• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 253
  • Last Modified:

Changing local admins to users

I have several client machines each with several accounts (all  the accounts are of the same four employees). Most are local admins.

What is the best way to change them. I know where the users are un CP. But, can I do it using GP on SBS 2008?

Thanks.

Bert
0
Bert2005
Asked:
Bert2005
  • 2
2 Solutions
 
ShazbotOKCommented:
A powershell script you can excecute from your computer/server:

function Get-ScriptDirectory (){
$Invocation = (Get-Variable MyInvocation -Scope 1).Value
Split-Path $Invocation.MyCommand.Path
}
Clear-Host
Write-Host '#####################################################################################'
Write-Host 'This script is used to modify the membership of the local administrators group(LAG).'
Write-Host '#####################################################################################'
Write-Host 'The list of hosts need to be in same directory script is run from and be named serverlist.txt.'
Write-Host 'You can use short names in the serverlist.txt only if you can ping the short name from the script execution client.'
Write-Host 'Output will be logged to same location with log file containing date/time stamp.'
Write-Host 'Please provide credentials for accessing remote host(s):'

$WhereAreWe = Get-ScriptDirectory
$Domain = $env:userdomain
$UserName = $env:username
$Cred = Get-Credential $domain\$username
$strLogDate = Get-Date -uformat "%Y_%m_%d_%H_%M_%S"
$LogPath = $WhereAreWe + "\AddRemove_$strLogDate.log"

Do {
$GroupAction = Read-Host -Prompt "Adding or Removing from LAG? (1=Add/2=Remove/3=Quit)"
}
Until (($GroupAction -eq '1') -or ($GroupAction -eq '2') -or ($GroupAction -eq '3'))
If ($GroupAction -eq '3'){
Write-Host "Quit response received, script terminated."
Break
}
$GroupUserName = Read-Host -Prompt "What is the name of the group or user to add or remove?"
$GroupDomain = Read-Host -Prompt "What domain is the group located in?"

$myArray = @()
$Servers = Get-content "$WhereAreWe\serverlist.txt"
$Servers | ForEach {
Write-Host $_ -ForegroundColor Black
$remotecommand = Invoke-Command -Computername $_ -Cred $Cred -ScriptBlock {
param ($GroupAction,$GroupDomain,$GroupUserName)
Write-Output "===================="
Get-Content env:computername
Write-Output "===================="
$Group = [ADSI]('WinNT://localhost/Administrators,Group')
If ($GroupAction -eq '1'){
$Group.add("WinNT://$GroupDomain/$GroupUserName,user")
}
If ($GroupAction -eq '2'){
$Group.remove("WinNT://$GroupDomain/$GroupUserName,user")
}
NET LOCALGROUP 'Administrators'
} -ArgumentList @($GroupAction,$GroupDomain,$GroupUserName,$output,$myArray)
$remotecommand
ForEach ($output in $remotecommand){
$myArray += @($output)
}
}
$myArray | Out-File -FilePath "$LogPath" -Append
#Invoke-Item "$LogPath"

Open in new window


Found this from this group discussion: Power Shell Dot Com
0
 
McKnifeCommented:
Hi.

Read about the concept of "restricted groups". It's inside the security policies section of any gpo and can wipe out all but defined admin accounts. As the users you talk about are domain members, they still remain in the local users group, so the task is very easy.
0
 
Bert2005Author Commented:
Thanks McKnife. And, thank you as well ShazbotOK. I have't forgotten about you. I will take a look McKnife.
0
 
Bert2005Author Commented:
McKnife perfect!

@ShazbotOK I am just not very good with scripts. But, I have this saved, and I will work on Powershell. I really appreciate your time.

I apologize for taking so much time to close the question.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now