Re: Remove Users From Local Admin Group
- From: impu <impu.282wtr@xxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 19 May 2006 11:05:46 -0500
Torgeir Bakken \(MVP\) wrote:
*Forest wrote:
Does anyone out there have a script that I can use in the loginscript to
remove domain users from the local admin group? I want to lock downthe
local Admin group from the login script. Right now the domain userhas admin
access.Hi
Below is a script that will remove all *user* accounts from the
Administrators group. Both local and domain users will be removed
(but not the builtin Administrator account). Any group accounts
will not be removed.
'--------------------8<----------------------
Set oWshNet = CreateObject("WScript.Network")
sComputer = oWshNet.ComputerName
' group to remove user from
Set oGroup = GetObject("WinNT://" & sComputer & "/Administrators")
' suppress errors, e.g. trying to remove the builtin Administrator
' account from the Administrators group will fail.
On Error Resume Next
' loop through all members of the Administrators group of type users
For Each oMember In oGroup.Members
If oMember.Class = "User" Then
' remove the user from Administrators group
oGroup.Remove oMember.ADsPath
End If
Next
'--------------------8<----------------------
--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
[url]http://www.microsoft.com/technet/scriptcenter/default.mspx[/url]
*
--
impu
------------------------------------------------------------------------
Posted via http://www.codecomments.com
------------------------------------------------------------------------
.
- Follow-Ups:
- Re: Remove Users From Local Admin Group
- From: impu
- Re: Remove Users From Local Admin Group
- Prev by Date: Re: Ending process with VBScript
- Next by Date: Re: Remove Users From Local Admin Group
- Previous by thread: Quoting in a string
- Next by thread: Re: Remove Users From Local Admin Group
- Index(es):
Relevant Pages
|
