We help IT Professionals succeed at work.

Remove local administrator privileges on multiple computers.

850 Views
Last Modified: 2013-11-25
Hello, here is the scenario.
We have recently gotten a new client but it seems like the IT-company that was there first allowed all the local users to set their user account as local administrator so that it was easier to install software on the computers.

This has become a problem and we where wondering if it was possible to automate the process of removing the users as local administrator by using GP or a script?

Thank you so much.
Comment
Watch Question

Edmond HawilaChief Operating Officer
CERTIFIED EXPERT

Commented:
http://www.windows-commandline.com/2009/04/remove-user-from-group-using-command.html

This should do it from a login script.. Not sure if the %username% variable could work with this and if it is possible to remove yourself from the admin group...

Do some tests and let me know :)
Premkumar YogeswaranSr. Analyst - System Administrator
CERTIFIED EXPERT

Commented:
I would think that a login script containing the net localgroup directive
would help here.

The syntax of this command is:


NET LOCALGROUP [groupname [/COMMENT:"text"]] [/DOMAIN]
              groupname {/ADD [/COMMENT:"text"] | /DELETE}  [/DOMAIN]
              groupname name [...] {/ADD | /DELETE} [/DOMAIN]

As an example, what I've added in the past to "add" certain users and groups
to another group:

net localgroup administrators "mydomainname\Domain Admins" /ADD
:end

This should be just as easy to run to remove someone:

net localgroup administrators "mydomainname\Domain Users" /delete
:end
Premkumar YogeswaranSr. Analyst - System Administrator
CERTIFIED EXPERT

Commented:
if you user having admin power and if you dont need any other user account simply right click my computer click manages locate local user and groups and remove what ever u not need...

why would need a script or VB file....
AwinishSenior Solution Architect

Commented:

http://www.windowsecurity.com/articles/Securing-Local-Administrators-Group-Every-Desktop.html

http://www.windowsecurity.com/articles/Using-Restricted-Groups.html


Here is a script that I wrote to remove all users, except for the local administrator and domain admins, from the administrators group
--------------------------------------------------------------------------------------------------------------------

' computer name or ip address
sNode = "Computer Name"

' suppress errors
On Error Resume Next

' group name to remove user from
Set oGroupAdm = GetObject("WinNT://" & sNode & "/Administrators")

' loop through all members of the Administrators group
For Each oAdmGrpUser In oGroupAdm.Members

' get the name and make it lowercase
sAdmGrpUser = LCase(oAdmGrpUser.Name)

' Leave administrator and Domain Admins alone
' use lowercase letters in the names in the If statement!
If (sAdmGrpUser <> "administrator") And (sAdmGrpUser <> "domain admins") Then
msgbox oAdmGrpUser.Name
' remove users from Administrators group
oGroupAdm.Remove oAdmGrpUser.ADsPath
End if
Next
Head of ICT
Top Expert 2009
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
bluntTony:
This doesn't remove the users currently in local administrators. It just adds whichever users i add to 'Members of this group'
AwinishSenior Solution Architect
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
bluntTonyHead of ICT
Top Expert 2009
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Thanks for the great input guys.

Happy christmas
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.