Solved

Changing local admins to users

Posted on 2013-11-08
4
242 Views
Last Modified: 2013-11-13
I have several client machines each with several accounts (all  the accounts are of the same four employees). Most are local admins.

What is the best way to change them. I know where the users are un CP. But, can I do it using GP on SBS 2008?

Thanks.

Bert
0
Comment
Question by:Bert2005
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 12

Assisted Solution

by:ShazbotOK
ShazbotOK earned 150 total points
ID: 39633692
A powershell script you can excecute from your computer/server:

function Get-ScriptDirectory (){
$Invocation = (Get-Variable MyInvocation -Scope 1).Value
Split-Path $Invocation.MyCommand.Path
}
Clear-Host
Write-Host '#####################################################################################'
Write-Host 'This script is used to modify the membership of the local administrators group(LAG).'
Write-Host '#####################################################################################'
Write-Host 'The list of hosts need to be in same directory script is run from and be named serverlist.txt.'
Write-Host 'You can use short names in the serverlist.txt only if you can ping the short name from the script execution client.'
Write-Host 'Output will be logged to same location with log file containing date/time stamp.'
Write-Host 'Please provide credentials for accessing remote host(s):'

$WhereAreWe = Get-ScriptDirectory
$Domain = $env:userdomain
$UserName = $env:username
$Cred = Get-Credential $domain\$username
$strLogDate = Get-Date -uformat "%Y_%m_%d_%H_%M_%S"
$LogPath = $WhereAreWe + "\AddRemove_$strLogDate.log"

Do {
$GroupAction = Read-Host -Prompt "Adding or Removing from LAG? (1=Add/2=Remove/3=Quit)"
}
Until (($GroupAction -eq '1') -or ($GroupAction -eq '2') -or ($GroupAction -eq '3'))
If ($GroupAction -eq '3'){
Write-Host "Quit response received, script terminated."
Break
}
$GroupUserName = Read-Host -Prompt "What is the name of the group or user to add or remove?"
$GroupDomain = Read-Host -Prompt "What domain is the group located in?"

$myArray = @()
$Servers = Get-content "$WhereAreWe\serverlist.txt"
$Servers | ForEach {
Write-Host $_ -ForegroundColor Black
$remotecommand = Invoke-Command -Computername $_ -Cred $Cred -ScriptBlock {
param ($GroupAction,$GroupDomain,$GroupUserName)
Write-Output "===================="
Get-Content env:computername
Write-Output "===================="
$Group = [ADSI]('WinNT://localhost/Administrators,Group')
If ($GroupAction -eq '1'){
$Group.add("WinNT://$GroupDomain/$GroupUserName,user")
}
If ($GroupAction -eq '2'){
$Group.remove("WinNT://$GroupDomain/$GroupUserName,user")
}
NET LOCALGROUP 'Administrators'
} -ArgumentList @($GroupAction,$GroupDomain,$GroupUserName,$output,$myArray)
$remotecommand
ForEach ($output in $remotecommand){
$myArray += @($output)
}
}
$myArray | Out-File -FilePath "$LogPath" -Append
#Invoke-Item "$LogPath"

Open in new window


Found this from this group discussion: Power Shell Dot Com
0
 
LVL 55

Accepted Solution

by:
McKnife earned 350 total points
ID: 39639278
Hi.

Read about the concept of "restricted groups". It's inside the security policies section of any gpo and can wipe out all but defined admin accounts. As the users you talk about are domain members, they still remain in the local users group, so the task is very easy.
0
 
LVL 1

Author Comment

by:Bert2005
ID: 39640253
Thanks McKnife. And, thank you as well ShazbotOK. I have't forgotten about you. I will take a look McKnife.
0
 
LVL 1

Author Closing Comment

by:Bert2005
ID: 39646729
McKnife perfect!

@ShazbotOK I am just not very good with scripts. But, I have this saved, and I will work on Powershell. I really appreciate your time.

I apologize for taking so much time to close the question.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to extract and to view the contents of a Microsoft Update Standalone Package (MSU) for Windows Vista, you cannot extract the files from the MSU. Here we are going to explain how to extract those hotfix details without using any third pa…
While working, an annoying popup showing below will come and we cannot cancel or close it form the screen. The error message will come again and again.
This Micro Tutorial will teach you the basics of configuring your computer to improve its speed. It will also teach you how to disable programs that are running in the background simultaneously. This will be demonstrated using Windows 7 operating…
This Micro Tutorial will give you a basic overview of Windows Live Photo Gallery and show you various editing filters and touches to photos you can apply. This will be demonstrated using Windows Live Photo Gallery on Windows 7 operating system.

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question