Solved

Changing local admins to users

Posted on 2013-11-08
4
238 Views
Last Modified: 2013-11-13
I have several client machines each with several accounts (all  the accounts are of the same four employees). Most are local admins.

What is the best way to change them. I know where the users are un CP. But, can I do it using GP on SBS 2008?

Thanks.

Bert
0
Comment
Question by:Bert2005
  • 2
4 Comments
 
LVL 12

Assisted Solution

by:ShazbotOK
ShazbotOK earned 150 total points
ID: 39633692
A powershell script you can excecute from your computer/server:

function Get-ScriptDirectory (){
$Invocation = (Get-Variable MyInvocation -Scope 1).Value
Split-Path $Invocation.MyCommand.Path
}
Clear-Host
Write-Host '#####################################################################################'
Write-Host 'This script is used to modify the membership of the local administrators group(LAG).'
Write-Host '#####################################################################################'
Write-Host 'The list of hosts need to be in same directory script is run from and be named serverlist.txt.'
Write-Host 'You can use short names in the serverlist.txt only if you can ping the short name from the script execution client.'
Write-Host 'Output will be logged to same location with log file containing date/time stamp.'
Write-Host 'Please provide credentials for accessing remote host(s):'

$WhereAreWe = Get-ScriptDirectory
$Domain = $env:userdomain
$UserName = $env:username
$Cred = Get-Credential $domain\$username
$strLogDate = Get-Date -uformat "%Y_%m_%d_%H_%M_%S"
$LogPath = $WhereAreWe + "\AddRemove_$strLogDate.log"

Do {
$GroupAction = Read-Host -Prompt "Adding or Removing from LAG? (1=Add/2=Remove/3=Quit)"
}
Until (($GroupAction -eq '1') -or ($GroupAction -eq '2') -or ($GroupAction -eq '3'))
If ($GroupAction -eq '3'){
Write-Host "Quit response received, script terminated."
Break
}
$GroupUserName = Read-Host -Prompt "What is the name of the group or user to add or remove?"
$GroupDomain = Read-Host -Prompt "What domain is the group located in?"

$myArray = @()
$Servers = Get-content "$WhereAreWe\serverlist.txt"
$Servers | ForEach {
Write-Host $_ -ForegroundColor Black
$remotecommand = Invoke-Command -Computername $_ -Cred $Cred -ScriptBlock {
param ($GroupAction,$GroupDomain,$GroupUserName)
Write-Output "===================="
Get-Content env:computername
Write-Output "===================="
$Group = [ADSI]('WinNT://localhost/Administrators,Group')
If ($GroupAction -eq '1'){
$Group.add("WinNT://$GroupDomain/$GroupUserName,user")
}
If ($GroupAction -eq '2'){
$Group.remove("WinNT://$GroupDomain/$GroupUserName,user")
}
NET LOCALGROUP 'Administrators'
} -ArgumentList @($GroupAction,$GroupDomain,$GroupUserName,$output,$myArray)
$remotecommand
ForEach ($output in $remotecommand){
$myArray += @($output)
}
}
$myArray | Out-File -FilePath "$LogPath" -Append
#Invoke-Item "$LogPath"

Open in new window


Found this from this group discussion: Power Shell Dot Com
0
 
LVL 54

Accepted Solution

by:
McKnife earned 350 total points
ID: 39639278
Hi.

Read about the concept of "restricted groups". It's inside the security policies section of any gpo and can wipe out all but defined admin accounts. As the users you talk about are domain members, they still remain in the local users group, so the task is very easy.
0
 
LVL 1

Author Comment

by:Bert2005
ID: 39640253
Thanks McKnife. And, thank you as well ShazbotOK. I have't forgotten about you. I will take a look McKnife.
0
 
LVL 1

Author Closing Comment

by:Bert2005
ID: 39646729
McKnife perfect!

@ShazbotOK I am just not very good with scripts. But, I have this saved, and I will work on Powershell. I really appreciate your time.

I apologize for taking so much time to close the question.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

One of the features I've come to appreciate about Windows 7 and Windows Server 2008 R2 is the ability to pin applications to the task bar. As useful a feature as I've found this, it does have some quirks.  For example, have you ever tried pinning an…
First some basics on Windows 7 Backup.  It has 2 components one is a file based backup which is stored in .zip files each zip is split at around 200 Megabytes and there is the Image Backup which is as the name implies a total image of the partition …
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial will give you a basic overview of Windows Live Photo Gallery and show you various editing filters and touches to photos you can apply. This will be demonstrated using Windows Live Photo Gallery on Windows 7 operating system.

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question