[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Changing local admins to users

Posted on 2013-11-08
4
Medium Priority
?
249 Views
Last Modified: 2013-11-13
I have several client machines each with several accounts (all  the accounts are of the same four employees). Most are local admins.

What is the best way to change them. I know where the users are un CP. But, can I do it using GP on SBS 2008?

Thanks.

Bert
0
Comment
Question by:Bert2005
  • 2
4 Comments
 
LVL 12

Assisted Solution

by:ShazbotOK
ShazbotOK earned 600 total points
ID: 39633692
A powershell script you can excecute from your computer/server:

function Get-ScriptDirectory (){
$Invocation = (Get-Variable MyInvocation -Scope 1).Value
Split-Path $Invocation.MyCommand.Path
}
Clear-Host
Write-Host '#####################################################################################'
Write-Host 'This script is used to modify the membership of the local administrators group(LAG).'
Write-Host '#####################################################################################'
Write-Host 'The list of hosts need to be in same directory script is run from and be named serverlist.txt.'
Write-Host 'You can use short names in the serverlist.txt only if you can ping the short name from the script execution client.'
Write-Host 'Output will be logged to same location with log file containing date/time stamp.'
Write-Host 'Please provide credentials for accessing remote host(s):'

$WhereAreWe = Get-ScriptDirectory
$Domain = $env:userdomain
$UserName = $env:username
$Cred = Get-Credential $domain\$username
$strLogDate = Get-Date -uformat "%Y_%m_%d_%H_%M_%S"
$LogPath = $WhereAreWe + "\AddRemove_$strLogDate.log"

Do {
$GroupAction = Read-Host -Prompt "Adding or Removing from LAG? (1=Add/2=Remove/3=Quit)"
}
Until (($GroupAction -eq '1') -or ($GroupAction -eq '2') -or ($GroupAction -eq '3'))
If ($GroupAction -eq '3'){
Write-Host "Quit response received, script terminated."
Break
}
$GroupUserName = Read-Host -Prompt "What is the name of the group or user to add or remove?"
$GroupDomain = Read-Host -Prompt "What domain is the group located in?"

$myArray = @()
$Servers = Get-content "$WhereAreWe\serverlist.txt"
$Servers | ForEach {
Write-Host $_ -ForegroundColor Black
$remotecommand = Invoke-Command -Computername $_ -Cred $Cred -ScriptBlock {
param ($GroupAction,$GroupDomain,$GroupUserName)
Write-Output "===================="
Get-Content env:computername
Write-Output "===================="
$Group = [ADSI]('WinNT://localhost/Administrators,Group')
If ($GroupAction -eq '1'){
$Group.add("WinNT://$GroupDomain/$GroupUserName,user")
}
If ($GroupAction -eq '2'){
$Group.remove("WinNT://$GroupDomain/$GroupUserName,user")
}
NET LOCALGROUP 'Administrators'
} -ArgumentList @($GroupAction,$GroupDomain,$GroupUserName,$output,$myArray)
$remotecommand
ForEach ($output in $remotecommand){
$myArray += @($output)
}
}
$myArray | Out-File -FilePath "$LogPath" -Append
#Invoke-Item "$LogPath"

Open in new window


Found this from this group discussion: Power Shell Dot Com
0
 
LVL 57

Accepted Solution

by:
McKnife earned 1400 total points
ID: 39639278
Hi.

Read about the concept of "restricted groups". It's inside the security policies section of any gpo and can wipe out all but defined admin accounts. As the users you talk about are domain members, they still remain in the local users group, so the task is very easy.
0
 
LVL 1

Author Comment

by:Bert2005
ID: 39640253
Thanks McKnife. And, thank you as well ShazbotOK. I have't forgotten about you. I will take a look McKnife.
0
 
LVL 1

Author Closing Comment

by:Bert2005
ID: 39646729
McKnife perfect!

@ShazbotOK I am just not very good with scripts. But, I have this saved, and I will work on Powershell. I really appreciate your time.

I apologize for taking so much time to close the question.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question