/build/static/layout/Breadcrumb_cap_w.png

del/add local Admins - with SMA K1000 via Powershell only

The main reason for using Powershell only is the compatibilty. And VBScript will be discontinued in near future.

We got around 100-200Clients in a Company. We have DELL- / HP- / Lenovo-  / Citrix- / Surface-Clients etc. with different local Admins.

We want: #1. delete unwanted admins except the default Administrator (in different languages)

#2. add 1 local Admin  (User + move to local admin group (different languages)) 

Every Client got an Agent (hopefully) - We want to execute this Script silenty (nobody notice anything), and the password from this admin must be hidden and/or encrypted.


greetings, sry for my english


0 Comments   [ + ] Show comments

Answers (1)

Posted by: JordanNolan 4 years ago
10th Degree Black Belt
0

Assuming you want to just keep the local Administrator and the Domain Administrators groups in there, you pipe the results of the Get-LocalGroupMember command through the Remove-LocalGroupMember


$wmiDomain = Get-WmiObject Win32_NTDomain -Filter "DnsForestName = '$( (Get-WmiObject Win32_ComputerSystem).Domain)'"
$domain = $wmiDomain.DomainName
$ComputerName = $env:computername
Get-LocalGroupMember -Group "Administrators"|Where-Object {$_.Name -ne "$domain\Domain Admins" -And $_.Name -ne "$ComputerName\Administrator"}|Remove-LocalGroupMember -Group "Administrators"


It also sounds like you want to use the same password for the local Administrator account:

Set-LocalUser -Name Administrator -Password (ConvertTo-SecureString -AsPlainText "Y0urP@ssWord" -Force)

I would recommend not using the same password for all local Administrator accounts, because once it gets out, it spreads like wildfire and it does get out when there are other people involved.  Try looking into deploying LAPS.  It is pretty easy to setup and works great.  Very easy to setup.

https://www.youtube.com/watch?v=WD2cBKRvERc

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ