Error in removing users from local admin group

From: Gaurav (gaurav081_at_yahoo.co.in)
Date: 03/25/04 

Date: 25 Mar 2004 04:56:31 -0800

Hi All
Pls help.
I went through the number of scripts you posted for removing the user
from local administrator group.
I have tried all of them but all scripts give me an error
(-2147023519)
when it runs the following lines ..

oGroupAdm.Remove oUser.ADsPath
oGroupAdm.Remove oUser2.ADsPath

its not even deleting a single user from that group(both local and
domain)

' computer name or ip address
Set WshNetwork = WScript.CreateObject("WScript.Network")
sNode = WshNetwork.ComputerName
wscript.echo sNode
' suppress errors
On Error Resume Next

' group name to remove user from
Set oGroupAdm = GetObject("WinNT://" & sNode & "/Administrators")

' loop through all member of the Administrators group
For Each oAdmGrpUser In oGroupAdm.Members

  ' get the name and make it lowercase
  sAdmGrpUser = LCase(oAdmGrpUser.Name)
   wscript.echo sAdmGrpUser
  ' no point in handling Administrator and Domain Admins
  ' use lowercase letters in the names in the If test!
  If (sAdmGrpUser <> "administrator") And _
     (sAdmGrpUser <> "domain admins") Then

       ' try to connect to user object to see if account is a local
user
   Set oUser = GetObject("WinNT://" & sNode & "/" _
                        & oAdmGrpUser.Name & ",user")

    If Err.Number = 0 Then
      ' user is local!

      ' remove user from Administrators group
      oGroupAdm.Remove oUser.ADsPath
    'End If
    Err.Clear
    else
  ' User is domain - i'm not sure wheather the following part is
correct ??
    userdomain = WshNetwork.UserDomain
    wscript.echo userdomain
     Set oUser2 = GetObject("WinNT://" & userdomain & "/" _
                        & oAdmGrpUser.Name & ",user")
     oGroupAdm.Remove oUser2.ADsPath
  End if
  End if
Next

Relevant Pages

  • Limit domain login to Administrator Group
    ... winxp computers as part of the domain. ... each user is a part of their local administrator group on ... localuser2 can not login ...
    (microsoft.public.win2000.group_policy)
  • Re: administrator rights for computer
    ... You can not add a user to the domain admin group from their computer. ... the user logging on with their domain account and being administrator of the ... >> Add their domain account to the local administrator group of their ...
    (microsoft.public.win2000.security)
  • Listing Users that are Part of the Local Administrator Group
    ... I'm trying to find/write a script that can return the members of the Local ... Administrator group on Win 2K/XP machines. ... lists the computers in my domain with the Domain users that belong to those ... can't figure out how to pull the users from the local administrator group. ...
    (microsoft.public.scripting.vbscript)
  • Re: Listing Users that are Part of the Local Administrator Group
    ... I have an active directory 2003 domain environment and basically want to be able to generate a text file that lists the computers in my domain with the Domain users that belong to those computers' local Administrator group. ... Very new to Windows scripting, and I can't figure out how to pull the users from the local administrator group. ... fOutFile.WriteLine vbCrlF & "Other accounts:" fOutFile.WriteLine sOthers fOutFile.Close ...
    (microsoft.public.scripting.vbscript)
  • Re: script to add a user to the local administrators group
    ... > add a single user to the local administrator group? ... the user belongs to in the variable "sNetBIOSDomain". ... -- torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: ...
    (microsoft.public.scripting.vbscript)