Solved

VB Script to remove all users from the local administrators group

Posted on 2009-03-30
44
1,958 Views
Last Modified: 2012-05-06
I have a script that works pefectly for cleaning up all users on remote PC's located in the local administrators group.  At least on all the test PC's(which are in the domain).  When I run the script on non test PC's, it seems to clean some and skip others.  There seems to be no rhyme or reason that I can see.  I have tested with users logged on, not logged on, no rights, power user rights, admin rights..no difference.

So, just curious if anyone has run into this problem before.  The current code is shown here that does the clean:


For Each objUser In objGroup.Members
                            Select Case objUser.Name
                                Case "Administrator" strAction = "Nothing"
                                Case "Domain Admins" strAction = "Nothing"
                                Case "RegionAAdmins" strAction = "Nothing"
                                Case "RegionBAdmins" strAction = "Nothing"    
                                Case "RegionCAdmins" strAction = "Nothing"
                                Case "RegionDAdmins" strAction = "Nothing"
                                Case Else objGroup.Remove(objUser.AdsPath)
                            End Select

I have even changed the last line from Remove(objUser.AdsPath) to Delete...no change.

Any suggestions would be greatly appreciated!!
Dale
0
Comment
Question by:dgore1
  • 24
  • 11
  • 7
44 Comments
 
LVL 67

Expert Comment

by:sirbounty
ID: 24020285
Do you have the line
On Error Resume Next
in your script?
You  may be masking some error that would help troubleshoot the problem, if so...
0
 

Author Comment

by:dgore1
ID: 24024151
Yes, I sure do near the top...I'll remove that and see if any errors happen...if you need, I can post the entire script as well...
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 24024157
If the problem persists, then it may be necessary...mask any sensitive data first.
0
 

Author Comment

by:dgore1
ID: 24024182
will do!!!
0
 

Author Comment

by:dgore1
ID: 24027792
I tested the script, which is actually a ported VB script into a .HTA....and removed each of the 4 on error statements by running 1 at a time and seeing if any errors happened....the only error that happened was when the excel report was printed and here is the error:

Line: 296
column: 5
Error: Object doesn't support this property or method: 'objExcel.Selection.Merge'
Code: 800A01B6
Source: Microsoft VBScript runtime error.

The program still produces the desired result and does the report....weird...so attaching the .hta code with info removed to protect the innocent...I hope...

thanks,
dale

<head>

<title>XXXXXXXXXXXXXXXXXXXX</title>

<hta:application 

     applicationname="Standardize Local Groups"

     scroll="no"

     singleinstance="yes"

     windowstate="normal"

>

<style type="text/css">
 

body {

 background-color: buttonface;

 color: #000000;

 font-family = arial;

 font-size: 10pt;

 margin-top: 0px;

 margin-left: 0px;

 margin-right: 0px;

 margin-bottom: 0px;

}

h1 {

 text-align: right;

 font-family = arial;

 font-size = 20pt;

 color: red;

}

p {

 font-family: arial;

 color: #000000;

}

.title {

 font-family: arial;

 color: red;

}

.small {

 font-size: 10pt;

}

.contact {

 font-family: tahoma;

 font-size: 10pt;

 color: #000000;

}

.notes {

 font-family: arial;

 font-size: 10pt;

 color: red;

}

.button {

 font-family: arial;

 font-size: 8pt;

}

.version {

 font-family: arial;

 font-size: 7pt;

}

a:link {

 color: #000000;

 font-size: 10pt;

 font-family: arial;

}

a:visited {

 color:#000000;

}

</style>

<html>

</head>
 

<script language="VBScript">
 

Const FOR_READING = 1

Const FOR_WRITING = 2

Const HKEY_LOCAL_MACHINE = &H80000002

Const OverwriteExisting = TRUE

Const ADS_SCOPE_SUBTREE = 2

Const ADS_SCOPE_ONELEVEL = 1

Const xlAscending = 1

Const xlDescending = 2

Const xlYes = 1

Const xlNo = 2
 

Dim intLeft

Dim intTop

Dim strOU

Dim strFacID

Dim strInputFile

Dim strOutputFile

Dim strComputer

Dim strHost

Dim strBusyFile

Dim strOS

Dim blnFAST

Dim dtmDate

Dim objExplorer

Dim objFS

Dim objTS
 

'On Error Resume Next
 

strHost = "."
 

dtmDate = DatePart("m", Now) & DatePart("d", Now) & DatePart("yyyy", Now)
 

Set objFS = CreateObject("Scripting.FileSystemObject")
 

'****************************************************************************

Sub Window_Onload       'Show HTA splash screen and center GUI on screen.
 

    iTimerID = window.setInterval("ShowSplash", 2500)

    window.resizeTo 580,680

    'Set objWMIService = GetObject("winmgmts:\\" & strHost & "\root\cimv2")

    'Set colItems = objWMIService.ExecQuery("Select * From Win32_DisplayConfiguration")

    'For Each objItem in colItems

    '    intHorizontal = objItem.PelsWidth

    '    intVertical = objItem.PelsHeight

    'Next

    'intLeft = (intHorizontal - 580) / 2

    'intTop = (intVertical - 630) / 2

    'window.moveTo intLeft, intTop
 

End Sub

'****************************************************************************

Sub ShowSplash      'Splash screen properties.
 

    Splash.Style.Display = "None"

    Main.Style.Display = "Inline"

    

End Sub

'****************************************************************************

Sub Reset       'Reset button action.
 

    Location.Reload(True)

    

End Sub

'****************************************************************************

Sub Busy        'Create "Please Wait..." HTML file.
 

    strBusyFile = "C:\Windows\Temp\busy.htm"

    Set objTS = objFS.CreateTextFile(strBusyFile)

    objTS.WriteLine "<html>"

    objTS.WriteLine "<head>"

    objTS.WriteLine "<style>"

    objTS.WriteLine "body"

    objTS.WriteLine "{"

    objTS.WriteLine "   background-color:lightblue;"

    objTS.WriteLine "}"

    objTS.WriteLine "</style>"

    objTS.WriteLine "<title>Please Wait...</title>"

    objTS.WriteLine "</head>"

    objTS.WriteLine "<body>"

    objTS.WriteLine "<p align='center'><b>Please Wait while the Report is generated...</b></p>"

    objTS.WriteLine "</body>"

    objTS.WriteLine "</html>"

    objTS.Close

    

End Sub

'****************************************************************************

Sub Busy2       'Display the busy HTML file.
 

    Set objExplorer = CreateObject("InternetExplorer.Application")

    objExplorer.Navigate "file:///C:\Windows\Temp\busy.htm"   

    objExplorer.ToolBar = 0

    objExplorer.StatusBar = 0

    objExplorer.Width = 400

    objExplorer.Height = 100 

    objExplorer.Left = 0

    objExplorer.Top = 0
 

    Do While (objExplorer.Busy)

        Wscript.Sleep 200

    Loop 
 

    objExplorer.Visible = 1

    

End Sub

'****************************************************************************

Sub BusyClose       'Close the busy HTML file.
 

    objExplorer.Quit

    

End Sub

'****************************************************************************

Sub GetOU       'Get the Organizational Unit selection and Facility ID Code.
 

    'On Error Resume Next
 

    Busy
 

    For Each objButton in RadioOption

  	    If objButton.Checked Then

       	    strOU =  objButton.Value

   	    End If

    Next

    If strOU = "" Then

	    Msgbox "You did NOT select an Organizational Unit."

	    Exit Sub

    End If
 

    strFacID = Ucase(FacID.Value)

    If strFacID = "" Then

        Msgbox "You did NOT enter a Facility ID."

        Exit Sub

    End If
 

    GetADComputers

    GenerateReport

    

End Sub
 

'****************************************************************************

Sub GetADComputers      'Generate the list of computer names.
 

   'On Error Resume Next
 

    Set objConnection = CreateObject("ADODB.Connection")

    Set objCommand =   CreateObject("ADODB.Command")

    objConnection.Provider = "ADsDSOObject"

    objConnection.Open "Active Directory Provider"

    Set objCommand.ActiveConnection = objConnection

    objCommand.Properties("Page Size") = 1000
 

    Busy2
 

    strInputFile = "C:\Windows\Temp\" & strFacID & "_computers.txt"

    If objFS.FileExists(strInputFile) Then

        objFS.DeleteFile(strInputFile)

    End IF
 

    Set objTS = objFS.CreateTextFile(strInputFile)

    objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 

    objCommand.CommandText = _

     "SELECT Name FROM 'LDAP://ou=workstations,ou=" & strOU & ",dc=dc,dc=state,dc=fl,dc=us' WHERE objectClass='computer' AND Name = '*" & _

     strFacID & "*' ORDER BY Name"

    Set objRecordSet = objCommand.Execute

    objRecordSet.MoveFirst

    Do Until objRecordSet.EOF  

        strComputerName = objRecordSet.Fields("Name").Value

        If Mid(strComputerName, 3, 3) = strFacID Then

            objTS.WriteLine strComputerName

        ElseIf Mid(strComputerName, 3, 2) = strFacID Then

            objTS.WriteLine strComputerName

        ElseIf Mid(strComputerName, 5, 3) = strFacID Then

            objTS.WriteLine strComputerName

        End If

        objRecordSet.MoveNext

    Loop

    objTS.Close
 

    Set objFSO = CreateObject("Scripting.FileSystemObject")

    Set objFile = objFSO.OpenTextFile(strInputFile, FOR_READING)

    strFile = objFile.ReadAll

    objFile.Close
 

    intLength = Len(strFile)

    strEnd = Right(strFile, 2)

    If strEnd = vbCrLf Then

        strFile = Left(strFile, intLength - 2)

        Set objFile = objFSO.OpenTextFile(strInputFile, FOR_WRITING)

        objFile.Write strFile

        objFile.Close

    End If

    

End Sub

'****************************************************************************

Sub GenerateReport        'Generate the final report in Excel format.
 

'	On Error Resume Next
 

    If objFS.FileExists(strInputFile) Then

        Set objTextStream = objFS.OpenTextFile(strInputFile, FOR_READING)

    Else

        Msgbox "Input text file " & strInputFile & " not found."

        Exit Sub

    End If
 

    If objTextStream.AtEndOfStream Then

        Msgbox "Input text file " & strInputFile & " is empty." & vbCrLf & vbCrLf & "Please check the Facility ID."

        Exit Sub

    End If
 

    arrComputers = Split(objTextStream.ReadAll, vbCrLf)

    objTextStream.Close
 

    Set objExcel = CreateObject("Excel.Application")

    objExcel.Visible = True

    Set objWorkbook = objExcel.Workbooks.Add(1)

    objExcel.DisplayAlerts = False
 

    Set objWorksheet = objExcel.Worksheets(1)

    objWorksheet.Activate

    objWorksheet.Name = strFacID

    objExcel.DisplayAlerts = False
 

    objExcel.Cells(1, 1).Value = strFacID & " Standardize Local Groups on " & Now

    objExcel.Cells(1, 1).Font.Size = 14

    objExcel.Cells(1, 1).Font.Bold = True

    objExcel.Range("A1:E1").Select

    objExcel.Selection.Merge = True

    objExcel.Selection.HorizontalAlignment = -4108
 

    objExcel.Cells(3, 1).Value = "Red  = NO PING"

    objExcel.Cells(3, 1).Interior.ColorIndex = 3

    objExcel.Cells(3, 2).Value = "Yellow = ATTENTION"

    objExcel.Cells(3, 2).Interior.ColorIndex = 6

    objExcel.Cells(3, 3).Value = "Green = NO CHANGE"

    objExcel.Cells(3, 3).Interior.ColorIndex = 35
 

    objExcel.Cells(5, 1).Value = "Computer Name"

    objExcel.Cells(5, 2).Value = "Cleaned Power Users"

    objExcel.Cells(5, 3).Value = "Standardized Power Users"

    objExcel.Cells(5, 4).Value = "Cleaned Administrators"

    objExcel.Cells(5, 5).Value = "Standardized Administrators"
 

    objExcel.Range("A3:C3, A5:E5").Select

    objExcel.Selection.Font.Bold = True

    objExcel.Cells.EntireColumn.AutoFit

    objWorksheet.Range("A3:C3, A5:E5").Borders.LineStyle = 1

    objWorksheet.Range("A3:C3, A5:E5").Borders.Color = RGB(0, 0, 0)

    objWorksheet.Range("A3:C3, A5:E5").Borders.Weight = 2

    objExcel.Range("A1:E1").Select
 

    intRow = 4
 

    For Each strComputer in arrComputers

        Set objWMIService = GetObject("winmgmts:")

    Next
 

    For i = 0 to Ubound(arrComputers)
 

        strComputer = arrComputers(i)

        blnFAST = False

        Set objWMIService = GetObject("winmgmts:\\" & strHost & "\root\cimv2")

        Set colStatus = objWMIService.ExecQuery("Select * From Win32_PingStatus Where Address = '" & arrComputers(i) & "'")

        For Each objStatus in colStatus

	        intRow = intRow + 1

            If IsNull(objStatus.StatusCode) or objStatus.StatusCode<>0 Then

	    	    objExcel.Cells(intRow + 1, 1).Value = strComputer

	    	    objExcel.Cells(intRow + 1, 1).Interior.ColorIndex = 3

	    	    objExcel.Cells(intRow + 1, 2).Value = ""

	    	    objExcel.Cells(intRow + 1, 2).Interior.ColorIndex = 3

	    	    objExcel.Cells(intRow + 1, 3).Value = ""

	    	    objExcel.Cells(intRow + 1, 3).Interior.ColorIndex = 3

	    	    objExcel.Cells(intRow + 1, 4).Value = ""

	    	    objExcel.Cells(intRow + 1, 4).Interior.ColorIndex = 3

	    	    objExcel.Cells(intRow + 1, 5).Value = ""

	    	    objExcel.Cells(intRow + 1, 5).Interior.ColorIndex = 3

            Else

	            Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

	            Set colItems = objWMIService.ExecQuery("Select * from Win32_OperatingSystem",,48)

	            For Each objItem in colItems

		            strOS = objItem.Caption

 	            Next

	            If strOS = "Microsoft Windows XP Professional" Then
 

                    'Check for FAST/IDB

	                blnFAST = False

                    Set colFiles = objWMIService.ExecQuery("Select * From CIM_Datafile Where Name = 'C:\\FAST\\FAST.exe'")

                    If colFiles.Count > 0 Then    

                        blnFAST = TRUE

                    End If

                    Set colFiles2 = objWMIService.ExecQuery("Select * From CIM_Datafile Where Name = 'C:\\Photoid32\\STATISTICARD32.exe'")

                    If colFiles2.Count > 0 Then    

                        blnFAST = TRUE

                    End If

                    

                    Err.Clear 'Clean Power Users Group

                    Set objGroup = GetObject("WinNT://" & strComputer & "/Power Users")

                    For Each objUser In objGroup.Members

                        'If objUser.Name <> "Domain Users" Then

                            objGroup.Remove(objUser.AdsPath)

                        'End If

                    Next

                    If Err.Number = &H80070562 Then

                        objExcel.Cells(intRow + 1, 1).Value = strComputer

                        objExcel.Cells(intRow + 1, 2).Value = "NO CHANGE"

                	    objExcel.Cells(intRow + 1, 2).Interior.ColorIndex = 35

                    Elseif Err.Number <> 0 Then

                        objExcel.Cells(intRow + 1, 1).Value = strComputer

                        objExcel.Cells(intRow + 1, 2).Value = "NO"

                	    objExcel.Cells(intRow + 1, 2).Interior.ColorIndex = 6

                    Else    

                        objExcel.Cells(intRow + 1, 1).Value = strComputer

                        objExcel.Cells(intRow + 1, 2).Value = "YES"

                    End If 
 

                    Err.Clear 'Add Domain Users to Power Users Group

                    Set myGroup = GetObject("WinNT://" & strComputer & "/Power Users,group")

                    'Set myUser = GetObject("WinNT://Central_Office/Domain Users,group")

                    'Set myUser =  GetObject("WinNT://" & strComputer & "WinNT://NT AUTHORITY/INTERACTIVE,group")

                    myGroup.Add("WinNT://NT AUTHORITY/INTERACTIVE")

                    'myGroup.Add(myUser.ADsPath)    

                    If Err.Number = &H80070562 Then

                        objExcel.Cells(intRow + 1, 3).Value = "NO CHANGE"

                	    objExcel.Cells(intRow + 1, 3).Interior.ColorIndex = 35

                    Elseif Err.Number <> 0 Then

                        objExcel.Cells(intRow + 1, 3).Value = "NO"

                	    objExcel.Cells(intRow + 1, 3).Interior.ColorIndex = 6

                    Else    

                        objExcel.Cells(intRow + 1, 3).Value = "YES"

                    End If
 

                    Set myGroup = Nothing

                    Set myUser = Nothing 
 

                    Err.Clear 'Clean Administrators Group

                    If blnFAST = TRUE Then

                        objExcel.Cells(intRow + 1, 4).Value = "FAST or IDB Workstation"

                	    objExcel.Cells(intRow + 1, 4).Interior.ColorIndex = 6

                    Else

                        Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")

                        For Each objUser In objGroup.Members

                            Select Case objUser.Name

                                Case "Administrator" strAction = "Nothing"

                                Case "Domain Admins" strAction = "Nothing"

                                Case "RegionAAdmins" strAction = "Nothing"

                                Case "RegionBAdmins" strAction = "Nothing"    

                                Case "RegionCAdmins" strAction = "Nothing"

                                Case "RegionDAdmins" strAction = "Nothing"

                                Case Else objGroup.Remove(objUser.AdsPath)

                            End Select

                            

                            'If objUser.Name <> "Administrator" AND objUser.Name <> "Domain Admins" Then

                            '    objGroup.Remove(objUser.AdsPath)

                            'End If

                        Next    

                        If Err.Number = &H80070562 Then

                            objExcel.Cells(intRow + 1, 4).Value = "NO CHANGE"

                	        objExcel.Cells(intRow + 1, 4).Interior.ColorIndex = 35

                        Elseif Err.Number <> 0 Then

                            objExcel.Cells(intRow + 1, 4).Value = "NO"

                	        objExcel.Cells(intRow + 1, 4).Interior.ColorIndex = 6

                        Else    

                            objExcel.Cells(intRow + 1, 4).Value = "YES"

                        End If 

                    End If
 

                    Err.Clear 'Standardize Administrators Group

                    Set myGroup = GetObject("WinNT://" & strComputer & "/Administrators,group")

                    Set myUser = GetObject("WinNT://Central_Office/Region1Admins,group")

                    myGroup.Add(myUser.ADsPath)

                    Set myUser1 = GetObject("WinNT://Central_Office/Domain Admins,group")

                    myGroup.Add(myUser1.ADsPath)

                    Set myUser2 = GetObject("WinNT://Central_Office/Region2Admins,group")

                    myGroup.Add(myUser2.ADsPath)

                    Set myUser3 = GetObject("WinNT://Central_Office/Region3Admins,group")

                    myGroup.Add(myUser3.ADsPath)

                    Set myUser4 = GetObject("WinNT://Central_Office/Region4Admins,group")

                    myGroup.Add(myUser4.ADsPath)

                    If Err.Number = &H80070562 Then

                        objExcel.Cells(intRow + 1, 5).Value = "NO CHANGE"

                	    objExcel.Cells(intRow + 1, 5).Interior.ColorIndex = 35

                    Elseif Err.Number <> 0 Then

                        objExcel.Cells(intRow + 1, 5).Value = "NO"

                	    objExcel.Cells(intRow + 1, 5).Interior.ColorIndex = 6

                    Else    

                        objExcel.Cells(intRow + 1, 5).Value = "YES"

                    End If
 

                    Set myGroup = Nothing

                    Set myUser = Nothing    

                    Set myUser1 = Nothing

                    Set myUser2 = Nothing  

                    Set myUser3 = Nothing  

                    Set myUser4 = Nothing  
 

                    Err.Clear 

                End If

            End If

        Next

        Err.Clear

    Next
 

    BusyClose

    objExplorer.Quit
 

    objExcel.Range("A3:C3, A5:E5").Select

    objExcel.Cells.EntireColumn.AutoFit

    objExcel.Range("A1:E1").Select
 

    objWorkbook.SaveAs "C:\Windows\Temp\Standardize_Local_Groups_" & strFacID & "_" & dtmDate & ".xls"
 

    Set objWorksheet = objExcel.Worksheets(1)

    objWorksheet.Activate
 

    If objFS.FileExists(strBusyFile) Then

        objFS.DeleteFile(strBusyFile)

    End IF

    

End Sub

'*****************************************************************************

</script>       <!--HTML code for the GUI -->
 

<body>

<DIV id="Splash" STYLE="Height:200;Width:400;Border:0.1mm solid black;

position:relative;top:100;left:110;font:14pt arial;

 filter:progid:DXImageTransform.Microsoft.Gradient

(GradientType=0, StartColorStr='orange', EndColorStr='white') '(GradientType=0, StartColorStr='#4169E1', EndColorStr='#F0F8FF')

progid:DXImageTransform.Microsoft.dropshadow(OffX=10, OffY=10, Color='gray', Positive='true')">
 

<CENTER>

<br>

<br>

Standardize Local Groups HTA<br>

<img src="http://internalweb/apps/graphics/graphics/state-of-somewhere_shinygold.gif"border="0" width="350"><br></span><br><br></b>

<font size="3">Office of Information Technology<br></font>

<br>

<font size="1">Created by: Nobody, modified by Nobody2, Some Department.</font>

</CENTER>

</DIV>

<DIV id='MAIN' STYLE="display:none;position:absolute">

<br>

<h1>Technology Services &nbsp;</h1>

<br>

<p align="center"><b>Standardize Local Groups</b>

<hr>

<p align="center"><b>AD Organizational Unit:</b><br>

<input type="radio" name="RadioOption" value="CentralHome" title="Click to select the Central_Home ou."> Central_Home

<input type="radio" name="RadioOption" value="RegionA" title="Click to select the Region1 ou."> RegionA

<input type="radio" name="RadioOption" value="RegionB" title="Click to select the Region2 ou."> RegionB

<input type="radio" name="RadioOption" value="RegionC" title="Click to select the Region3 ou."> RegionC

<input type="radio" name="RadioOption" value="RegionD" title="Click to select the Region4 ou."> RegionD<br>

<br>

<b>Facility ID:</b><br>

<input type="text" name="FacID" size="3" maxlength="3" title="Enter a Facility Code here."><br>

<br>

<button class="button" onClick="GetOU" accessKey="g" title="Click to standardize the local groups on workstations.">Standardize <u>G</u>roups</button><br>

<button class="button" onClick="reset" accessKey="r" title="Click to clear the form."><u>R</u>eset Form </button></p>

<hr>

&nbsp;<b>Instructions:</b><br>

&nbsp;<b>1.</b>&nbsp;Select the radio button for your AD Organizational Unit.<br>

&nbsp;<b>1.</b>&nbsp;Enter the TWO or THREE digit Facility Code.  i.e. CO or SC3 or 564 .<br>

&nbsp;<b>3.</b>&nbsp;Click the 'Standardize Groups' button to execute.<br>

&nbsp;<b>4.</b>&nbsp;An Excel report will automatically display on screen While the script runs.<br>

&nbsp;<b>5.</b>&nbsp;A copy of the report file (.xls) is saved in <b>C:\Windows\Temp</b>.<br>

<p class="notes">&nbsp;This utility will standardize both the local Administrators and Power Users groups<br>

&nbsp;on workstations that are online.  FAST and IDB workstations are <u>NOT</u> modified.<br>

&nbsp;Administrators is standardized to Domain Admins and all of the OU Admin groups.<br>

&nbsp;Power Users is standardized to Domain Users.<br>

<br>

&nbsp;For best performance, run from a Windows XP workstation.</p>

<p class="contact">&nbsp;If you have any questions, email <a href="mailto:person.test@somewhere.net" title="Send an email to the author.">person.test@somewhere.net</a>&nbsp;or&nbsp;<a href="mailto:person2.test@somewhere.net" title="Send an email to the author.">person2.test@somewhere.net</a>.</p>

<p align="right" class="version"><b>Version:3.2</b>&nbsp;</p>

</DIV>

</body>

</html>

Open in new window

0
 
LVL 67

Expert Comment

by:sirbounty
ID: 24028384
I'm just digesting HTAs myself, and I'm afraid my Excel coding is a bit rusty.
However, looking at your code, I would replace the for/next block with this one (for starters - haven't looked at the entire code yet).
You're doing nothing with strAction, so I removed that altogether.
Technically with only '2' conditions, this could easily be converted to an if statement as well - either way it gets a bit lengthy, but you could eliminate the later 4 by doing something like:

If objUser.Name = "Administrator" Or Right(objUser.Name, 6) = "Admins" Then
 'Do nothing
Else
  objGroup.Remove(objUser.ADsPath)
End If


                        For Each objUser In objGroup.Members

                            Select Case objUser.Name

                                Case "Administrator", "Domain Admins", "RegionAAdmins", "RegionBAdmins", "RegionCAdmins", "RegionDAdmins"
 

                                     'Do nothing

                                Case Else

                                     wscript.echo "Removing " & objUser.ADsPath

                                     objGroup.Remove(objUser.AdsPath)

                            End Select

                        Next    

Open in new window

0
 

Author Comment

by:dgore1
ID: 24029318
I couldn't figure out how to make the computer Do nothing, thus the strAction....I first changed the code to this:

 Err.Clear 'Clean Administrators Group
                    If blnFAST = TRUE Then
                        objExcel.Cells(intRow + 1, 4).Value = "FAST or IDB Workstation"
                          objExcel.Cells(intRow + 1, 4).Interior.ColorIndex = 6
                    Else
Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")
                        If objUser.Name = "Administrator" Or Right(objUser.Name, 6) = "Admins"
                        Then strAction = "Nothing"
       Else
        objGroup.Remove(objUser.ADsPath)
      End If

But that gets me an error after the first Else, saying expected Then statement is required.  Got no clue why either.  Looks like it should work...

Also, what other command would I use to set Do nothing with?
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 24029537
I'm not sure what you're trying to accomplish there - but you can only have one 'else'.  Use ElseIf instead:

If condition Then
 do command
elseif condition2 else then
 do command2
else
 do catchall command
End if

As for what to do to do 'nothing' - no need - just comment it out:
If condition Then
 'You can place a comment here indicating that you're doing nothing
Else
 'what to do if condition is not met
 do command
End if

In these cases, my preference is to do the opposite and eliminate the need (if you know what you're testing for):
If NOT condition Then
 do command
End If

I'll look through the full code again and see if I can spot anything else...
0
 

Author Comment

by:dgore1
ID: 24029764
OK, I understand about the do nothing now....here was the old code:

If blnFAST = TRUE Then
                        objExcel.Cells(intRow + 1, 4).Value = "FAST or IDB Workstation"
                          objExcel.Cells(intRow + 1, 4).Interior.ColorIndex = 6
                    Else
                        Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")
                        For Each objUser In objGroup.Members
                            Select Case objUser.Name
                                Case "Administrator" strAction = "Nothing"
                                Case "Domain Admins" strAction = "Nothing"
                                Case "RegionAAdmins" strAction = "Nothing"
                                Case "RegionBAdmins" strAction = "Nothing"    
                                Case "RegionCAdmins" strAction = "Nothing"
                                Case "RegionDAdmins" strAction = "Nothing"
                                Case Else objGroup.Remove(objUser.AdsPath)
                            End Select

When I replace it with this:

           If blnFAST = TRUE Then
                        objExcel.Cells(intRow + 1, 4).Value = "FAST or IDB Workstation"
                          objExcel.Cells(intRow + 1, 4).Interior.ColorIndex = 6
                    Else
Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")
                        If objUser.Name = "Administrator" Or Right(objUser.Name, 6) = "Admins"
                        Then strAction = "Nothing"
       Else
        objGroup.Remove(objUser.ADsPath)
      End If

The error happens below on line 4..indicating expected Then needed...which I don't see why...
                    If blnFAST = TRUE Then

                        objExcel.Cells(intRow + 1, 4).Value = "FAST or IDB Workstation"

                          objExcel.Cells(intRow + 1, 4).Interior.ColorIndex = 6

                    Else

Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")

                        If objUser.Name = "Administrator" Or Right(objUser.Name, 6) = "Admins" 

                        Then strAction = "Nothing"

       Else

        objGroup.Remove(objUser.ADsPath)

      End If

Open in new window

0
 
LVL 67

Expert Comment

by:sirbounty
ID: 24030053
This block:
                  If blnFAST = TRUE Then
                        objExcel.Cells(intRow + 1, 4).Value = "FAST or IDB Workstation"
                          objExcel.Cells(intRow + 1, 4).Interior.ColorIndex = 6
                    Else
Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")
                        If objUser.Name = "Administrator" Or Right(objUser.Name, 6) = "Admins"
                        Then strAction = "Nothing"
       Else
        objGroup.Remove(objUser.ADsPath)
      End If

should be written as:
                    If blnFAST = TRUE Then

                        objExcel.Cells(intRow + 1, 4).Value = "FAST or IDB Workstation"

                        objExcel.Cells(intRow + 1, 4).Interior.ColorIndex = 6

                    Else

                        Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")

                        If objUser.Name = "Administrator" Or Right(objUser.Name, 6) = "Admins" Then 

                           strAction = "Nothing"

                        Else

                           objGroup.Remove(objUser.ADsPath)

                        End If

                   End If

Open in new window

0
 
LVL 67

Expert Comment

by:sirbounty
ID: 24030199
Just looked at this sub - I didn't want to do too much reformatting until you understood the changes...try using this sub - read through the commenting that I've made...
Sub GenerateReport        'Generate the final report in Excel format.

    If objFS.FileExists(strInputFile) Then

        Set objTextStream = objFS.OpenTextFile(strInputFile, FOR_READING)

    Else

        Msgbox "Input text file " & strInputFile & " not found."

        Exit Sub

    End If

 

    If objTextStream.AtEndOfStream Then

        Msgbox "Input text file " & strInputFile & " is empty." & vbCrLf & vbCrLf & "Please check the Facility ID."

        Exit Sub

    End If

 

    arrComputers = Split(objTextStream.ReadAll, vbCrLf)

    objTextStream.Close

 

    Set objExcel = CreateObject("Excel.Application")

    objExcel.Visible = True

    Set objWorkbook = objExcel.Workbooks.Add(1)

    objExcel.DisplayAlerts = False

 

    Set objWorksheet = objExcel.Worksheets(1)

    objWorksheet.Activate

    objWorksheet.Name = strFacID

    objExcel.DisplayAlerts = False

 

    objExcel.Cells(1, 1).Value = strFacID & " Standardize Local Groups on " & Now

    objExcel.Cells(1, 1).Font.Size = 14

    objExcel.Cells(1, 1).Font.Bold = True

    objExcel.Range("A1:E1").Select

    objExcel.Selection.Merge = True

    objExcel.Selection.HorizontalAlignment = -4108

 

    objExcel.Cells(3, 1).Value = "Red  = NO PING"

    objExcel.Cells(3, 1).Interior.ColorIndex = 3

    objExcel.Cells(3, 2).Value = "Yellow = ATTENTION"

    objExcel.Cells(3, 2).Interior.ColorIndex = 6

    objExcel.Cells(3, 3).Value = "Green = NO CHANGE"

    objExcel.Cells(3, 3).Interior.ColorIndex = 35

 

    objExcel.Cells(5, 1).Value = "Computer Name"

    objExcel.Cells(5, 2).Value = "Cleaned Power Users"

    objExcel.Cells(5, 3).Value = "Standardized Power Users"

    objExcel.Cells(5, 4).Value = "Cleaned Administrators"

    objExcel.Cells(5, 5).Value = "Standardized Administrators"

 

    objExcel.Range("A3:C3, A5:E5").Select

    objExcel.Selection.Font.Bold = True

    objExcel.Cells.EntireColumn.AutoFit

    objWorksheet.Range("A3:C3, A5:E5").Borders.LineStyle = 1

    objWorksheet.Range("A3:C3, A5:E5").Borders.Color = RGB(0, 0, 0)

    objWorksheet.Range("A3:C3, A5:E5").Borders.Weight = 2

    objExcel.Range("A1:E1").Select

 

    intRow = 4

 

'This can be removed - what does it do?

'    For Each strComputer in arrComputers

'        Set objWMIService = GetObject("winmgmts:")

'    Next

 

'Try without a counter:    For i = 0 to Ubound(arrComputers)

  For Each strComputer in arrComputers

'        strComputer = arrComputers(i)

        blnFAST = False

'Updated strHost to be strComputer

        Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")

        Set colStatus = objWMIService.ExecQuery("Select * From Win32_PingStatus Where Address = '" & strComputer & "'")

        For Each objStatus in colStatus

            intRow = intRow + 1

            If IsNull(objStatus.StatusCode) or objStatus.StatusCode<>0 Then

	    	    objExcel.Cells(intRow + 1, 1).Value = strComputer

	    	    objExcel.Cells(intRow + 1, 1).Interior.ColorIndex = 3

	    	    objExcel.Cells(intRow + 1, 2).Value = ""

	    	    objExcel.Cells(intRow + 1, 2).Interior.ColorIndex = 3

	    	    objExcel.Cells(intRow + 1, 3).Value = ""

	    	    objExcel.Cells(intRow + 1, 3).Interior.ColorIndex = 3

	    	    objExcel.Cells(intRow + 1, 4).Value = ""

	    	    objExcel.Cells(intRow + 1, 4).Interior.ColorIndex = 3

	    	    objExcel.Cells(intRow + 1, 5).Value = ""

	    	    objExcel.Cells(intRow + 1, 5).Interior.ColorIndex = 3

            Else

'You already have this assignment - if impersonation is needed - use it in the assignment above: Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

	            Set colItems = objWMIService.ExecQuery("Select * from Win32_OperatingSystem",,48)

	            For Each objItem in colItems

		            strOS = objItem.Caption

 	            Next

	            If strOS = "Microsoft Windows XP Professional" Then

                                 'Check for FAST/IDB

                                 blnFAST = False

                                 Set colFiles = objWMIService.ExecQuery("Select * From CIM_Datafile Where Name = 'C:\\FAST\\FAST.exe'")

                                 If colFiles.Count > 0 Then blnFAST = TRUE

'reuse colFiles...no need for colFiles2

                                 Set colFiles = objWMIService.ExecQuery("Select * From CIM_Datafile Where Name = 'C:\\Photoid32\\STATISTICARD32.exe'")

                                 If colFiles2.Count > 0 Then blnFAST = TRUE

                 

                                 On Error Goto 0'Clean Power Users Group

                                 Set objGroup = GetObject("WinNT://" & strComputer & "/Power Users")

                                 For Each objUser In objGroup.Members

'Assume you're removing 'everyone' from Power Users?  Is this working?

                                     'If objUser.Name <> "Domain Users" Then

                                     objGroup.Remove(objUser.AdsPath)

                                    'End If

                                Next

                    If Err.Number = &H80070562 Then

                        objExcel.Cells(intRow + 1, 1).Value = strComputer

                        objExcel.Cells(intRow + 1, 2).Value = "NO CHANGE"

                	    objExcel.Cells(intRow + 1, 2).Interior.ColorIndex = 35

                    Elseif Err.Number <> 0 Then

                        objExcel.Cells(intRow + 1, 1).Value = strComputer

                        objExcel.Cells(intRow + 1, 2).Value = "NO"

                	    objExcel.Cells(intRow + 1, 2).Interior.ColorIndex = 6

                    Else    

                        objExcel.Cells(intRow + 1, 1).Value = strComputer

                        objExcel.Cells(intRow + 1, 2).Value = "YES"

                    End If 

 

                    On Error Resume Next 'Add Domain Users to Power Users Group

'You already have the objGroup assignment to the same group - this is redundant...simply exclude the accounts you want to leave in your condition above

                    Set myGroup = GetObject("WinNT://" & strComputer & "/Power Users,group")

                    'Set myUser = GetObject("WinNT://Central_Office/Domain Users,group")

                    'Set myUser =  GetObject("WinNT://" & strComputer & "WinNT://NT AUTHORITY/INTERACTIVE,group")

                    myGroup.Add("WinNT://NT AUTHORITY/INTERACTIVE")

                    'myGroup.Add(myUser.ADsPath)    

                    If Err.Number = &H80070562 Then

                        objExcel.Cells(intRow + 1, 3).Value = "NO CHANGE"

                	    objExcel.Cells(intRow + 1, 3).Interior.ColorIndex = 35

                    Elseif Err.Number <> 0 Then

                        objExcel.Cells(intRow + 1, 3).Value = "NO"

                	    objExcel.Cells(intRow + 1, 3).Interior.ColorIndex = 6

                    Else    

                        objExcel.Cells(intRow + 1, 3).Value = "YES"

                    End If

 

                    Set myGroup = Nothing

                    Set myUser = Nothing 

 

                    On Error Goto 0'Clean Administrators Group

                    If blnFAST = TRUE Then

                        objExcel.Cells(intRow + 1, 4).Value = "FAST or IDB Workstation"

                	    objExcel.Cells(intRow + 1, 4).Interior.ColorIndex = 6

                    Else

                        Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")

                        If uBound(objGroup.Members) > 0 Then

                            For Each objUser In objGroup.Members

                              If Instr(objUser.Name, "dmin") = 0 Then 'This excluds any user 'without' dmin in the name (aDMINistrator, domain aDMINs, region?aDMINs)

                                objGroup.Remove(objUser.AdsPath)

                              End If

                            Next    

                        If Err.Number = &H80070562 Then

                            objExcel.Cells(intRow + 1, 4).Value = "NO CHANGE"

                	        objExcel.Cells(intRow + 1, 4).Interior.ColorIndex = 35

                        Elseif Err.Number <> 0 Then

                            objExcel.Cells(intRow + 1, 4).Value = "NO"

                	        objExcel.Cells(intRow + 1, 4).Interior.ColorIndex = 6

                        Else    

                            objExcel.Cells(intRow + 1, 4).Value = "YES"

                        End If 

                    End If

 

                    Err.Clear 'Standardize Administrators Group

                    Set myGroup = GetObject("WinNT://" & strComputer & "/Administrators,group")

                    Set myUser = GetObject("WinNT://Central_Office/Region1Admins,group")

                    myGroup.Add(myUser.ADsPath)

                    Set myUser1 = GetObject("WinNT://Central_Office/Domain Admins,group")

                    myGroup.Add(myUser1.ADsPath)

                    Set myUser2 = GetObject("WinNT://Central_Office/Region2Admins,group")

                    myGroup.Add(myUser2.ADsPath)

                    Set myUser3 = GetObject("WinNT://Central_Office/Region3Admins,group")

                    myGroup.Add(myUser3.ADsPath)

                    Set myUser4 = GetObject("WinNT://Central_Office/Region4Admins,group")

                    myGroup.Add(myUser4.ADsPath)

                    If Err.Number = &H80070562 Then

                        objExcel.Cells(intRow + 1, 5).Value = "NO CHANGE"

                	    objExcel.Cells(intRow + 1, 5).Interior.ColorIndex = 35

                    Elseif Err.Number <> 0 Then

                        objExcel.Cells(intRow + 1, 5).Value = "NO"

                	    objExcel.Cells(intRow + 1, 5).Interior.ColorIndex = 6

                    Else    

                        objExcel.Cells(intRow + 1, 5).Value = "YES"

                    End If

 

                    Set myGroup = Nothing

                    Set myUser = Nothing    

                    Set myUser1 = Nothing

                    Set myUser2 = Nothing  

                    Set myUser3 = Nothing  

                    Set myUser4 = Nothing  

 

                    Err.Clear 

                End If

            End If

        Next

        Err.Clear

    Next

 

    BusyClose

    objExplorer.Quit

 

    objExcel.Range("A3:C3, A5:E5").Select

    objExcel.Cells.EntireColumn.AutoFit

    objExcel.Range("A1:E1").Select

 

    objWorkbook.SaveAs "C:\Windows\Temp\Standardize_Local_Groups_" & strFacID & "_" & dtmDate & ".xls"

 

    Set objWorksheet = objExcel.Worksheets(1)

    objWorksheet.Activate

 

    If objFS.FileExists(strBusyFile) Then

        objFS.DeleteFile(strBusyFile)

    End IF

    

End Sub

Open in new window

0
 

Author Comment

by:dgore1
ID: 24030272
oopss I see where I missed an end if statement...whew...testing now....

shucks same result...just makes no sense...it should remove everything from the local admins....got me stumped...
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 24030372
Something else you can try - to ensure that code block is working, is to strip that out alone and try that method - then simply plug it back in once it's working for you.
I'll be able to test something in a bit if you don't get a chance...
0
 

Author Comment

by:dgore1
ID: 24030539
my mistake....the code worked perfect!!!  but the result is still the same....certain users are not cleaned out of the local administrators group....

It gets about 85% of the computers....the other 15% nope....checked to make sure that all users are domain users and they are...plus even some of the users I created from scratch to exist only on the local machines and it even cleans those on 100% of the machines!!

this is a real stumper....
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 24030991
doesn't really sound like a code problem then - any similarities in the accounts that aren't removed?
0
 

Author Comment

by:dgore1
ID: 24031202
nope...none....we have looked for the following conditions:

logged on versus not logged on
local versus domain accounts
not local admins versus local admins

in all cases, even when we create the users that were having problems on one computer on our test computers, they work fine!!

Is there any other statement other than remove\delete to dump all from the local administrators group?
0
 
LVL 67

Assisted Solution

by:sirbounty
sirbounty earned 100 total points
ID: 24035589
I wonder if you tried a basic script against one of those that fails if it would work...

As for 'other' code - adapted from http://www.microsoft.com/technet/scriptcenter/resources/qanda/jan08/hey0102.mspx
Try this.
I'm not certain it works with the winnt provider though...




Const ADS_PROPERTY_DELETE = 4
 
 

Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")

For Each strUser in objGroup.Member 'This may need to be Members

    If InStr(lCase(strUser),"dmin") = 0 Then 

        objGroup.PutEx ADS_PROPERTY_DELETE, "member", Array(strUser) 

        objGroup.SetInfo 

    End If

Next

Open in new window

0
 

Author Comment

by:dgore1
ID: 24038227
Neat article and I changed the code in the script to do both member and members...Even on the test machine this will not remove anybody from the administrator group..

I wonder if the PutEX ADS_PROPERTY_DELETE only works with domain membership and not local administrator groups?  Or maybe not with the WINNT provider though...
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 24039223
Probably with the LDAP provider only...I didn't test it.
Hmm - you might click the request attention link above.  I know a couple of other experts that eat and breathe this stuff that could be notified...
0
 

Author Comment

by:dgore1
ID: 24039789
OK...but you sure but forth a great effort!!  So I will split the points with you and whoever else can assist!!

thanks,
dale
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 24055769
Hi there....the main issue here is that there may be WMI issues on the computers that aren't being modfifed.  I've ammended the GenerateReport sub to try to catch this scenario.

I've also changed your blnFAST identification from this

                          Set colFiles = objWMIService.ExecQuery("Select * From CIM_Datafile Where Name = 'C:\\FAST\\FAST.exe'")
                          If colFiles.Count > 0 Then    
                              blnFAST = True
                          End If
                          Set colFiles2 = objWMIService.ExecQuery("Select * From CIM_Datafile Where Name = 'C:\\Photoid32\\STATISTICARD32.exe'")
                          If colFiles2.Count > 0 Then    
                              blnFAST = True
                          End If


to this

                          If objFS.FileExists("\\" & strComputer & "\C$\FAST\FAST.exe") = True Then blnFAST = True
                          If objFS.FileExists("\\" & strComputer & "\C$\Photoid32\STATISTICCARD32.exe") = True Then blnFAST = True

because the FileExists method (for a single file) is much quicker than a CIM_DataFile query.

I am unable to test it though, because I don't want to change too much of it for my environment, then I might forget what I changed.....

I think I've fixed your Excel issue, by changing
objExcel.Selection.Merge = True

to
objExcel.Selection.MergeCells = True

Regards,

Rob.
Sub GenerateReport        'Generate the final report in Excel format.

 

'	On Error Resume Next

 	

    If objFS.FileExists(strInputFile) Then

        Set objTextStream = objFS.OpenTextFile(strInputFile, FOR_READING)

    Else

        Msgbox "Input text file " & strInputFile & " not found."

        Exit Sub

    End If

 

    If objTextStream.AtEndOfStream Then

        Msgbox "Input text file " & strInputFile & " is empty." & vbCrLf & vbCrLf & "Please check the Facility ID."

        Exit Sub

    End If

 

    arrComputers = Split(objTextStream.ReadAll, vbCrLf)

    objTextStream.Close

 

    Set objExcel = CreateObject("Excel.Application")

    objExcel.Visible = True

    Set objWorkbook = objExcel.Workbooks.Add(1)

    objExcel.DisplayAlerts = False

 

    Set objWorksheet = objExcel.Worksheets(1)

    objWorksheet.Activate

    objWorksheet.Name = strFacID

    objExcel.DisplayAlerts = False

 

    objExcel.Cells(1, 1).Value = strFacID & " Standardize Local Groups on " & Now

    objExcel.Cells(1, 1).Font.Size = 14

    objExcel.Cells(1, 1).Font.Bold = True

    objExcel.Range("A1:E1").Select

    objExcel.Selection.MergeCells = True

    objExcel.Selection.HorizontalAlignment = -4108

 

    objExcel.Cells(3, 1).Value = "Red  = NO PING"

    objExcel.Cells(3, 1).Interior.ColorIndex = 3

    objExcel.Cells(3, 2).Value = "Yellow = ATTENTION"

    objExcel.Cells(3, 2).Interior.ColorIndex = 6

    objExcel.Cells(3, 3).Value = "Green = NO CHANGE"

    objExcel.Cells(3, 3).Interior.ColorIndex = 35

 

    objExcel.Cells(5, 1).Value = "Computer Name"

    objExcel.Cells(5, 2).Value = "Cleaned Power Users"

    objExcel.Cells(5, 3).Value = "Standardized Power Users"

    objExcel.Cells(5, 4).Value = "Cleaned Administrators"

    objExcel.Cells(5, 5).Value = "Standardized Administrators"

 

    objExcel.Range("A3:C3, A5:E5").Select

    objExcel.Selection.Font.Bold = True

    objExcel.Cells.EntireColumn.AutoFit

    objWorksheet.Range("A3:C3, A5:E5").Borders.LineStyle = 1

    objWorksheet.Range("A3:C3, A5:E5").Borders.Color = RGB(0, 0, 0)

    objWorksheet.Range("A3:C3, A5:E5").Borders.Weight = 2

    objExcel.Range("A1:E1").Select

 

    intRow = 4

 

    'For Each strComputer in arrComputers

    '    Set objWMIService = GetObject("winmgmts:")

    'Next

 

    For i = 0 to Ubound(arrComputers)

 

        strComputer = arrComputers(i)

        blnFAST = False

        Set objWMIService = GetObject("winmgmts:\\" & strHost & "\root\cimv2")

        Set colStatus = objWMIService.ExecQuery("Select * From Win32_PingStatus Where Address = '" & arrComputers(i) & "'")

        For Each objStatus in colStatus

	        intRow = intRow + 1

            If IsNull(objStatus.StatusCode) or objStatus.StatusCode<>0 Then

	    	    objExcel.Cells(intRow + 1, 1).Value = strComputer

	    	    objExcel.Cells(intRow + 1, 1).Interior.ColorIndex = 3

	    	    objExcel.Cells(intRow + 1, 2).Value = ""

	    	    objExcel.Cells(intRow + 1, 2).Interior.ColorIndex = 3

	    	    objExcel.Cells(intRow + 1, 3).Value = ""

	    	    objExcel.Cells(intRow + 1, 3).Interior.ColorIndex = 3

	    	    objExcel.Cells(intRow + 1, 4).Value = ""

	    	    objExcel.Cells(intRow + 1, 4).Interior.ColorIndex = 3

	    	    objExcel.Cells(intRow + 1, 5).Value = ""

	    	    objExcel.Cells(intRow + 1, 5).Interior.ColorIndex = 3

            Else

            	Err.Clear

	            On Error Resume Next

	            Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

	            If Err.Number <> 0 Then

		    	    objExcel.Cells(intRow + 1, 1).Value = strComputer

		    	    objExcel.Cells(intRow + 1, 1).Interior.ColorIndex = 3

		    	    objExcel.Cells(intRow + 1, 2).Value = "WMI ERROR"

		    	    objExcel.Cells(intRow + 1, 2).Interior.ColorIndex = 3

		    	    objExcel.Cells(intRow + 1, 3).Value = "WMI ERROR"

		    	    objExcel.Cells(intRow + 1, 3).Interior.ColorIndex = 3

		    	    objExcel.Cells(intRow + 1, 4).Value = "WMI ERROR"

		    	    objExcel.Cells(intRow + 1, 4).Interior.ColorIndex = 3

		    	    objExcel.Cells(intRow + 1, 5).Value = "WMI ERROR"

		    	    objExcel.Cells(intRow + 1, 5).Interior.ColorIndex = 3

	            Else

	            	Err.Clear

	            	On Error GoTo 0

		            Set colItems = objWMIService.ExecQuery("Select * from Win32_OperatingSystem",,48)

		            For Each objItem in colItems

			            strOS = objItem.Caption

	 	            Next

		            If strOS = "Microsoft Windows XP Professional" Then

	 

	                    'Check for FAST/IDB

		                blnFAST = False

	                    If objFS.FileExists("\\" & strComputer & "\C$\FAST\FAST.exe") = True Then blnFAST = True

	                    If objFS.FileExists("\\" & strComputer & "\C$\Photoid32\STATISTICCARD32.exe") = True Then blnFAST = True

	                    'Set colFiles = objWMIService.ExecQuery("Select * From CIM_Datafile Where Name = 'C:\\FAST\\FAST.exe'")

	                    'If colFiles.Count > 0 Then    

	                    '    blnFAST = True

	                    'End If

	                    'Set colFiles2 = objWMIService.ExecQuery("Select * From CIM_Datafile Where Name = 'C:\\Photoid32\\STATISTICARD32.exe'")

	                    'If colFiles2.Count > 0 Then    

	                    '    blnFAST = True

	                    'End If

	                    

	                    Err.Clear 'Clean Power Users Group

	                    Set objGroup = GetObject("WinNT://" & strComputer & "/Power Users")

	                    For Each objUser In objGroup.Members

	                        'If objUser.Name <> "Domain Users" Then

	                            objGroup.Remove(objUser.AdsPath)

	                        'End If

	                    Next

	                    If Err.Number = &H80070562 Then

	                        objExcel.Cells(intRow + 1, 1).Value = strComputer

	                        objExcel.Cells(intRow + 1, 2).Value = "NO CHANGE"

	                	    objExcel.Cells(intRow + 1, 2).Interior.ColorIndex = 35

	                    Elseif Err.Number <> 0 Then

	                        objExcel.Cells(intRow + 1, 1).Value = strComputer

	                        objExcel.Cells(intRow + 1, 2).Value = "NO"

	                	    objExcel.Cells(intRow + 1, 2).Interior.ColorIndex = 6

	                    Else    

	                        objExcel.Cells(intRow + 1, 1).Value = strComputer

	                        objExcel.Cells(intRow + 1, 2).Value = "YES"

	                    End If 

	 

	                    Err.Clear 'Add Domain Users to Power Users Group

	                    Set myGroup = GetObject("WinNT://" & strComputer & "/Power Users,group")

	                    'Set myUser = GetObject("WinNT://Central_Office/Domain Users,group")

	                    'Set myUser =  GetObject("WinNT://" & strComputer & "WinNT://NT AUTHORITY/INTERACTIVE,group")

	                    myGroup.Add("WinNT://NT AUTHORITY/INTERACTIVE")

	                    'myGroup.Add(myUser.ADsPath)    

	                    If Err.Number = &H80070562 Then

	                        objExcel.Cells(intRow + 1, 3).Value = "NO CHANGE"

	                	    objExcel.Cells(intRow + 1, 3).Interior.ColorIndex = 35

	                    Elseif Err.Number <> 0 Then

	                        objExcel.Cells(intRow + 1, 3).Value = "NO"

	                	    objExcel.Cells(intRow + 1, 3).Interior.ColorIndex = 6

	                    Else    

	                        objExcel.Cells(intRow + 1, 3).Value = "YES"

	                    End If

	 

	                    Set myGroup = Nothing

	                    Set myUser = Nothing 

	 

	                    Err.Clear 'Clean Administrators Group

	                    If blnFAST = TRUE Then

	                        objExcel.Cells(intRow + 1, 4).Value = "FAST or IDB Workstation"

	                	    objExcel.Cells(intRow + 1, 4).Interior.ColorIndex = 6

	                    Else

	                        Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")

	                        For Each objUser In objGroup.Members

	                            Select Case objUser.Name

	                                Case "Administrator" strAction = "Nothing"

	                                Case "Domain Admins" strAction = "Nothing"

	                                Case "RegionAAdmins" strAction = "Nothing"

	                                Case "RegionBAdmins" strAction = "Nothing"    

	                                Case "RegionCAdmins" strAction = "Nothing"

	                                Case "RegionDAdmins" strAction = "Nothing"

	                                Case Else objGroup.Remove(objUser.AdsPath)

	                            End Select

	                            

	                            'If objUser.Name <> "Administrator" AND objUser.Name <> "Domain Admins" Then

	                            '    objGroup.Remove(objUser.AdsPath)

	                            'End If

	                        Next    

	                        If Err.Number = &H80070562 Then

	                            objExcel.Cells(intRow + 1, 4).Value = "NO CHANGE"

	                	        objExcel.Cells(intRow + 1, 4).Interior.ColorIndex = 35

	                        Elseif Err.Number <> 0 Then

	                            objExcel.Cells(intRow + 1, 4).Value = "NO"

	                	        objExcel.Cells(intRow + 1, 4).Interior.ColorIndex = 6

	                        Else    

	                            objExcel.Cells(intRow + 1, 4).Value = "YES"

	                        End If 

	                    End If

	 

	                    Err.Clear 'Standardize Administrators Group

	                    Set myGroup = GetObject("WinNT://" & strComputer & "/Administrators,group")

	                    Set myUser = GetObject("WinNT://Central_Office/Region1Admins,group")

	                    myGroup.Add(myUser.ADsPath)

	                    Set myUser1 = GetObject("WinNT://Central_Office/Domain Admins,group")

	                    myGroup.Add(myUser1.ADsPath)

	                    Set myUser2 = GetObject("WinNT://Central_Office/Region2Admins,group")

	                    myGroup.Add(myUser2.ADsPath)

	                    Set myUser3 = GetObject("WinNT://Central_Office/Region3Admins,group")

	                    myGroup.Add(myUser3.ADsPath)

	                    Set myUser4 = GetObject("WinNT://Central_Office/Region4Admins,group")

	                    myGroup.Add(myUser4.ADsPath)

	                    If Err.Number = &H80070562 Then

	                        objExcel.Cells(intRow + 1, 5).Value = "NO CHANGE"

	                	    objExcel.Cells(intRow + 1, 5).Interior.ColorIndex = 35

	                    Elseif Err.Number <> 0 Then

	                        objExcel.Cells(intRow + 1, 5).Value = "NO"

	                	    objExcel.Cells(intRow + 1, 5).Interior.ColorIndex = 6

	                    Else    

	                        objExcel.Cells(intRow + 1, 5).Value = "YES"

	                    End If

	 

	                    Set myGroup = Nothing

	                    Set myUser = Nothing    

	                    Set myUser1 = Nothing

	                    Set myUser2 = Nothing  

	                    Set myUser3 = Nothing  

	                    Set myUser4 = Nothing  

	 

	                    Err.Clear 

	                End If

	            End If

            End If

        Next

        Err.Clear

    Next

 

    BusyClose

    objExplorer.Quit

 

    objExcel.Range("A3:C3, A5:E5").Select

    objExcel.Cells.EntireColumn.AutoFit

    objExcel.Range("A1:E1").Select

 

    objWorkbook.SaveAs "C:\Windows\Temp\Standardize_Local_Groups_" & strFacID & "_" & dtmDate & ".xls"

 

    Set objWorksheet = objExcel.Worksheets(1)

    objWorksheet.Activate

 

    If objFS.FileExists(strBusyFile) Then

        objFS.DeleteFile(strBusyFile)

    End If

    

End Sub

Open in new window

0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 

Author Comment

by:dgore1
ID: 24058377
OK...I ran the script and no longer get the excel error...on my test computer it does the following:

Cleans the administrators group of everybody, with the exception of only administrators and Region1Admins...all others are gone!! not sure why that's happening...

will run this on the affected computers after we figure out why it's dumping all of the admins except those 2!!!
0
 

Author Comment

by:dgore1
ID: 24058438
also this line of code:

objExcel.Selection.Merge = True

to
objExcel.Selection.MergeCells = True

causes excel to hang and not finish the report...however, it does solve the error issue!!!

I will test all the other machines today and let you know!!!

what type of problems could cause WMI not to work on the affected machines?
0
 

Author Comment

by:dgore1
ID: 24072869
RobSampson,

just in case you are waiting, we had to wait until monday...they won't run a script like this one on a friday afternoon!!!

but while I'm waiting, I did some changes and need an explanation if possible:  this section of code:

Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")
                              For Each objUser In objGroup.Members
                                  Select Case objUser.Name
                                      Case "Administrator" strAction = "Nothing"
                                      Case "Domain Admins" strAction = "Nothing"
                                      Case "RegionAAdmins" strAction = "Nothing"
                                      Case "RegionBAdmins" strAction = "Nothing"    
                                      Case "RegionCAdmins" strAction = "Nothing"
                                      Case "RegionDAdmins" strAction = "Nothing"
                                      Case Else objGroup.Remove(objUser.AdsPath)
                                  End Select
                                  
                                  'If objUser.Name <> "Administrator" AND objUser.Name <> "Domain Admins" Then
                                  '    objGroup.Remove(objUser.AdsPath)
                                  'End If
                              Next    


I changed to this to see what would happen:

                              For Each objUser In objGroup.Members
                               objGroup.Remove(objUser.AdsPath)
                              
                          Next

Now it doesn't remove the administrator but sure does an enema on everything else in the administrators group...then allows you to add back in the needed administrators....I will be testing this on monday as well...just curious why...any Ideas?

thanks,
dale
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 24082593
You know what....I'm not actually sure....the Select Case really should work....it works for me.....

Your second method should be fine in any case, and that's a not a bad idea anyway, because you then get to make sure exactly what groups or users are members of those groups, because you start fresh.

Regards,

Rob.
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 24083086
FYI, here's another post that deals with removing memebers from certain groups, and leaving ones in them that are required....
http://www.experts-exchange.com/Programming/Languages/Q_24118918.html

Regards,

Rob.
0
 

Author Comment

by:dgore1
ID: 24083255
Sure is strange, isn't it....we ran that script about 50 times with the case statements and it just seems to ignore the statements completely...

Seems the second method just cleans it and then the second part puts them back in...we had to wait until tomorrow to test...today was a bad day for testing based upon workload in certain offices....

I actually looked at the link above before posting my question...nice and elegant solution by the way!!

thanks for the help and let you know how it goes tomorrow!!
dale
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 24083678
Hmmm, what if you run this code (it won't change anything) just to see if the Select Case statements work....it works for me....

Regards,

Rob.
strComputer = "."

Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")

For Each objUser In objGroup.Members

	Select Case objUser.Name

		Case "Administrator"

			MsgBox "Administrator is a member."

		Case "Domain Admins"

			MsgBox "Domain Admins is a member."

		Case "RegionAAdmins"

			MsgBox "RegionAAdmins is a member."

		Case "RegionBAdmins"

			MsgBox "RegionBAdmins is a member."

		Case "RegionCAdmins"

			MsgBox "RegionCAdmins is a member."

		Case "RegionDAdmins"

			MsgBox "RegionDAdmins is a member."

		Case Else

			MsgBox objUser.AdsPath & " is not a member and would be removed."

	End Select

Next

Open in new window

0
 

Author Comment

by:dgore1
ID: 24085349
I'll give that a try....but it almost seems like it with the Excel Spreadsheet it ignores the Case statements....not to mention when I used the code change below, the spreadsheet no longer displays...just sits on the spreadsheet and seems to process but no data displays....ya know, maybe this stuff really is rocket science? :)

 think I've fixed your Excel issue, by changing
objExcel.Selection.Merge = True

to
objExcel.Selection.MergeCells = True

I'll let you know how the code goes today!!!

As always, thanks!
Dale
0
 

Author Comment

by:dgore1
ID: 24087693
wow...that works kind of neat...mine failed on certain computers...again....

so I put yours in and it processes through each and everyone perfectly...and I believe I have found the culprits...apparently some of the computers were migrated from an old NT domain and have certain users still in the administrators group...

When the script runs, it hits those users and says this:

UserXXX is not a member and would be removed

but nothing happens...we check the machine and sure enough they are still there!!  So unless there is another way to remove just the single users, since they are not a member of any particular group, then those may have to be done by hand...

any ideas?

thanks,
dale
0
 
LVL 65

Accepted Solution

by:
RobSampson earned 400 total points
ID: 24092775
Hmmm, so if you actually get told that a certain user is not a member of any of the specified groups, and actually needs removing, then under this

MsgBox objUser.AdsPath & " is not a member and would be removed."

in theory, you should be able to add

objGroup.Remove(objUser.AdsPath)

and it should work.

Perhaps instead of just adding that one line, you could use:

On Error Resume Next
objGroup.Remove(objUser.AdsPath)
If Err.Number = 0 Then
   MsgBox objUser.AdsPath & " has been removed."
Else
   MsgBox "Error removing " & objUser.AdsPath
End If
Err.Clear
On Error GoTo 0

to have more control over that.

Regards,

Rob.
0
 

Author Comment

by:dgore1
ID: 24095366
forgot to tell you....I added the objGroup.Remove(objUser.AdsPath) to the case and it removed everything but that 1 user, which is a domain user by the way....just a migrated user...

going to try the next part today and see how that pans out!!

The thing that gets me is you would think that the remove, which removes everything else so nicely would really remove everything, regardless of any reason....with the exception of the administrator, which is the local admin and cannot be removed....that I get...just really strange...

thanks for all the help!
Dale

0
 

Author Comment

by:dgore1
ID: 24102659
had to go to training....gonna run the script in the AM...forgot about that training stuff!!!
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 24102671
No problem. I'm in training myself.....I can wait :-)

Rob.
0
 

Author Comment

by:dgore1
ID: 24105760
ran the script on the test machine and it processes and tells you what it's doing but hangs on the Excel report when trying to finish the column called standard adminstrators group...the cursor sits in that field and doesn't process any further...

I have attached the code with all the changes to make sure I have it correct:

thanks,
dale

Err.Clear 'Clean Administrators Group

                    If blnFAST = TRUE Then

                        objExcel.Cells(intRow + 1, 4).Value = "FAST or IDB Workstation"

                	    objExcel.Cells(intRow + 1, 4).Interior.ColorIndex = 6

                    Else

                        Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")

                            For Each objUser In objGroup.Members

			  Select Case objUser.Name

				Case "Administrator"

				MsgBox "Administrator is a member."

				Case "Domain Admins"

				MsgBox "Domain Admins is a member."

				Case "Region1Admins"

				MsgBox "Region1Admins is a member."

				Case "Region2Admins"

				MsgBox "Region2Admins is a member."

				Case "Region3Admins"

				MsgBox "Region3Admins is a member."

				Case "Region4Admins"

				MsgBox "Region4Admins is a member."

				Case Else

				MsgBox objUser.AdsPath & " is not a member and will be removed."

				On Error Resume Next

				objGroup.Remove(objUser.AdsPath)

					If Err.Number = 0 Then

					   MsgBox objUser.AdsPath & " has been removed."

					Else

					   MsgBox "Error removing " & objUser.AdsPath

					End If

					Err.Clear

					On Error GoTo 0

				End Select

			Next                

Open in new window

0
 

Author Comment

by:dgore1
ID: 24105785
OK...I removed the following 2 lines and all processes normally on the test machine:

On Error resume next

On error goto 0

this mean there is an error hiding somewhere?
0
 

Author Comment

by:dgore1
ID: 24105873
ya know, sometimes I should just wait until I've tested after removing a few lines...sigh...

I put back in On error and the script runs fine....

when I put back in On error goto 0 it once again hangs but only on the last cell in the worksheet...so I'm guessing something is up with the goto 0?

thanks,
dale
0
 

Author Comment

by:dgore1
ID: 24108787
We have found the problem!! It is not program related but actually AD related...here's the skinny....

we put your code in which helped us track down the error number by adding this line of code:

MsgBox "Error removing " & objUser.AdsPath & " Error Number = " & Err.Number ...this produced the decimal error number -2147023519 which converted to HEX FFFFFFFF80070561 which was further translated by the Win32API errors to

&H80070561      The specified account name is not a member of the local group.

Searching on the internet found this little knowledge base article:

http://support.microsoft.com/kb/835744

which indicates you need to apply a hot fix to the computers themselves.  But we dug a little deeper to find that the big reason is proabably the SID associated to the account.  All the accounts we are having problems removing show up as if they are still in their old NT domain....if we manually remove those accounts, then re-add them, the script works perfectly as designed!!

So to solve the problem, we have to either remove every single account that has this problem, or run something like NEWSID from sysinternals, or live with the user in the group!!!

We would have never found this without your code and others...so I'm going to split the points as indicated above and thanks for all the help as usual!!! Great job!!

thanks,
dale


0
 

Author Closing Comment

by:dgore1
ID: 31564387
Another great job that allowed the solution to be found!! Thanks!
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 24108961
Good detective work.
Nice job, as always, Rob! :^)
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 24112712
Oh nice!  That's a good find!  I hate old accounts like that....can get very messy!  Good work though!

Regards,

Rob.
0
 

Author Comment

by:dgore1
ID: 24114212
Spent hours on that little gem....but without both of your skill set, I would have never been able to find it!!!

thanks again for all the help!!!
dale
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Whether you've completed a degree in computer sciences or you're a self-taught programmer, writing your first lines of code in the real world is always a challenge. Here are some of the most common pitfalls for new programmers.
This is about my first experience with programming Arduino.
Get people started with the process of using Access VBA to control Excel using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Excel. Using automation, an Access application can laun…
Viewers will learn how to properly install Eclipse with the necessary JDK, and will take a look at an introductory Java program. Download Eclipse installation zip file: Extract files from zip file: Download and install JDK 8: Open Eclipse and …

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now