delete/remove users from local administrators grou

Forums

My Profile

Inbox

Address Book

My Subscription

My Forums

delete/remove users from local administrators grou

Logged in as: Guest

arrSession:exec spGetSession 2,2,1487

	Active Users: There are 0 members and 0 guests.
	Users viewing this topic: none

Printable Version

All Forums >> [Scripting] >> WSH & Client Side VBScript >> delete/remove users from local administrators grou
Do you like VisualBasicScript.com? Link to us and help spread the word about our forum. Thanks!

Page: [1] 2 next > >>

Message

<< Older Topic Newer Topic >>

delete/remove users from local administrators grou - 10/19/2004 2:23:15 AM

paf1967

Posts: 2
Score: 0
Joined: 10/19/2004
From:
Status: offline

We are using AD and I am responsible to cleaning up the PC's local administrators group. I need and automated process for removing a user's account from the local administrators group. (i.e. remove [domain\user_name])
I can use cusrmgr to remove the user accounts from the old domain (NON_AD). I have also tried to use usergroups.vbs with no success. Also, I would appreciate any help with the command usergroups.vbs .

Any help is greatly appreciated.

Post #: 1

Re: delete/remove users from local administrators grou - 10/19/2004 7:27:31 AM

mbouchard

Posts: 1916
Score: 16
Joined: 5/15/2003
From: USA
Status: offline

Here is a script that I wrote to remove all users, except for the local administrator and domain admins, from the administrators group

(in reply to paf1967)

Post #: 2

Re: delete/remove users from local administrators grou - 10/19/2004 9:01:46 AM

paf1967

Posts: 2
Score: 0
Joined: 10/19/2004
From:
Status: offline

Is there a way I can tell the script to remove one user name. For example, remove just abcDOMAIN\JDoe (user name) Also how hard would it be to make the script read computer names from a txt, xls, or csv file.

I appreciate your help.

(in reply to paf1967)

Post #: 3

Re: delete/remove users from local administrators grou - 10/19/2004 11:27:52 PM

mbouchard

Posts: 1916
Score: 16
Joined: 5/15/2003
From: USA
Status: offline

To get the computername from a text file, Go here and download the Wscript documentation, look for info on readline. Once you have a script that can read through a text file post it here and i can help you use it with the remove user script below.

To remove 1 user from the admin group, change this line:

quote:
If (sAdmGrpUser <> "administrator") And (sAdmGrpUser <> "domain admins") Then

To this:

quote:
If sAdmGrpUser = "abcdomain\joeuser" then

(in reply to paf1967)

Post #: 4

Re: delete/remove users from local administrators grou - 4/8/2005 10:42:29 AM

colbytrio

Posts: 27
Score: 1
Joined: 4/8/2005
From:
Status: offline

Is there a way to launch this script using a Startup Script within Active Directory? It seems impossible since you have to specify a computer name or IP.

Any help in making this script work on any machine running it would be great!

Thanks,
Colby

(in reply to paf1967)

Post #: 5

Re: delete/remove users from local administrators grou - 4/8/2005 4:35:23 PM

token

Posts: 1917
Score: 0
Joined: 1/14/2005
From:
Status: offline

Since you intend to run this script from a startup script, I assume that you want to remove ALL users except the default administrator account and domain admin group.

The following script is based on what mbouchard posted in the previous script.

=========================================================================
Option Explicit

Dim network, group, user
Set network = CreateObject("WScript.Network")
Set group = GetObject("WinNT://" & network.ComputerName & "/Administrators,group")
For Each user In group.members
If UCase(user.name) <> "ADMINISTRATOR" And UCase(user.name) <> "DOMAIN ADMINS" Then
group.remove user.adspath
End If
Next

(in reply to paf1967)

Post #: 6

Re: delete/remove users from local administrators grou - 4/8/2005 4:48:59 PM

token

Posts: 1917
Score: 0
Joined: 1/14/2005
From:
Status: offline

The following script will delete a specific user account identify by the "username" variable from the local administrators group on a list of computers stored in a text file identified by the "src" variable.

==================================================================================
Option Explicit

Dim src, username
src = "computers.txt"
username = "test"

cleanAdminGroup src, username

Function cleanAdminGroup(file,username)
Dim network, group, user, fso, temp, ts
Set network = CreateObject("WScript.Network")
Set fso = CreateObject("Scripting.FileSystemObject")

If Not fso.FileExists(file) Then
WScript.Echo "File does not exist: " & file
Else
Set ts = fso.OpenTextFile(file,1)
Do Until ts.AtEndOfStream
temp = ts.ReadLine
Set group = GetObject("WinNT://" & temp & "/Administrators,group")
For Each user In group.members
If UCase(user.name) = UCase(username) Then
group.remove user.adspath
End If
Next
Loop
End If
End Function

(in reply to paf1967)

Post #: 7

Re: delete/remove users from local administrators grou - 4/11/2005 6:18:56 AM

colbytrio

Posts: 27
Score: 1
Joined: 4/8/2005
From:
Status: offline

quote:
Originally posted by token

Since you intend to run this script from a startup script, I assume that you want to remove ALL users except the default administrator account and domain admin group.

The following script is based on what mbouchard posted in the previous script.

=========================================================================
Option Explicit

Dim network, group, user
Set network = CreateObject("WScript.Network")
Set group = GetObject("WinNT://" & network.ComputerName & "/Administrators,group")
For Each user In group.members
If UCase(user.name) <> "ADMINISTRATOR" And UCase(user.name) <> "DOMAIN ADMINS" Then
group.remove user.adspath
End If
Next

Works like a charm! Thanks! Now for one more question. Is there a way to run the script above then add a domain group into the local Administrators group?

(in reply to paf1967)

Post #: 8

Re: delete/remove users from local administrators grou - 4/11/2005 6:21:27 AM

token

Posts: 1917
Score: 0
Joined: 1/14/2005
From:
Status: offline

Sure. Add the following line below and outside of the FOR EACH statement.

group.add "domain\userID" should do the trick.

(in reply to paf1967)

Post #: 9

Re: delete/remove users from local administrators grou - 4/11/2005 6:35:12 AM

colbytrio

Posts: 27
Score: 1
Joined: 4/8/2005
From:
Status: offline

quote:
Originally posted by token

Sure. Add the following line below and outside of the FOR EACH statement.

group.add "domain\userID" should do the trick.

I'm very new to scripting so forgive me... I added that line directly under the "FOR EACH" statement but it didn't work. Do you mind entering it into the script where it should be exactly located?

Thanks a ton for you help by the way. You have no idea how long we have been looking for a script like this. In an organization of 10,000+ users it's going to be a HUGE help.

(in reply to paf1967)

Post #: 10

Re: delete/remove users from local administrators grou - 4/11/2005 7:06:17 AM

token

Posts: 1917
Score: 0
Joined: 1/14/2005
From:
Status: offline

quote:
Originally posted by colbytrio

quote:
Originally posted by token

Sure. Add the following line below and outside of the FOR EACH statement.

group.add "domain\userID" should do the trick.

I'm very new to scripting so forgive me... I added that line directly under the "FOR EACH" statement but it didn't work. Do you mind entering it into the script where it should be exactly located?

Thanks a ton for you help by the way. You have no idea how long we have been looking for a script like this. In an organization of 10,000+ users it's going to be a HUGE help.

Option Explicit

Dim src, username
src = "computers.txt"
username = "test"

cleanAdminGroup src, username

Function cleanAdminGroup(file,username)
Dim network, group, user, fso, temp, ts
Set network = CreateObject("WScript.Network")
Set fso = CreateObject("Scripting.FileSystemObject")

If Not fso.FileExists(file) Then
WScript.Echo "File does not exist: " & file
Else
Set ts = fso.OpenTextFile(file,1)
Do Until ts.AtEndOfStream
temp = ts.ReadLine
Set group = GetObject("WinNT://" & temp & "/Administrators,group")
For Each user In group.members
If UCase(user.name) = UCase(username) Then
group.remove user.adspath
End If
Next
Loop
group.add("WinNT://DOMAIN/Group_Name,group")
End If
End Function

(in reply to paf1967)

Post #: 11

Re: delete/remove users from local administrators grou - 4/11/2005 7:32:28 AM

colbytrio

Posts: 27
Score: 1
Joined: 4/8/2005
From:
Status: offline

Ok, that still dind't work. I would like to script to run and do two things:

1. Delete all users/groups from the Local Administrators group with the exception of the 'Administrator' account and the 'Domain Admins' group

2. Add a domain group into the Local Administrators group.

I would think you could just add another line into this script... but who knows:

=========================================================================
Option Explicit

Dim network, group, user
Set network = CreateObject("WScript.Network")
Set group = GetObject("WinNT://" & network.ComputerName & "/Administrators,group")
For Each user In group.members
If UCase(user.name) <> "ADMINISTRATOR" And UCase(user.name) <> "DOMAIN ADMINS" Then
group.remove user.adspath
End If
Next

(in reply to paf1967)

Post #: 12

Re: delete/remove users from local administrators grou - 4/11/2005 8:15:20 AM

token

Posts: 1917
Score: 0
Joined: 1/14/2005
From:
Status: offline

Could you post the exact LINE that you added ?

(in reply to paf1967)

Post #: 13

Re: delete/remove users from local administrators grou - 4/11/2005 9:52:30 AM

colbytrio

Posts: 27
Score: 1
Joined: 4/8/2005
From:
Status: offline

quote:
Originally posted by token

Could you post the exact LINE that you added ?

I have tried it this way:

=========================================================================
Option Explicit

Dim network, group, user
Set network = CreateObject("WScript.Network")
Set group = GetObject("WinNT://" & network.ComputerName & "/Administrators,group")
For Each user In group.members
group.add "domain\userID"
If UCase(user.name) <> "ADMINISTRATOR" And UCase(user.name) <> "DOMAIN ADMINS" Then
group.remove user.adspath
End If

and

=========================================================================
Option Explicit

Dim network, group, user
Set network = CreateObject("WScript.Network")
Set group = GetObject("WinNT://" & network.ComputerName & "/Administrators,group")
For Each user In group.members
If UCase(user.name) <> "ADMINISTRATOR" And UCase(user.name) <> "DOMAIN ADMINS" Then
group.remove user.adspath
group.add("WinNT://DOMAIN/Group_Name,group")
End If
Next
Next

So do you know how I can accomplish what I am looking for in a single script? THanks again!

(in reply to paf1967)

Post #: 14

Re: delete/remove users from local administrators grou - 4/11/2005 10:02:03 AM

token

Posts: 1917
Score: 0
Joined: 1/14/2005
From:
Status: offline

You would add:

group.add("WinNT://DOMAIN/Group_Name,group")

below the line:

LOOP

(in reply to paf1967)

Post #: 15

Re: delete/remove users from local administrators grou - 4/11/2005 10:45:57 AM

colbytrio

Posts: 27
Score: 1
Joined: 4/8/2005
From:
Status: offline

quote:
Originally posted by token

You would add:

group.add("WinNT://DOMAIN/Group_Name,group")

below the line:

LOOP

I think we're looking at two different scripts. THe script that I have been using is this one and there is no LOOP line:

=========================================================================
Option Explicit

Dim network, group, user
Set network = CreateObject("WScript.Network")
Set group = GetObject("WinNT://" & network.ComputerName & "/Administrators,group")
For Each user In group.members
If UCase(user.name) <> "ADMINISTRATOR" And UCase(user.name) <> "DOMAIN ADMINS" Then
group.remove user.adspath
End If

(in reply to paf1967)

Post #: 16

Re: delete/remove users from local administrators grou - 4/11/2005 2:53:43 PM

token

Posts: 1917
Score: 0
Joined: 1/14/2005
From:
Status: offline

oh boy, my apologies.

==========================================================

Option Explicit

Dim network, group, user
Set network = CreateObject("WScript.Network")
Set group = GetObject("WinNT://" & network.ComputerName & "/Administrators,group")
For Each user In group.members
If UCase(user.name) <> "ADMINISTRATOR" And UCase(user.name) <> "DOMAIN ADMINS" Then
group.remove user.adspath
End If
Next
group.add("WinNT://DOMAIN/Group_Name,group")

(in reply to paf1967)

Post #: 17

Re: delete/remove users from local administrators grou - 4/12/2005 3:22:01 AM

colbytrio

Posts: 27
Score: 1
Joined: 4/8/2005
From:
Status: offline

quote:
Originally posted by token

oh boy, my apologies.

==========================================================

Option Explicit

Dim network, group, user
Set network = CreateObject("WScript.Network")
Set group = GetObject("WinNT://" & network.ComputerName & "/Administrators,group")
For Each user In group.members
If UCase(user.name) <> "ADMINISTRATOR" And UCase(user.name) <> "DOMAIN ADMINS" Then
group.remove user.adspath
End If
Next
group.add("WinNT://DOMAIN/Group_Name,group")

Works very well!!! Thanks a million for your help!

(in reply to paf1967)

Post #: 18

Re: delete/remove users from local administrators grou - 4/12/2005 6:59:25 AM

token

Posts: 1917
Score: 0
Joined: 1/14/2005
From:
Status: offline

Glad I could (finally) help =)

(in reply to paf1967)

Post #: 19

Re: delete/remove users from local administrators grou - 4/18/2005 2:55:09 AM

colbytrio

Posts: 27
Score: 1
Joined: 4/8/2005
From:
Status: offline

Ok, now that everything is working fine I need to make a slight change to the scrpt. I would like to add a second group to the local Administrator's group. The second group name is "PC Admins".

Here is the script we are using:

Option Explicit

Dim network, group, user
Set network = CreateObject("WScript.Network")
Set group = GetObject("WinNT://" & network.ComputerName & "/Administrators,group")
For Each user In group.members
If UCase(user.name) <> "ADMINISTRATOR" And UCase(user.name) <> "DOMAIN ADMINS" Then
group.remove user.adspath
End If
Next
group.add("WinNT://SUSD/Information Services Network Support Technicians,group")

(in reply to paf1967)