Solved

Changing local admins to users

Posted on 2013-11-08
4
236 Views
Last Modified: 2013-11-13
I have several client machines each with several accounts (all  the accounts are of the same four employees). Most are local admins.

What is the best way to change them. I know where the users are un CP. But, can I do it using GP on SBS 2008?

Thanks.

Bert
0
Comment
Question by:Bert2005
  • 2
4 Comments
 
LVL 12

Assisted Solution

by:ShazbotOK
ShazbotOK earned 150 total points
ID: 39633692
A powershell script you can excecute from your computer/server:

function Get-ScriptDirectory (){
$Invocation = (Get-Variable MyInvocation -Scope 1).Value
Split-Path $Invocation.MyCommand.Path
}
Clear-Host
Write-Host '#####################################################################################'
Write-Host 'This script is used to modify the membership of the local administrators group(LAG).'
Write-Host '#####################################################################################'
Write-Host 'The list of hosts need to be in same directory script is run from and be named serverlist.txt.'
Write-Host 'You can use short names in the serverlist.txt only if you can ping the short name from the script execution client.'
Write-Host 'Output will be logged to same location with log file containing date/time stamp.'
Write-Host 'Please provide credentials for accessing remote host(s):'

$WhereAreWe = Get-ScriptDirectory
$Domain = $env:userdomain
$UserName = $env:username
$Cred = Get-Credential $domain\$username
$strLogDate = Get-Date -uformat "%Y_%m_%d_%H_%M_%S"
$LogPath = $WhereAreWe + "\AddRemove_$strLogDate.log"

Do {
$GroupAction = Read-Host -Prompt "Adding or Removing from LAG? (1=Add/2=Remove/3=Quit)"
}
Until (($GroupAction -eq '1') -or ($GroupAction -eq '2') -or ($GroupAction -eq '3'))
If ($GroupAction -eq '3'){
Write-Host "Quit response received, script terminated."
Break
}
$GroupUserName = Read-Host -Prompt "What is the name of the group or user to add or remove?"
$GroupDomain = Read-Host -Prompt "What domain is the group located in?"

$myArray = @()
$Servers = Get-content "$WhereAreWe\serverlist.txt"
$Servers | ForEach {
Write-Host $_ -ForegroundColor Black
$remotecommand = Invoke-Command -Computername $_ -Cred $Cred -ScriptBlock {
param ($GroupAction,$GroupDomain,$GroupUserName)
Write-Output "===================="
Get-Content env:computername
Write-Output "===================="
$Group = [ADSI]('WinNT://localhost/Administrators,Group')
If ($GroupAction -eq '1'){
$Group.add("WinNT://$GroupDomain/$GroupUserName,user")
}
If ($GroupAction -eq '2'){
$Group.remove("WinNT://$GroupDomain/$GroupUserName,user")
}
NET LOCALGROUP 'Administrators'
} -ArgumentList @($GroupAction,$GroupDomain,$GroupUserName,$output,$myArray)
$remotecommand
ForEach ($output in $remotecommand){
$myArray += @($output)
}
}
$myArray | Out-File -FilePath "$LogPath" -Append
#Invoke-Item "$LogPath"

Open in new window


Found this from this group discussion: Power Shell Dot Com
0
 
LVL 53

Accepted Solution

by:
McKnife earned 350 total points
ID: 39639278
Hi.

Read about the concept of "restricted groups". It's inside the security policies section of any gpo and can wipe out all but defined admin accounts. As the users you talk about are domain members, they still remain in the local users group, so the task is very easy.
0
 
LVL 1

Author Comment

by:Bert2005
ID: 39640253
Thanks McKnife. And, thank you as well ShazbotOK. I have't forgotten about you. I will take a look McKnife.
0
 
LVL 1

Author Closing Comment

by:Bert2005
ID: 39646729
McKnife perfect!

@ShazbotOK I am just not very good with scripts. But, I have this saved, and I will work on Powershell. I really appreciate your time.

I apologize for taking so much time to close the question.
0

Featured Post

Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

Join & Write a Comment

Article by: Lee
Windows 7 Ultimate and Enterprise (and 2008 R2) introduced a new feature you may not be aware of - Boot from VHD.   Boot from VHD (or what Microsoft refers to asNative Boot allows you to install Windows to a VHD (Virtual Hard Disk) file that is t…
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now