Remove all users from local admin group except specified users
I am looking at running a script on all computers to remove all local administrators except
the ones we specify it will only be a few. We are trying to make sure no users have local admin access.
We have to send this out to probably 1500 computers but the same accounts can stay in all of them, but only those accounts
example
administrator
admin1
admin2
admin3
This script removed all but the administrator I need to add more exclusions
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
On Error Resume Next strComputer = "." Set GroupAdm = GetObject ("WinNT: //" & StrComputer & "/ administrators, group") Set GroupAdm = GetObject ("WinNT: //" & StrComputer & "/ administrators, group") Set a = GroupAdm.members () For Each b In a c = b.Name c = CStr (c) Select case c Case "such administrators" Case "Administrators" Case "Domain Admins" Case "Administrator" Case "Admin" Case "my_user" Case else Set GroupPUsers = GetObject ("WinNT: //" & StrComputer & "/ users, group") Set GroupPUsers = GetObject ("WinNT: //" & StrComputer & "/ users, group") GroupPUsers.Add ("WinNT: //" & "domain" & "/" & c) Wscript.sleep 100 GroupAdm.Remove ("WinNT: //" & "domain" & "/" & c) End select |
This startup script leaves in administrators – the listed accounts, the rest are moved to the Users group. Instead of “domain” you need to substitute netbios name of your domain.