 
 
arrGroups = objGroups.Keys
 
Set WshShell = WScript.CreateObject("WScript.Shell")
strPrefix = Left(WSHShell.ExpandEnvironmentStrings("%computername%"), 4)
 
For Each strGroup in arrGroups
	If strGroup = strPrefix Then
		Set objLocalGroup = GetObject("WinNT://./Administrators")
		strADGroup = "WinNT://" & strDomain & "/" & objGroups.Item(strGroup)
		Set objADGroup = GetObject(strADGroup)
		objLocalGroup.Remove(objADGroup.ADsPath)
	End If
Next

Open in new window

0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 38

Accepted Solution

by:
Shift-3 earned 2000 total points
ID: 21825154
Try this.


On Error Resume Next
 
strDomain = "FDS"
 
arrGroups = Array("USAT_PC_TECH","USAT_Packaging")
 
Set WshShell = WScript.CreateObject("WScript.Shell")
strPrefix = Left(WSHShell.ExpandEnvironmentStrings("%computername%"), 4)
 
For Each strGroup in arrGroups
	If strPrefix = "USAT" Then
		Set objLocalGroup = GetObject("WinNT://./Administrators")
		strADGroup = "WinNT://" & strDomain & "/" & strGroup
		Set objADGroup = GetObject(strADGroup)
		objLocalGroup.Remove(objADGroup.ADsPath)
	End If
Next

Open in new window

0
 

Author Comment

by:Lorrec
ID: 21825946
Thanks again for the posts. I have a lot of locations that need the groups removed and only one that does not. Could I do  <> "USAR"  (location not changing) rather than create 300 with different strPrefix?
0
 

Author Comment

by:Lorrec
ID: 21835048
I have the script working in my test lab. I have one more question. As you can tell, I am new to scripting and do not know the answer to this. Will the script try to do every PC across the domain at once or only the local PC that I run it on?

For example, I am at my production workstation. If I run the script here, will it only remove the groups from my system or try to do it to all of them across the entire domain.

Thank you for the help. It is very much appreciated.
'On Error Resume Next
 
strDomain = "natest"
 
arrGroups = Array("TLNA-Helpdesk","Domain Admins")
 
Set WshShell = WScript.CreateObject("WScript.Shell")
strPrefix = Left(WSHShell.ExpandEnvironmentStrings("%computername%"), 4)
 
For Each strGroup in arrGroups
	If strPrefix <> "TLNA" Then
		Set objLocalGroup = GetObject("WinNT://./Administrators")
		strADGroup = "WinNT://" & strDomain & "/" & strGroup
		Set objADGroup = GetObject(strADGroup)
		objLocalGroup.Remove(objADGroup.ADsPath)
	End If
Next

Open in new window

0
 

Author Closing Comment

by:Lorrec
ID: 31468813
Thank you for the response.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

When it comes to writing scripts for a Client/Server computing environment it is essential to consider some way of enabling the authentication functionality within a script. This sort of consideration mainly comes into the picture when we are dealin…
Over the years I have built up my own little library of code snippets that I refer to when programming or writing a script.  Many of these have come from the web or adaptations from snippets I find on the Web.  Periodically I add to them when I come…
Through the video, you can check the migration process of Outlook PST file to PDF. Kernel for Outlook to PDF tool can convert Outlook emails with all attributes like Subject, To, From, Cc, Bcc and other folders such as Inbox, Outbox, Sent Items, Jun…
To export Lotus Notes to Outlook PST or Exchange and Domino Server files to Exchange Server or PST files with ease, go for Kernel for Lotus Notes to Outlook conversion tool. Through the video, you can watch the conversion process. A common user with…

606 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question