Solved

VB Script to remove all users from the local administrators group

Posted on 2009-03-30
44
1,962 Views
Last Modified: 2012-05-06
I have a script that works pefectly for cleaning up all users on remote PC's located in the local administrators group.  At least on all the test PC's(which are in the domain).  When I run the script on non test PC's, it seems to clean some and skip others.  There seems to be no rhyme or reason that I can see.  I have tested with users logged on, not logged on, no rights, power user rights, admin rights..no difference.

So, just curious if anyone has run into this problem before.  The current code is shown here that does the clean:


For Each objUser In objGroup.Members
                            Select Case objUser.Name
                                Case "Administrator" strAction = "Nothing"
                                Case "Domain Admins" strAction = "Nothing"
                                Case "RegionAAdmins" strAction = "Nothing"
                                Case "RegionBAdmins" strAction = "Nothing"    
                                Case "RegionCAdmins" strAction = "Nothing"
                                Case "RegionDAdmins" strAction = "Nothing"
                                Case Else objGroup.Remove(objUser.AdsPath)
                            End Select

I have even changed the last line from Remove(objUser.AdsPath) to Delete...no change.

Any suggestions would be greatly appreciated!!
Dale
0
Comment
Question by:dgore1
  • 24
  • 11
  • 7
44 Comments
 
LVL 67

Expert Comment

by:sirbounty
ID: 24020285
Do you have the line
On Error Resume Next
in your script?
You  may be masking some error that would help troubleshoot the problem, if so...
0
 

Author Comment

by:dgore1
ID: 24024151
Yes, I sure do near the top...I'll remove that and see if any errors happen...if you need, I can post the entire script as well...
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 24024157
If the problem persists, then it may be necessary...mask any sensitive data first.
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 

Author Comment

by:dgore1
ID: 24024182
will do!!!
0
 

Author Comment

by:dgore1
ID: 24027792
I tested the script, which is actually a ported VB script into a .HTA....and removed each of the 4 on error statements by running 1 at a time and seeing if any errors happened....the only error that happened was when the excel report was printed and here is the error:

Line: 296
column: 5
Error: Object doesn't support this property or method: 'objExcel.Selection.Merge'
Code: 800A01B6
Source: Microsoft VBScript runtime error.

The program still produces the desired result and does the report....weird...so attaching the .hta code with info removed to protect the innocent...I hope...

thanks,
dale

<head>
<title>XXXXXXXXXXXXXXXXXXXX</title>
<hta:application 
     applicationname="Standardize Local Groups"
     scroll="no"
     singleinstance="yes"
     windowstate="normal"
>
<style type="text/css">
 
body {
 background-color: buttonface;
 color: #000000;
 font-family = arial;
 font-size: 10pt;
 margin-top: 0px;
 margin-left: 0px;
 margin-right: 0px;
 margin-bottom: 0px;
}
h1 {
 text-align: right;
 font-family = arial;
 font-size = 20pt;
 color: red;
}
p {
 font-family: arial;
 color: #000000;
}
.title {
 font-family: arial;
 color: red;
}
.small {
 font-size: 10pt;
}
.contact {
 font-family: tahoma;
 font-size: 10pt;
 color: #000000;
}
.notes {
 font-family: arial;
 font-size: 10pt;
 color: red;
}
.button {
 font-family: arial;
 font-size: 8pt;
}
.version {
 font-family: arial;
 font-size: 7pt;
}
a:link {
 color: #000000;
 font-size: 10pt;
 font-family: arial;
}
a:visited {
 color:#000000;
}
</style>
<html>
</head>
 
<script language="VBScript">
 
Const FOR_READING = 1
Const FOR_WRITING = 2
Const HKEY_LOCAL_MACHINE = &H80000002
Const OverwriteExisting = TRUE
Const ADS_SCOPE_SUBTREE = 2
Const ADS_SCOPE_ONELEVEL = 1
Const xlAscending = 1
Const xlDescending = 2
Const xlYes = 1
Const xlNo = 2
 
Dim intLeft
Dim intTop
Dim strOU
Dim strFacID
Dim strInputFile
Dim strOutputFile
Dim strComputer
Dim strHost
Dim strBusyFile
Dim strOS
Dim blnFAST
Dim dtmDate
Dim objExplorer
Dim objFS
Dim objTS
 
'On Error Resume Next
 
strHost = "."
 
dtmDate = DatePart("m", Now) & DatePart("d", Now) & DatePart("yyyy", Now)
 
Set objFS = CreateObject("Scripting.FileSystemObject")
 
'****************************************************************************
Sub Window_Onload       'Show HTA splash screen and center GUI on screen.
 
    iTimerID = window.setInterval("ShowSplash", 2500)
    window.resizeTo 580,680
    'Set objWMIService = GetObject("winmgmts:\\" & strHost & "\root\cimv2")
    'Set colItems = objWMIService.ExecQuery("Select * From Win32_DisplayConfiguration")
    'For Each objItem in colItems
    '    intHorizontal = objItem.PelsWidth
    '    intVertical = objItem.PelsHeight
    'Next
    'intLeft = (intHorizontal - 580) / 2
    'intTop = (intVertical - 630) / 2
    'window.moveTo intLeft, intTop
 
End Sub
'****************************************************************************
Sub ShowSplash      'Splash screen properties.
 
    Splash.Style.Display = "None"
    Main.Style.Display = "Inline"
    
End Sub
'****************************************************************************
Sub Reset       'Reset button action.
 
    Location.Reload(True)
    
End Sub
'****************************************************************************
Sub Busy        'Create "Please Wait..." HTML file.
 
    strBusyFile = "C:\Windows\Temp\busy.htm"
    Set objTS = objFS.CreateTextFile(strBusyFile)
    objTS.WriteLine "<html>"
    objTS.WriteLine "<head>"
    objTS.WriteLine "<style>"
    objTS.WriteLine "body"
    objTS.WriteLine "{"
    objTS.WriteLine "   background-color:lightblue;"
    objTS.WriteLine "}"
    objTS.WriteLine "</style>"
    objTS.WriteLine "<title>Please Wait...</title>"
    objTS.WriteLine "</head>"
    objTS.WriteLine "<body>"
    objTS.WriteLine "<p align='center'><b>Please Wait while the Report is generated...</b></p>"
    objTS.WriteLine "</body>"
    objTS.WriteLine "</html>"
    objTS.Close
    
End Sub
'****************************************************************************
Sub Busy2       'Display the busy HTML file.
 
    Set objExplorer = CreateObject("InternetExplorer.Application")
    objExplorer.Navigate "file:///C:\Windows\Temp\busy.htm"   
    objExplorer.ToolBar = 0
    objExplorer.StatusBar = 0
    objExplorer.Width = 400
    objExplorer.Height = 100 
    objExplorer.Left = 0
    objExplorer.Top = 0
 
    Do While (objExplorer.Busy)
        Wscript.Sleep 200
    Loop 
 
    objExplorer.Visible = 1
    
End Sub
'****************************************************************************
Sub BusyClose       'Close the busy HTML file.
 
    objExplorer.Quit
    
End Sub
'****************************************************************************
Sub GetOU       'Get the Organizational Unit selection and Facility ID Code.
 
    'On Error Resume Next
 
    Busy
 
    For Each objButton in RadioOption
  	    If objButton.Checked Then
       	    strOU =  objButton.Value
   	    End If
    Next
    If strOU = "" Then
	    Msgbox "You did NOT select an Organizational Unit."
	    Exit Sub
    End If
 
    strFacID = Ucase(FacID.Value)
    If strFacID = "" Then
        Msgbox "You did NOT enter a Facility ID."
        Exit Sub
    End If
 
    GetADComputers
    GenerateReport
    
End Sub
 
'****************************************************************************
Sub GetADComputers      'Generate the list of computer names.
 
   'On Error Resume Next
 
    Set objConnection = CreateObject("ADODB.Connection")
    Set objCommand =   CreateObject("ADODB.Command")
    objConnection.Provider = "ADsDSOObject"
    objConnection.Open "Active Directory Provider"
    Set objCommand.ActiveConnection = objConnection
    objCommand.Properties("Page Size") = 1000
 
    Busy2
 
    strInputFile = "C:\Windows\Temp\" & strFacID & "_computers.txt"
    If objFS.FileExists(strInputFile) Then
        objFS.DeleteFile(strInputFile)
    End IF
 
    Set objTS = objFS.CreateTextFile(strInputFile)
    objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 
    objCommand.CommandText = _
     "SELECT Name FROM 'LDAP://ou=workstations,ou=" & strOU & ",dc=dc,dc=state,dc=fl,dc=us' WHERE objectClass='computer' AND Name = '*" & _
     strFacID & "*' ORDER BY Name"
    Set objRecordSet = objCommand.Execute
    objRecordSet.MoveFirst
    Do Until objRecordSet.EOF  
        strComputerName = objRecordSet.Fields("Name").Value
        If Mid(strComputerName, 3, 3) = strFacID Then
            objTS.WriteLine strComputerName
        ElseIf Mid(strComputerName, 3, 2) = strFacID Then
            objTS.WriteLine strComputerName
        ElseIf Mid(strComputerName, 5, 3) = strFacID Then
            objTS.WriteLine strComputerName
        End If
        objRecordSet.MoveNext
    Loop
    objTS.Close
 
    Set objFSO = CreateObject("Scripting.FileSystemObject")
    Set objFile = objFSO.OpenTextFile(strInputFile, FOR_READING)
    strFile = objFile.ReadAll
    objFile.Close
 
    intLength = Len(strFile)
    strEnd = Right(strFile, 2)
    If strEnd = vbCrLf Then
        strFile = Left(strFile, intLength - 2)
        Set objFile = objFSO.OpenTextFile(strInputFile, FOR_WRITING)
        objFile.Write strFile
        objFile.Close
    End If
    
End Sub
'****************************************************************************
Sub GenerateReport        'Generate the final report in Excel format.
 
'	On Error Resume Next
 
    If objFS.FileExists(strInputFile) Then
        Set objTextStream = objFS.OpenTextFile(strInputFile, FOR_READING)
    Else
        Msgbox "Input text file " & strInputFile & " not found."
        Exit Sub
    End If
 
    If objTextStream.AtEndOfStream Then
        Msgbox "Input text file " & strInputFile & " is empty." & vbCrLf & vbCrLf & "Please check the Facility ID."
        Exit Sub
    End If
 
    arrComputers = Split(objTextStream.ReadAll, vbCrLf)
    objTextStream.Close
 
    Set objExcel = CreateObject("Excel.Application")
    objExcel.Visible = True
    Set objWorkbook = objExcel.Workbooks.Add(1)
    objExcel.DisplayAlerts = False
 
    Set objWorksheet = objExcel.Worksheets(1)
    objWorksheet.Activate
    objWorksheet.Name = strFacID
    objExcel.DisplayAlerts = False
 
    objExcel.Cells(1, 1).Value = strFacID & " Standardize Local Groups on " & Now
    objExcel.Cells(1, 1).Font.Size = 14
    objExcel.Cells(1, 1).Font.Bold = True
    objExcel.Range("A1:E1").Select
    objExcel.Selection.Merge = True
    objExcel.Selection.HorizontalAlignment = -4108
 
    objExcel.Cells(3, 1).Value = "Red  = NO PING"
    objExcel.Cells(3, 1).Interior.ColorIndex = 3
    objExcel.Cells(3, 2).Value = "Yellow = ATTENTION"
    objExcel.Cells(3, 2).Interior.ColorIndex = 6
    objExcel.Cells(3, 3).Value = "Green = NO CHANGE"
    objExcel.Cells(3, 3).Interior.ColorIndex = 35
 
    objExcel.Cells(5, 1).Value = "Computer Name"
    objExcel.Cells(5, 2).Value = "Cleaned Power Users"
    objExcel.Cells(5, 3).Value = "Standardized Power Users"
    objExcel.Cells(5, 4).Value = "Cleaned Administrators"
    objExcel.Cells(5, 5).Value = "Standardized Administrators"
 
    objExcel.Range("A3:C3, A5:E5").Select
    objExcel.Selection.Font.Bold = True
    objExcel.Cells.EntireColumn.AutoFit
    objWorksheet.Range("A3:C3, A5:E5").Borders.LineStyle = 1
    objWorksheet.Range("A3:C3, A5:E5").Borders.Color = RGB(0, 0, 0)
    objWorksheet.Range("A3:C3, A5:E5").Borders.Weight = 2
    objExcel.Range("A1:E1").Select
 
    intRow = 4
 
    For Each strComputer in arrComputers
        Set objWMIService = GetObject("winmgmts:")
    Next
 
    For i = 0 to Ubound(arrComputers)
 
        strComputer = arrComputers(i)
        blnFAST = False
        Set objWMIService = GetObject("winmgmts:\\" & strHost & "\root\cimv2")
        Set colStatus = objWMIService.ExecQuery("Select * From Win32_PingStatus Where Address = '" & arrComputers(i) & "'")
        For Each objStatus in colStatus
	        intRow = intRow + 1
            If IsNull(objStatus.StatusCode) or objStatus.StatusCode<>0 Then
	    	    objExcel.Cells(intRow + 1, 1).Value = strComputer
	    	    objExcel.Cells(intRow + 1, 1).Interior.ColorIndex = 3
	    	    objExcel.Cells(intRow + 1, 2).Value = ""
	    	    objExcel.Cells(intRow + 1, 2).Interior.ColorIndex = 3
	    	    objExcel.Cells(intRow + 1, 3).Value = ""
	    	    objExcel.Cells(intRow + 1, 3).Interior.ColorIndex = 3
	    	    objExcel.Cells(intRow + 1, 4).Value = ""
	    	    objExcel.Cells(intRow + 1, 4).Interior.ColorIndex = 3
	    	    objExcel.Cells(intRow + 1, 5).Value = ""
	    	    objExcel.Cells(intRow + 1, 5).Interior.ColorIndex = 3
            Else
	            Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
	            Set colItems = objWMIService.ExecQuery("Select * from Win32_OperatingSystem",,48)
	            For Each objItem in colItems
		            strOS = objItem.Caption
 	            Next
	            If strOS = "Microsoft Windows XP Professional" Then
 
                    'Check for FAST/IDB
	                blnFAST = False
                    Set colFiles = objWMIService.ExecQuery("Select * From CIM_Datafile Where Name = 'C:\\FAST\\FAST.exe'")
                    If colFiles.Count > 0 Then    
                        blnFAST = TRUE
                    End If
                    Set colFiles2 = objWMIService.ExecQuery("Select * From CIM_Datafile Where Name = 'C:\\Photoid32\\STATISTICARD32.exe'")
                    If colFiles2.Count > 0 Then    
                        blnFAST = TRUE
                    End If
                    
                    Err.Clear 'Clean Power Users Group
                    Set objGroup = GetObject("WinNT://" & strComputer & "/Power Users")
                    For Each objUser In objGroup.Members
                        'If objUser.Name <> "Domain Users" Then
                            objGroup.Remove(objUser.AdsPath)
                        'End If
                    Next
                    If Err.Number = &H80070562 Then
                        objExcel.Cells(intRow + 1, 1).Value = strComputer
                        objExcel.Cells(intRow + 1, 2).Value = "NO CHANGE"
                	    objExcel.Cells(intRow + 1, 2).Interior.ColorIndex = 35
                    Elseif Err.Number <> 0 Then
                        objExcel.Cells(intRow + 1, 1).Value = strComputer
                        objExcel.Cells(intRow + 1, 2).Value = "NO"
                	    objExcel.Cells(intRow + 1, 2).Interior.ColorIndex = 6
                    Else    
                        objExcel.Cells(intRow + 1, 1).Value = strComputer
                        objExcel.Cells(intRow + 1, 2).Value = "YES"
                    End If 
 
                    Err.Clear 'Add Domain Users to Power Users Group
                    Set myGroup = GetObject("WinNT://" & strComputer & "/Power Users,group")
                    'Set myUser = GetObject("WinNT://Central_Office/Domain Users,group")
                    'Set myUser =  GetObject("WinNT://" & strComputer & "WinNT://NT AUTHORITY/INTERACTIVE,group")
                    myGroup.Add("WinNT://NT AUTHORITY/INTERACTIVE")
                    'myGroup.Add(myUser.ADsPath)    
                    If Err.Number = &H80070562 Then
                        objExcel.Cells(intRow + 1, 3).Value = "NO CHANGE"
                	    objExcel.Cells(intRow + 1, 3).Interior.ColorIndex = 35
                    Elseif Err.Number <> 0 Then
                        objExcel.Cells(intRow + 1, 3).Value = "NO"
                	    objExcel.Cells(intRow + 1, 3).Interior.ColorIndex = 6
                    Else    
                        objExcel.Cells(intRow + 1, 3).Value = "YES"
                    End If
 
                    Set myGroup = Nothing
                    Set myUser = Nothing 
 
                    Err.Clear 'Clean Administrators Group
                    If blnFAST = TRUE Then
                        objExcel.Cells(intRow + 1, 4).Value = "FAST or IDB Workstation"
                	    objExcel.Cells(intRow + 1, 4).Interior.ColorIndex = 6
                    Else
                        Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")
                        For Each objUser In objGroup.Members
                            Select Case objUser.Name
                                Case "Administrator" strAction = "Nothing"
                                Case "Domain Admins" strAction = "Nothing"
                                Case "RegionAAdmins" strAction = "Nothing"
                                Case "RegionBAdmins" strAction = "Nothing"    
                                Case "RegionCAdmins" strAction = "Nothing"
                                Case "RegionDAdmins" strAction = "Nothing"
                                Case Else objGroup.Remove(objUser.AdsPath)
                            End Select
                            
                            'If objUser.Name <> "Administrator" AND objUser.Name <> "Domain Admins" Then
                            '    objGroup.Remove(objUser.AdsPath)
                            'End If
                        Next    
                        If Err.Number = &H80070562 Then
                            objExcel.Cells(intRow + 1, 4).Value = "NO CHANGE"
                	        objExcel.Cells(intRow + 1, 4).Interior.ColorIndex = 35
                        Elseif Err.Number <> 0 Then
                            objExcel.Cells(intRow + 1, 4).Value = "NO"
                	        objExcel.Cells(intRow + 1, 4).Interior.ColorIndex = 6
                        Else    
                            objExcel.Cells(intRow + 1, 4).Value = "YES"
                        End If 
                    End If
 
                    Err.Clear 'Standardize Administrators Group
                    Set myGroup = GetObject("WinNT://" & strComputer & "/Administrators,group")
                    Set myUser = GetObject("WinNT://Central_Office/Region1Admins,group")
                    myGroup.Add(myUser.ADsPath)
                    Set myUser1 = GetObject("WinNT://Central_Office/Domain Admins,group")
                    myGroup.Add(myUser1.ADsPath)
                    Set myUser2 = GetObject("WinNT://Central_Office/Region2Admins,group")
                    myGroup.Add(myUser2.ADsPath)
                    Set myUser3 = GetObject("WinNT://Central_Office/Region3Admins,group")
                    myGroup.Add(myUser3.ADsPath)
                    Set myUser4 = GetObject("WinNT://Central_Office/Region4Admins,group")
                    myGroup.Add(myUser4.ADsPath)
                    If Err.Number = &H80070562 Then
                        objExcel.Cells(intRow + 1, 5).Value = "NO CHANGE"
                	    objExcel.Cells(intRow + 1, 5).Interior.ColorIndex = 35
                    Elseif Err.Number <> 0 Then
                        objExcel.Cells(intRow + 1, 5).Value = "NO"
                	    objExcel.Cells(intRow + 1, 5).Interior.ColorIndex = 6
                    Else    
                        objExcel.Cells(intRow + 1, 5).Value = "YES"
                    End If
 
                    Set myGroup = Nothing
                    Set myUser = Nothing    
                    Set myUser1 = Nothing
                    Set myUser2 = Nothing  
                    Set myUser3 = Nothing  
                    Set myUser4 = Nothing  
 
                    Err.Clear 
                End If
            End If
        Next
        Err.Clear
    Next
 
    BusyClose
    objExplorer.Quit
 
    objExcel.Range("A3:C3, A5:E5").Select
    objExcel.Cells.EntireColumn.AutoFit
    objExcel.Range("A1:E1").Select
 
    objWorkbook.SaveAs "C:\Windows\Temp\Standardize_Local_Groups_" & strFacID & "_" & dtmDate & ".xls"
 
    Set objWorksheet = objExcel.Worksheets(1)
    objWorksheet.Activate
 
    If objFS.FileExists(strBusyFile) Then
        objFS.DeleteFile(strBusyFile)
    End IF
    
End Sub
'*****************************************************************************
</script>       <!--HTML code for the GUI -->
 
<body>
<DIV id="Splash" STYLE="Height:200;Width:400;Border:0.1mm solid black;
position:relative;top:100;left:110;font:14pt arial;
 filter:progid:DXImageTransform.Microsoft.Gradient
(GradientType=0, StartColorStr='orange', EndColorStr='white') '(GradientType=0, StartColorStr='#4169E1', EndColorStr='#F0F8FF')
progid:DXImageTransform.Microsoft.dropshadow(OffX=10, OffY=10, Color='gray', Positive='true')">
 
<CENTER>
<br>
<br>
Standardize Local Groups HTA<br>
<img src="http://internalweb/apps/graphics/graphics/state-of-somewhere_shinygold.gif"border="0" width="350"><br></span><br><br></b>
<font size="3">Office of Information Technology<br></font>
<br>
<font size="1">Created by: Nobody, modified by Nobody2, Some Department.</font>
</CENTER>
</DIV>
<DIV id='MAIN' STYLE="display:none;position:absolute">
<br>
<h1>Technology Services &nbsp;</h1>
<br>
<p align="center"><b>Standardize Local Groups</b>
<hr>
<p align="center"><b>AD Organizational Unit:</b><br>
<input type="radio" name="RadioOption" value="CentralHome" title="Click to select the Central_Home ou."> Central_Home
<input type="radio" name="RadioOption" value="RegionA" title="Click to select the Region1 ou."> RegionA
<input type="radio" name="RadioOption" value="RegionB" title="Click to select the Region2 ou."> RegionB
<input type="radio" name="RadioOption" value="RegionC" title="Click to select the Region3 ou."> RegionC
<input type="radio" name="RadioOption" value="RegionD" title="Click to select the Region4 ou."> RegionD<br>
<br>
<b>Facility ID:</b><br>
<input type="text" name="FacID" size="3" maxlength="3" title="Enter a Facility Code here."><br>
<br>
<button class="button" onClick="GetOU" accessKey="g" title="Click to standardize the local groups on workstations.">Standardize <u>G</u>roups</button><br>
<button class="button" onClick="reset" accessKey="r" title="Click to clear the form."><u>R</u>eset Form </button></p>
<hr>
&nbsp;<b>Instructions:</b><br>
&nbsp;<b>1.</b>&nbsp;Select the radio button for your AD Organizational Unit.<br>
&nbsp;<b>1.</b>&nbsp;Enter the TWO or THREE digit Facility Code.  i.e. CO or SC3 or 564 .<br>
&nbsp;<b>3.</b>&nbsp;Click the 'Standardize Groups' button to execute.<br>
&nbsp;<b>4.</b>&nbsp;An Excel report will automatically display on screen While the script runs.<br>
&nbsp;<b>5.</b>&nbsp;A copy of the report file (.xls) is saved in <b>C:\Windows\Temp</b>.<br>
<p class="notes">&nbsp;This utility will standardize both the local Administrators and Power Users groups<br>
&nbsp;on workstations that are online.  FAST and IDB workstations are <u>NOT</u> modified.<br>
&nbsp;Administrators is standardized to Domain Admins and all of the OU Admin groups.<br>
&nbsp;Power Users is standardized to Domain Users.<br>
<br>
&nbsp;For best performance, run from a Windows XP workstation.</p>
<p class="contact">&nbsp;If you have any questions, email <a href="mailto:person.test@somewhere.net" title="Send an email to the author.">person.test@somewhere.net</a>&nbsp;or&nbsp;<a href="mailto:person2.test@somewhere.net" title="Send an email to the author.">person2.test@somewhere.net</a>.</p>
<p align="right" class="version"><b>Version:3.2</b>&nbsp;</p>
</DIV>
</body>
</html>

Open in new window

0
 
LVL 67

Expert Comment

by:sirbounty
ID: 24028384
I'm just digesting HTAs myself, and I'm afraid my Excel coding is a bit rusty.
However, looking at your code, I would replace the for/next block with this one (for starters - haven't looked at the entire code yet).
You're doing nothing with strAction, so I removed that altogether.
Technically with only '2' conditions, this could easily be converted to an if statement as well - either way it gets a bit lengthy, but you could eliminate the later 4 by doing something like:

If objUser.Name = "Administrator" Or Right(objUser.Name, 6) = "Admins" Then
 'Do nothing
Else
  objGroup.Remove(objUser.ADsPath)
End If


                        For Each objUser In objGroup.Members
                            Select Case objUser.Name
                                Case "Administrator", "Domain Admins", "RegionAAdmins", "RegionBAdmins", "RegionCAdmins", "RegionDAdmins"
 
                                     'Do nothing
                                Case Else
                                     wscript.echo "Removing " & objUser.ADsPath
                                     objGroup.Remove(objUser.AdsPath)
                            End Select
                        Next    

Open in new window

0
 

Author Comment

by:dgore1
ID: 24029318
I couldn't figure out how to make the computer Do nothing, thus the strAction....I first changed the code to this:

 Err.Clear 'Clean Administrators Group
                    If blnFAST = TRUE Then
                        objExcel.Cells(intRow + 1, 4).Value = "FAST or IDB Workstation"
                          objExcel.Cells(intRow + 1, 4).Interior.ColorIndex = 6
                    Else
Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")
                        If objUser.Name = "Administrator" Or Right(objUser.Name, 6) = "Admins"
                        Then strAction = "Nothing"
       Else
        objGroup.Remove(objUser.ADsPath)
      End If

But that gets me an error after the first Else, saying expected Then statement is required.  Got no clue why either.  Looks like it should work...

Also, what other command would I use to set Do nothing with?
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 24029537
I'm not sure what you're trying to accomplish there - but you can only have one 'else'.  Use ElseIf instead:

If condition Then
 do command
elseif condition2 else then
 do command2
else
 do catchall command
End if

As for what to do to do 'nothing' - no need - just comment it out:
If condition Then
 'You can place a comment here indicating that you're doing nothing
Else
 'what to do if condition is not met
 do command
End if

In these cases, my preference is to do the opposite and eliminate the need (if you know what you're testing for):
If NOT condition Then
 do command
End If

I'll look through the full code again and see if I can spot anything else...
0
 

Author Comment

by:dgore1
ID: 24029764
OK, I understand about the do nothing now....here was the old code:

If blnFAST = TRUE Then
                        objExcel.Cells(intRow + 1, 4).Value = "FAST or IDB Workstation"
                          objExcel.Cells(intRow + 1, 4).Interior.ColorIndex = 6
                    Else
                        Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")
                        For Each objUser In objGroup.Members
                            Select Case objUser.Name
                                Case "Administrator" strAction = "Nothing"
                                Case "Domain Admins" strAction = "Nothing"
                                Case "RegionAAdmins" strAction = "Nothing"
                                Case "RegionBAdmins" strAction = "Nothing"    
                                Case "RegionCAdmins" strAction = "Nothing"
                                Case "RegionDAdmins" strAction = "Nothing"
                                Case Else objGroup.Remove(objUser.AdsPath)
                            End Select

When I replace it with this:

           If blnFAST = TRUE Then
                        objExcel.Cells(intRow + 1, 4).Value = "FAST or IDB Workstation"
                          objExcel.Cells(intRow + 1, 4).Interior.ColorIndex = 6
                    Else
Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")
                        If objUser.Name = "Administrator" Or Right(objUser.Name, 6) = "Admins"
                        Then strAction = "Nothing"
       Else
        objGroup.Remove(objUser.ADsPath)
      End If

The error happens below on line 4..indicating expected Then needed...which I don't see why...
                    If blnFAST = TRUE Then
                        objExcel.Cells(intRow + 1, 4).Value = "FAST or IDB Workstation"
                          objExcel.Cells(intRow + 1, 4).Interior.ColorIndex = 6
                    Else
Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")
                        If objUser.Name = "Administrator" Or Right(objUser.Name, 6) = "Admins" 
                        Then strAction = "Nothing"
       Else
        objGroup.Remove(objUser.ADsPath)
      End If

Open in new window

0
 
LVL 67

Expert Comment

by:sirbounty
ID: 24030053
This block:
                  If blnFAST = TRUE Then
                        objExcel.Cells(intRow + 1, 4).Value = "FAST or IDB Workstation"
                          objExcel.Cells(intRow + 1, 4).Interior.ColorIndex = 6
                    Else
Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")
                        If objUser.Name = "Administrator" Or Right(objUser.Name, 6) = "Admins"
                        Then strAction = "Nothing"
       Else
        objGroup.Remove(objUser.ADsPath)
      End If

should be written as:
                    If blnFAST = TRUE Then
                        objExcel.Cells(intRow + 1, 4).Value = "FAST or IDB Workstation"
                        objExcel.Cells(intRow + 1, 4).Interior.ColorIndex = 6
                    Else
                        Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")
                        If objUser.Name = "Administrator" Or Right(objUser.Name, 6) = "Admins" Then 
                           strAction = "Nothing"
                        Else
                           objGroup.Remove(objUser.ADsPath)
                        End If
                   End If

Open in new window

0
 
LVL 67

Expert Comment

by:sirbounty
ID: 24030199
Just looked at this sub - I didn't want to do too much reformatting until you understood the changes...try using this sub - read through the commenting that I've made...
Sub GenerateReport        'Generate the final report in Excel format.
    If objFS.FileExists(strInputFile) Then
        Set objTextStream = objFS.OpenTextFile(strInputFile, FOR_READING)
    Else
        Msgbox "Input text file " & strInputFile & " not found."
        Exit Sub
    End If
 
    If objTextStream.AtEndOfStream Then
        Msgbox "Input text file " & strInputFile & " is empty." & vbCrLf & vbCrLf & "Please check the Facility ID."
        Exit Sub
    End If
 
    arrComputers = Split(objTextStream.ReadAll, vbCrLf)
    objTextStream.Close
 
    Set objExcel = CreateObject("Excel.Application")
    objExcel.Visible = True
    Set objWorkbook = objExcel.Workbooks.Add(1)
    objExcel.DisplayAlerts = False
 
    Set objWorksheet = objExcel.Worksheets(1)
    objWorksheet.Activate
    objWorksheet.Name = strFacID
    objExcel.DisplayAlerts = False
 
    objExcel.Cells(1, 1).Value = strFacID & " Standardize Local Groups on " & Now
    objExcel.Cells(1, 1).Font.Size = 14
    objExcel.Cells(1, 1).Font.Bold = True
    objExcel.Range("A1:E1").Select
    objExcel.Selection.Merge = True
    objExcel.Selection.HorizontalAlignment = -4108
 
    objExcel.Cells(3, 1).Value = "Red  = NO PING"
    objExcel.Cells(3, 1).Interior.ColorIndex = 3
    objExcel.Cells(3, 2).Value = "Yellow = ATTENTION"
    objExcel.Cells(3, 2).Interior.ColorIndex = 6
    objExcel.Cells(3, 3).Value = "Green = NO CHANGE"
    objExcel.Cells(3, 3).Interior.ColorIndex = 35
 
    objExcel.Cells(5, 1).Value = "Computer Name"
    objExcel.Cells(5, 2).Value = "Cleaned Power Users"
    objExcel.Cells(5, 3).Value = "Standardized Power Users"
    objExcel.Cells(5, 4).Value = "Cleaned Administrators"
    objExcel.Cells(5, 5).Value = "Standardized Administrators"
 
    objExcel.Range("A3:C3, A5:E5").Select
    objExcel.Selection.Font.Bold = True
    objExcel.Cells.EntireColumn.AutoFit
    objWorksheet.Range("A3:C3, A5:E5").Borders.LineStyle = 1
    objWorksheet.Range("A3:C3, A5:E5").Borders.Color = RGB(0, 0, 0)
    objWorksheet.Range("A3:C3, A5:E5").Borders.Weight = 2
    objExcel.Range("A1:E1").Select
 
    intRow = 4
 
'This can be removed - what does it do?
'    For Each strComputer in arrComputers
'        Set objWMIService = GetObject("winmgmts:")
'    Next
 
'Try without a counter:    For i = 0 to Ubound(arrComputers)
  For Each strComputer in arrComputers
'        strComputer = arrComputers(i)
        blnFAST = False
'Updated strHost to be strComputer
        Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
        Set colStatus = objWMIService.ExecQuery("Select * From Win32_PingStatus Where Address = '" & strComputer & "'")
        For Each objStatus in colStatus
            intRow = intRow + 1
            If IsNull(objStatus.StatusCode) or objStatus.StatusCode<>0 Then
	    	    objExcel.Cells(intRow + 1, 1).Value = strComputer
	    	    objExcel.Cells(intRow + 1, 1).Interior.ColorIndex = 3
	    	    objExcel.Cells(intRow + 1, 2).Value = ""
	    	    objExcel.Cells(intRow + 1, 2).Interior.ColorIndex = 3
	    	    objExcel.Cells(intRow + 1, 3).Value = ""
	    	    objExcel.Cells(intRow + 1, 3).Interior.ColorIndex = 3
	    	    objExcel.Cells(intRow + 1, 4).Value = ""
	    	    objExcel.Cells(intRow + 1, 4).Interior.ColorIndex = 3
	    	    objExcel.Cells(intRow + 1, 5).Value = ""
	    	    objExcel.Cells(intRow + 1, 5).Interior.ColorIndex = 3
            Else
'You already have this assignment - if impersonation is needed - use it in the assignment above: Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
	            Set colItems = objWMIService.ExecQuery("Select * from Win32_OperatingSystem",,48)
	            For Each objItem in colItems
		            strOS = objItem.Caption
 	            Next
	            If strOS = "Microsoft Windows XP Professional" Then
                                 'Check for FAST/IDB
                                 blnFAST = False
                                 Set colFiles = objWMIService.ExecQuery("Select * From CIM_Datafile Where Name = 'C:\\FAST\\FAST.exe'")
                                 If colFiles.Count > 0 Then blnFAST = TRUE
'reuse colFiles...no need for colFiles2
                                 Set colFiles = objWMIService.ExecQuery("Select * From CIM_Datafile Where Name = 'C:\\Photoid32\\STATISTICARD32.exe'")
                                 If colFiles2.Count > 0 Then blnFAST = TRUE
                 
                                 On Error Goto 0'Clean Power Users Group
                                 Set objGroup = GetObject("WinNT://" & strComputer & "/Power Users")
                                 For Each objUser In objGroup.Members
'Assume you're removing 'everyone' from Power Users?  Is this working?
                                     'If objUser.Name <> "Domain Users" Then
                                     objGroup.Remove(objUser.AdsPath)
                                    'End If
                                Next
                    If Err.Number = &H80070562 Then
                        objExcel.Cells(intRow + 1, 1).Value = strComputer
                        objExcel.Cells(intRow + 1, 2).Value = "NO CHANGE"
                	    objExcel.Cells(intRow + 1, 2).Interior.ColorIndex = 35
                    Elseif Err.Number <> 0 Then
                        objExcel.Cells(intRow + 1, 1).Value = strComputer
                        objExcel.Cells(intRow + 1, 2).Value = "NO"
                	    objExcel.Cells(intRow + 1, 2).Interior.ColorIndex = 6
                    Else    
                        objExcel.Cells(intRow + 1, 1).Value = strComputer
                        objExcel.Cells(intRow + 1, 2).Value = "YES"
                    End If 
 
                    On Error Resume Next 'Add Domain Users to Power Users Group
'You already have the objGroup assignment to the same group - this is redundant...simply exclude the accounts you want to leave in your condition above
                    Set myGroup = GetObject("WinNT://" & strComputer & "/Power Users,group")
                    'Set myUser = GetObject("WinNT://Central_Office/Domain Users,group")
                    'Set myUser =  GetObject("WinNT://" & strComputer & "WinNT://NT AUTHORITY/INTERACTIVE,group")
                    myGroup.Add("WinNT://NT AUTHORITY/INTERACTIVE")
                    'myGroup.Add(myUser.ADsPath)    
                    If Err.Number = &H80070562 Then
                        objExcel.Cells(intRow + 1, 3).Value = "NO CHANGE"
                	    objExcel.Cells(intRow + 1, 3).Interior.ColorIndex = 35
                    Elseif Err.Number <> 0 Then
                        objExcel.Cells(intRow + 1, 3).Value = "NO"
                	    objExcel.Cells(intRow + 1, 3).Interior.ColorIndex = 6
                    Else    
                        objExcel.Cells(intRow + 1, 3).Value = "YES"
                    End If
 
                    Set myGroup = Nothing
                    Set myUser = Nothing 
 
                    On Error Goto 0'Clean Administrators Group
                    If blnFAST = TRUE Then
                        objExcel.Cells(intRow + 1, 4).Value = "FAST or IDB Workstation"
                	    objExcel.Cells(intRow + 1, 4).Interior.ColorIndex = 6
                    Else
                        Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")
                        If uBound(objGroup.Members) > 0 Then
                            For Each objUser In objGroup.Members
                              If Instr(objUser.Name, "dmin") = 0 Then 'This excluds any user 'without' dmin in the name (aDMINistrator, domain aDMINs, region?aDMINs)
                                objGroup.Remove(objUser.AdsPath)
                              End If
                            Next    
                        If Err.Number = &H80070562 Then
                            objExcel.Cells(intRow + 1, 4).Value = "NO CHANGE"
                	        objExcel.Cells(intRow + 1, 4).Interior.ColorIndex = 35
                        Elseif Err.Number <> 0 Then
                            objExcel.Cells(intRow + 1, 4).Value = "NO"
                	        objExcel.Cells(intRow + 1, 4).Interior.ColorIndex = 6
                        Else    
                            objExcel.Cells(intRow + 1, 4).Value = "YES"
                        End If 
                    End If
 
                    Err.Clear 'Standardize Administrators Group
                    Set myGroup = GetObject("WinNT://" & strComputer & "/Administrators,group")
                    Set myUser = GetObject("WinNT://Central_Office/Region1Admins,group")
                    myGroup.Add(myUser.ADsPath)
                    Set myUser1 = GetObject("WinNT://Central_Office/Domain Admins,group")
                    myGroup.Add(myUser1.ADsPath)
                    Set myUser2 = GetObject("WinNT://Central_Office/Region2Admins,group")
                    myGroup.Add(myUser2.ADsPath)
                    Set myUser3 = GetObject("WinNT://Central_Office/Region3Admins,group")
                    myGroup.Add(myUser3.ADsPath)
                    Set myUser4 = GetObject("WinNT://Central_Office/Region4Admins,group")
                    myGroup.Add(myUser4.ADsPath)
                    If Err.Number = &H80070562 Then
                        objExcel.Cells(intRow + 1, 5).Value = "NO CHANGE"
                	    objExcel.Cells(intRow + 1, 5).Interior.ColorIndex = 35
                    Elseif Err.Number <> 0 Then
                        objExcel.Cells(intRow + 1, 5).Value = "NO"
                	    objExcel.Cells(intRow + 1, 5).Interior.ColorIndex = 6
                    Else    
                        objExcel.Cells(intRow + 1, 5).Value = "YES"
                    End If
 
                    Set myGroup = Nothing
                    Set myUser = Nothing    
                    Set myUser1 = Nothing
                    Set myUser2 = Nothing  
                    Set myUser3 = Nothing  
                    Set myUser4 = Nothing  
 
                    Err.Clear 
                End If
            End If
        Next
        Err.Clear
    Next
 
    BusyClose
    objExplorer.Quit
 
    objExcel.Range("A3:C3, A5:E5").Select
    objExcel.Cells.EntireColumn.AutoFit
    objExcel.Range("A1:E1").Select
 
    objWorkbook.SaveAs "C:\Windows\Temp\Standardize_Local_Groups_" & strFacID & "_" & dtmDate & ".xls"
 
    Set objWorksheet = objExcel.Worksheets(1)
    objWorksheet.Activate
 
    If objFS.FileExists(strBusyFile) Then
        objFS.DeleteFile(strBusyFile)
    End IF
    
End Sub

Open in new window

0
 

Author Comment

by:dgore1
ID: 24030272
oopss I see where I missed an end if statement...whew...testing now....

shucks same result...just makes no sense...it should remove everything from the local admins....got me stumped...
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 24030372
Something else you can try - to ensure that code block is working, is to strip that out alone and try that method - then simply plug it back in once it's working for you.
I'll be able to test something in a bit if you don't get a chance...
0
 

Author Comment

by:dgore1
ID: 24030539
my mistake....the code worked perfect!!!  but the result is still the same....certain users are not cleaned out of the local administrators group....

It gets about 85% of the computers....the other 15% nope....checked to make sure that all users are domain users and they are...plus even some of the users I created from scratch to exist only on the local machines and it even cleans those on 100% of the machines!!

this is a real stumper....
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 24030991
doesn't really sound like a code problem then - any similarities in the accounts that aren't removed?
0
 

Author Comment

by:dgore1
ID: 24031202
nope...none....we have looked for the following conditions:

logged on versus not logged on
local versus domain accounts
not local admins versus local admins

in all cases, even when we create the users that were having problems on one computer on our test computers, they work fine!!

Is there any other statement other than remove\delete to dump all from the local administrators group?
0
 
LVL 67

Assisted Solution

by:sirbounty
sirbounty earned 100 total points
ID: 24035589
I wonder if you tried a basic script against one of those that fails if it would work...

As for 'other' code - adapted from http://www.microsoft.com/technet/scriptcenter/resources/qanda/jan08/hey0102.mspx
Try this.
I'm not certain it works with the winnt provider though...



Const ADS_PROPERTY_DELETE = 4
 
 
Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")
For Each strUser in objGroup.Member 'This may need to be Members
    If InStr(lCase(strUser),"dmin") = 0 Then 
        objGroup.PutEx ADS_PROPERTY_DELETE, "member", Array(strUser) 
        objGroup.SetInfo 
    End If
Next

Open in new window

0
 

Author Comment

by:dgore1
ID: 24038227
Neat article and I changed the code in the script to do both member and members...Even on the test machine this will not remove anybody from the administrator group..

I wonder if the PutEX ADS_PROPERTY_DELETE only works with domain membership and not local administrator groups?  Or maybe not with the WINNT provider though...
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 24039223
Probably with the LDAP provider only...I didn't test it.
Hmm - you might click the request attention link above.  I know a couple of other experts that eat and breathe this stuff that could be notified...
0
 

Author Comment

by:dgore1
ID: 24039789
OK...but you sure but forth a great effort!!  So I will split the points with you and whoever else can assist!!

thanks,
dale
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 24055769
Hi there....the main issue here is that there may be WMI issues on the computers that aren't being modfifed.  I've ammended the GenerateReport sub to try to catch this scenario.

I've also changed your blnFAST identification from this

                          Set colFiles = objWMIService.ExecQuery("Select * From CIM_Datafile Where Name = 'C:\\FAST\\FAST.exe'")
                          If colFiles.Count > 0 Then    
                              blnFAST = True
                          End If
                          Set colFiles2 = objWMIService.ExecQuery("Select * From CIM_Datafile Where Name = 'C:\\Photoid32\\STATISTICARD32.exe'")
                          If colFiles2.Count > 0 Then    
                              blnFAST = True
                          End If


to this

                          If objFS.FileExists("\\" & strComputer & "\C$\FAST\FAST.exe") = True Then blnFAST = True
                          If objFS.FileExists("\\" & strComputer & "\C$\Photoid32\STATISTICCARD32.exe") = True Then blnFAST = True

because the FileExists method (for a single file) is much quicker than a CIM_DataFile query.

I am unable to test it though, because I don't want to change too much of it for my environment, then I might forget what I changed.....

I think I've fixed your Excel issue, by changing
objExcel.Selection.Merge = True

to
objExcel.Selection.MergeCells = True

Regards,

Rob.
Sub GenerateReport        'Generate the final report in Excel format.
 
'	On Error Resume Next
 	
    If objFS.FileExists(strInputFile) Then
        Set objTextStream = objFS.OpenTextFile(strInputFile, FOR_READING)
    Else
        Msgbox "Input text file " & strInputFile & " not found."
        Exit Sub
    End If
 
    If objTextStream.AtEndOfStream Then
        Msgbox "Input text file " & strInputFile & " is empty." & vbCrLf & vbCrLf & "Please check the Facility ID."
        Exit Sub
    End If
 
    arrComputers = Split(objTextStream.ReadAll, vbCrLf)
    objTextStream.Close
 
    Set objExcel = CreateObject("Excel.Application")
    objExcel.Visible = True
    Set objWorkbook = objExcel.Workbooks.Add(1)
    objExcel.DisplayAlerts = False
 
    Set objWorksheet = objExcel.Worksheets(1)
    objWorksheet.Activate
    objWorksheet.Name = strFacID
    objExcel.DisplayAlerts = False
 
    objExcel.Cells(1, 1).Value = strFacID & " Standardize Local Groups on " & Now
    objExcel.Cells(1, 1).Font.Size = 14
    objExcel.Cells(1, 1).Font.Bold = True
    objExcel.Range("A1:E1").Select
    objExcel.Selection.MergeCells = True
    objExcel.Selection.HorizontalAlignment = -4108
 
    objExcel.Cells(3, 1).Value = "Red  = NO PING"
    objExcel.Cells(3, 1).Interior.ColorIndex = 3
    objExcel.Cells(3, 2).Value = "Yellow = ATTENTION"
    objExcel.Cells(3, 2).Interior.ColorIndex = 6
    objExcel.Cells(3, 3).Value = "Green = NO CHANGE"
    objExcel.Cells(3, 3).Interior.ColorIndex = 35
 
    objExcel.Cells(5, 1).Value = "Computer Name"
    objExcel.Cells(5, 2).Value = "Cleaned Power Users"
    objExcel.Cells(5, 3).Value = "Standardized Power Users"
    objExcel.Cells(5, 4).Value = "Cleaned Administrators"
    objExcel.Cells(5, 5).Value = "Standardized Administrators"
 
    objExcel.Range("A3:C3, A5:E5").Select
    objExcel.Selection.Font.Bold = True
    objExcel.Cells.EntireColumn.AutoFit
    objWorksheet.Range("A3:C3, A5:E5").Borders.LineStyle = 1
    objWorksheet.Range("A3:C3, A5:E5").Borders.Color = RGB(0, 0, 0)
    objWorksheet.Range("A3:C3, A5:E5").Borders.Weight = 2
    objExcel.Range("A1:E1").Select
 
    intRow = 4
 
    'For Each strComputer in arrComputers
    '    Set objWMIService = GetObject("winmgmts:")
    'Next
 
    For i = 0 to Ubound(arrComputers)
 
        strComputer = arrComputers(i)
        blnFAST = False
        Set objWMIService = GetObject("winmgmts:\\" & strHost & "\root\cimv2")
        Set colStatus = objWMIService.ExecQuery("Select * From Win32_PingStatus Where Address = '" & arrComputers(i) & "'")
        For Each objStatus in colStatus
	        intRow = intRow + 1
            If IsNull(objStatus.StatusCode) or objStatus.StatusCode<>0 Then
	    	    objExcel.Cells(intRow + 1, 1).Value = strComputer
	    	    objExcel.Cells(intRow + 1, 1).Interior.ColorIndex = 3
	    	    objExcel.Cells(intRow + 1, 2).Value = ""
	    	    objExcel.Cells(intRow + 1, 2).Interior.ColorIndex = 3
	    	    objExcel.Cells(intRow + 1, 3).Value = ""
	    	    objExcel.Cells(intRow + 1, 3).Interior.ColorIndex = 3
	    	    objExcel.Cells(intRow + 1, 4).Value = ""
	    	    objExcel.Cells(intRow + 1, 4).Interior.ColorIndex = 3
	    	    objExcel.Cells(intRow + 1, 5).Value = ""
	    	    objExcel.Cells(intRow + 1, 5).Interior.ColorIndex = 3
            Else
            	Err.Clear
	            On Error Resume Next
	            Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
	            If Err.Number <> 0 Then
		    	    objExcel.Cells(intRow + 1, 1).Value = strComputer
		    	    objExcel.Cells(intRow + 1, 1).Interior.ColorIndex = 3
		    	    objExcel.Cells(intRow + 1, 2).Value = "WMI ERROR"
		    	    objExcel.Cells(intRow + 1, 2).Interior.ColorIndex = 3
		    	    objExcel.Cells(intRow + 1, 3).Value = "WMI ERROR"
		    	    objExcel.Cells(intRow + 1, 3).Interior.ColorIndex = 3
		    	    objExcel.Cells(intRow + 1, 4).Value = "WMI ERROR"
		    	    objExcel.Cells(intRow + 1, 4).Interior.ColorIndex = 3
		    	    objExcel.Cells(intRow + 1, 5).Value = "WMI ERROR"
		    	    objExcel.Cells(intRow + 1, 5).Interior.ColorIndex = 3
	            Else
	            	Err.Clear
	            	On Error GoTo 0
		            Set colItems = objWMIService.ExecQuery("Select * from Win32_OperatingSystem",,48)
		            For Each objItem in colItems
			            strOS = objItem.Caption
	 	            Next
		            If strOS = "Microsoft Windows XP Professional" Then
	 
	                    'Check for FAST/IDB
		                blnFAST = False
	                    If objFS.FileExists("\\" & strComputer & "\C$\FAST\FAST.exe") = True Then blnFAST = True
	                    If objFS.FileExists("\\" & strComputer & "\C$\Photoid32\STATISTICCARD32.exe") = True Then blnFAST = True
	                    'Set colFiles = objWMIService.ExecQuery("Select * From CIM_Datafile Where Name = 'C:\\FAST\\FAST.exe'")
	                    'If colFiles.Count > 0 Then    
	                    '    blnFAST = True
	                    'End If
	                    'Set colFiles2 = objWMIService.ExecQuery("Select * From CIM_Datafile Where Name = 'C:\\Photoid32\\STATISTICARD32.exe'")
	                    'If colFiles2.Count > 0 Then    
	                    '    blnFAST = True
	                    'End If
	                    
	                    Err.Clear 'Clean Power Users Group
	                    Set objGroup = GetObject("WinNT://" & strComputer & "/Power Users")
	                    For Each objUser In objGroup.Members
	                        'If objUser.Name <> "Domain Users" Then
	                            objGroup.Remove(objUser.AdsPath)
	                        'End If
	                    Next
	                    If Err.Number = &H80070562 Then
	                        objExcel.Cells(intRow + 1, 1).Value = strComputer
	                        objExcel.Cells(intRow + 1, 2).Value = "NO CHANGE"
	                	    objExcel.Cells(intRow + 1, 2).Interior.ColorIndex = 35
	                    Elseif Err.Number <> 0 Then
	                        objExcel.Cells(intRow + 1, 1).Value = strComputer
	                        objExcel.Cells(intRow + 1, 2).Value = "NO"
	                	    objExcel.Cells(intRow + 1, 2).Interior.ColorIndex = 6
	                    Else    
	                        objExcel.Cells(intRow + 1, 1).Value = strComputer
	                        objExcel.Cells(intRow + 1, 2).Value = "YES"
	                    End If 
	 
	                    Err.Clear 'Add Domain Users to Power Users Group
	                    Set myGroup = GetObject("WinNT://" & strComputer & "/Power Users,group")
	                    'Set myUser = GetObject("WinNT://Central_Office/Domain Users,group")
	                    'Set myUser =  GetObject("WinNT://" & strComputer & "WinNT://NT AUTHORITY/INTERACTIVE,group")
	                    myGroup.Add("WinNT://NT AUTHORITY/INTERACTIVE")
	                    'myGroup.Add(myUser.ADsPath)    
	                    If Err.Number = &H80070562 Then
	                        objExcel.Cells(intRow + 1, 3).Value = "NO CHANGE"
	                	    objExcel.Cells(intRow + 1, 3).Interior.ColorIndex = 35
	                    Elseif Err.Number <> 0 Then
	                        objExcel.Cells(intRow + 1, 3).Value = "NO"
	                	    objExcel.Cells(intRow + 1, 3).Interior.ColorIndex = 6
	                    Else    
	                        objExcel.Cells(intRow + 1, 3).Value = "YES"
	                    End If
	 
	                    Set myGroup = Nothing
	                    Set myUser = Nothing 
	 
	                    Err.Clear 'Clean Administrators Group
	                    If blnFAST = TRUE Then
	                        objExcel.Cells(intRow + 1, 4).Value = "FAST or IDB Workstation"
	                	    objExcel.Cells(intRow + 1, 4).Interior.ColorIndex = 6
	                    Else
	                        Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")
	                        For Each objUser In objGroup.Members
	                            Select Case objUser.Name
	                                Case "Administrator" strAction = "Nothing"
	                                Case "Domain Admins" strAction = "Nothing"
	                                Case "RegionAAdmins" strAction = "Nothing"
	                                Case "RegionBAdmins" strAction = "Nothing"    
	                                Case "RegionCAdmins" strAction = "Nothing"
	                                Case "RegionDAdmins" strAction = "Nothing"
	                                Case Else objGroup.Remove(objUser.AdsPath)
	                            End Select
	                            
	                            'If objUser.Name <> "Administrator" AND objUser.Name <> "Domain Admins" Then
	                            '    objGroup.Remove(objUser.AdsPath)
	                            'End If
	                        Next    
	                        If Err.Number = &H80070562 Then
	                            objExcel.Cells(intRow + 1, 4).Value = "NO CHANGE"
	                	        objExcel.Cells(intRow + 1, 4).Interior.ColorIndex = 35
	                        Elseif Err.Number <> 0 Then
	                            objExcel.Cells(intRow + 1, 4).Value = "NO"
	                	        objExcel.Cells(intRow + 1, 4).Interior.ColorIndex = 6
	                        Else    
	                            objExcel.Cells(intRow + 1, 4).Value = "YES"
	                        End If 
	                    End If
	 
	                    Err.Clear 'Standardize Administrators Group
	                    Set myGroup = GetObject("WinNT://" & strComputer & "/Administrators,group")
	                    Set myUser = GetObject("WinNT://Central_Office/Region1Admins,group")
	                    myGroup.Add(myUser.ADsPath)
	                    Set myUser1 = GetObject("WinNT://Central_Office/Domain Admins,group")
	                    myGroup.Add(myUser1.ADsPath)
	                    Set myUser2 = GetObject("WinNT://Central_Office/Region2Admins,group")
	                    myGroup.Add(myUser2.ADsPath)
	                    Set myUser3 = GetObject("WinNT://Central_Office/Region3Admins,group")
	                    myGroup.Add(myUser3.ADsPath)
	                    Set myUser4 = GetObject("WinNT://Central_Office/Region4Admins,group")
	                    myGroup.Add(myUser4.ADsPath)
	                    If Err.Number = &H80070562 Then
	                        objExcel.Cells(intRow + 1, 5).Value = "NO CHANGE"
	                	    objExcel.Cells(intRow + 1, 5).Interior.ColorIndex = 35
	                    Elseif Err.Number <> 0 Then
	                        objExcel.Cells(intRow + 1, 5).Value = "NO"
	                	    objExcel.Cells(intRow + 1, 5).Interior.ColorIndex = 6
	                    Else    
	                        objExcel.Cells(intRow + 1, 5).Value = "YES"
	                    End If
	 
	                    Set myGroup = Nothing
	                    Set myUser = Nothing    
	                    Set myUser1 = Nothing
	                    Set myUser2 = Nothing  
	                    Set myUser3 = Nothing  
	                    Set myUser4 = Nothing  
	 
	                    Err.Clear 
	                End If
	            End If
            End If
        Next
        Err.Clear
    Next
 
    BusyClose
    objExplorer.Quit
 
    objExcel.Range("A3:C3, A5:E5").Select
    objExcel.Cells.EntireColumn.AutoFit
    objExcel.Range("A1:E1").Select
 
    objWorkbook.SaveAs "C:\Windows\Temp\Standardize_Local_Groups_" & strFacID & "_" & dtmDate & ".xls"
 
    Set objWorksheet = objExcel.Worksheets(1)
    objWorksheet.Activate
 
    If objFS.FileExists(strBusyFile) Then
        objFS.DeleteFile(strBusyFile)
    End If
    
End Sub

Open in new window

0
 

Author Comment

by:dgore1
ID: 24058377
OK...I ran the script and no longer get the excel error...on my test computer it does the following:

Cleans the administrators group of everybody, with the exception of only administrators and Region1Admins...all others are gone!! not sure why that's happening...

will run this on the affected computers after we figure out why it's dumping all of the admins except those 2!!!
0
 

Author Comment

by:dgore1
ID: 24058438
also this line of code:

objExcel.Selection.Merge = True

to
objExcel.Selection.MergeCells = True

causes excel to hang and not finish the report...however, it does solve the error issue!!!

I will test all the other machines today and let you know!!!

what type of problems could cause WMI not to work on the affected machines?
0
 

Author Comment

by:dgore1
ID: 24072869
RobSampson,

just in case you are waiting, we had to wait until monday...they won't run a script like this one on a friday afternoon!!!

but while I'm waiting, I did some changes and need an explanation if possible:  this section of code:

Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")
                              For Each objUser In objGroup.Members
                                  Select Case objUser.Name
                                      Case "Administrator" strAction = "Nothing"
                                      Case "Domain Admins" strAction = "Nothing"
                                      Case "RegionAAdmins" strAction = "Nothing"
                                      Case "RegionBAdmins" strAction = "Nothing"    
                                      Case "RegionCAdmins" strAction = "Nothing"
                                      Case "RegionDAdmins" strAction = "Nothing"
                                      Case Else objGroup.Remove(objUser.AdsPath)
                                  End Select
                                  
                                  'If objUser.Name <> "Administrator" AND objUser.Name <> "Domain Admins" Then
                                  '    objGroup.Remove(objUser.AdsPath)
                                  'End If
                              Next    


I changed to this to see what would happen:

                              For Each objUser In objGroup.Members
                               objGroup.Remove(objUser.AdsPath)
                              
                          Next

Now it doesn't remove the administrator but sure does an enema on everything else in the administrators group...then allows you to add back in the needed administrators....I will be testing this on monday as well...just curious why...any Ideas?

thanks,
dale
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 24082593
You know what....I'm not actually sure....the Select Case really should work....it works for me.....

Your second method should be fine in any case, and that's a not a bad idea anyway, because you then get to make sure exactly what groups or users are members of those groups, because you start fresh.

Regards,

Rob.
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 24083086
FYI, here's another post that deals with removing memebers from certain groups, and leaving ones in them that are required....
http://www.experts-exchange.com/Programming/Languages/Q_24118918.html

Regards,

Rob.
0
 

Author Comment

by:dgore1
ID: 24083255
Sure is strange, isn't it....we ran that script about 50 times with the case statements and it just seems to ignore the statements completely...

Seems the second method just cleans it and then the second part puts them back in...we had to wait until tomorrow to test...today was a bad day for testing based upon workload in certain offices....

I actually looked at the link above before posting my question...nice and elegant solution by the way!!

thanks for the help and let you know how it goes tomorrow!!
dale
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 24083678
Hmmm, what if you run this code (it won't change anything) just to see if the Select Case statements work....it works for me....

Regards,

Rob.
strComputer = "."
Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")
For Each objUser In objGroup.Members
	Select Case objUser.Name
		Case "Administrator"
			MsgBox "Administrator is a member."
		Case "Domain Admins"
			MsgBox "Domain Admins is a member."
		Case "RegionAAdmins"
			MsgBox "RegionAAdmins is a member."
		Case "RegionBAdmins"
			MsgBox "RegionBAdmins is a member."
		Case "RegionCAdmins"
			MsgBox "RegionCAdmins is a member."
		Case "RegionDAdmins"
			MsgBox "RegionDAdmins is a member."
		Case Else
			MsgBox objUser.AdsPath & " is not a member and would be removed."
	End Select
Next

Open in new window

0
 

Author Comment

by:dgore1
ID: 24085349
I'll give that a try....but it almost seems like it with the Excel Spreadsheet it ignores the Case statements....not to mention when I used the code change below, the spreadsheet no longer displays...just sits on the spreadsheet and seems to process but no data displays....ya know, maybe this stuff really is rocket science? :)

 think I've fixed your Excel issue, by changing
objExcel.Selection.Merge = True

to
objExcel.Selection.MergeCells = True

I'll let you know how the code goes today!!!

As always, thanks!
Dale
0
 

Author Comment

by:dgore1
ID: 24087693
wow...that works kind of neat...mine failed on certain computers...again....

so I put yours in and it processes through each and everyone perfectly...and I believe I have found the culprits...apparently some of the computers were migrated from an old NT domain and have certain users still in the administrators group...

When the script runs, it hits those users and says this:

UserXXX is not a member and would be removed

but nothing happens...we check the machine and sure enough they are still there!!  So unless there is another way to remove just the single users, since they are not a member of any particular group, then those may have to be done by hand...

any ideas?

thanks,
dale
0
 
LVL 65

Accepted Solution

by:
RobSampson earned 400 total points
ID: 24092775
Hmmm, so if you actually get told that a certain user is not a member of any of the specified groups, and actually needs removing, then under this

MsgBox objUser.AdsPath & " is not a member and would be removed."

in theory, you should be able to add

objGroup.Remove(objUser.AdsPath)

and it should work.

Perhaps instead of just adding that one line, you could use:

On Error Resume Next
objGroup.Remove(objUser.AdsPath)
If Err.Number = 0 Then
   MsgBox objUser.AdsPath & " has been removed."
Else
   MsgBox "Error removing " & objUser.AdsPath
End If
Err.Clear
On Error GoTo 0

to have more control over that.

Regards,

Rob.
0
 

Author Comment

by:dgore1
ID: 24095366
forgot to tell you....I added the objGroup.Remove(objUser.AdsPath) to the case and it removed everything but that 1 user, which is a domain user by the way....just a migrated user...

going to try the next part today and see how that pans out!!

The thing that gets me is you would think that the remove, which removes everything else so nicely would really remove everything, regardless of any reason....with the exception of the administrator, which is the local admin and cannot be removed....that I get...just really strange...

thanks for all the help!
Dale

0
 

Author Comment

by:dgore1
ID: 24102659
had to go to training....gonna run the script in the AM...forgot about that training stuff!!!
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 24102671
No problem. I'm in training myself.....I can wait :-)

Rob.
0
 

Author Comment

by:dgore1
ID: 24105760
ran the script on the test machine and it processes and tells you what it's doing but hangs on the Excel report when trying to finish the column called standard adminstrators group...the cursor sits in that field and doesn't process any further...

I have attached the code with all the changes to make sure I have it correct:

thanks,
dale

Err.Clear 'Clean Administrators Group
                    If blnFAST = TRUE Then
                        objExcel.Cells(intRow + 1, 4).Value = "FAST or IDB Workstation"
                	    objExcel.Cells(intRow + 1, 4).Interior.ColorIndex = 6
                    Else
                        Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")
                            For Each objUser In objGroup.Members
			  Select Case objUser.Name
				Case "Administrator"
				MsgBox "Administrator is a member."
				Case "Domain Admins"
				MsgBox "Domain Admins is a member."
				Case "Region1Admins"
				MsgBox "Region1Admins is a member."
				Case "Region2Admins"
				MsgBox "Region2Admins is a member."
				Case "Region3Admins"
				MsgBox "Region3Admins is a member."
				Case "Region4Admins"
				MsgBox "Region4Admins is a member."
				Case Else
				MsgBox objUser.AdsPath & " is not a member and will be removed."
				On Error Resume Next
				objGroup.Remove(objUser.AdsPath)
					If Err.Number = 0 Then
					   MsgBox objUser.AdsPath & " has been removed."
					Else
					   MsgBox "Error removing " & objUser.AdsPath
					End If
					Err.Clear
					On Error GoTo 0
				End Select
			Next                

Open in new window

0
 

Author Comment

by:dgore1
ID: 24105785
OK...I removed the following 2 lines and all processes normally on the test machine:

On Error resume next

On error goto 0

this mean there is an error hiding somewhere?
0
 

Author Comment

by:dgore1
ID: 24105873
ya know, sometimes I should just wait until I've tested after removing a few lines...sigh...

I put back in On error and the script runs fine....

when I put back in On error goto 0 it once again hangs but only on the last cell in the worksheet...so I'm guessing something is up with the goto 0?

thanks,
dale
0
 

Author Comment

by:dgore1
ID: 24108787
We have found the problem!! It is not program related but actually AD related...here's the skinny....

we put your code in which helped us track down the error number by adding this line of code:

MsgBox "Error removing " & objUser.AdsPath & " Error Number = " & Err.Number ...this produced the decimal error number -2147023519 which converted to HEX FFFFFFFF80070561 which was further translated by the Win32API errors to

&H80070561      The specified account name is not a member of the local group.

Searching on the internet found this little knowledge base article:

http://support.microsoft.com/kb/835744

which indicates you need to apply a hot fix to the computers themselves.  But we dug a little deeper to find that the big reason is proabably the SID associated to the account.  All the accounts we are having problems removing show up as if they are still in their old NT domain....if we manually remove those accounts, then re-add them, the script works perfectly as designed!!

So to solve the problem, we have to either remove every single account that has this problem, or run something like NEWSID from sysinternals, or live with the user in the group!!!

We would have never found this without your code and others...so I'm going to split the points as indicated above and thanks for all the help as usual!!! Great job!!

thanks,
dale


0
 

Author Closing Comment

by:dgore1
ID: 31564387
Another great job that allowed the solution to be found!! Thanks!
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 24108961
Good detective work.
Nice job, as always, Rob! :^)
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 24112712
Oh nice!  That's a good find!  I hate old accounts like that....can get very messy!  Good work though!

Regards,

Rob.
0
 

Author Comment

by:dgore1
ID: 24114212
Spent hours on that little gem....but without both of your skill set, I would have never been able to find it!!!

thanks again for all the help!!!
dale
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This is about my first experience with programming Arduino.
When you see single cell contains number and text, and you have to get any date out of it seems like cracking our heads.
Show developers how to use a criteria form to limit the data that appears on an Access report. It is a common requirement that users can specify the criteria for a report at runtime. The easiest way to accomplish this is using a criteria form that a…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question