del/add local Admins - with SMA K1000 via Powershell only
The main reason for using Powershell only is the compatibilty. And VBScript will be discontinued in near future.
We got around 100-200Clients in a Company. We have DELL- / HP- / Lenovo- / Citrix- / Surface-Clients etc. with different local Admins.
We want: #1. delete unwanted admins except the default Administrator (in different languages)
#2. add 1 local Admin (User + move to local admin group (different languages))
Every Client got an Agent (hopefully) - We want to execute this Script silenty (nobody notice anything), and the password from this admin must be hidden and/or encrypted.
greetings, sry for my english
Answers (1)
Assuming you want to just keep the local Administrator and the Domain Administrators groups in there, you pipe the results of the Get-LocalGroupMember command through the Remove-LocalGroupMember
$wmiDomain = Get-WmiObject Win32_NTDomain -Filter "DnsForestName = '$( (Get-WmiObject Win32_ComputerSystem).Domain)'"
$domain = $wmiDomain.DomainName
$ComputerName = $env:computername
Get-LocalGroupMember -Group "Administrators"|Where-Object {$_.Name -ne "$domain\Domain Admins" -And $_.Name -ne "$ComputerName\Administrator"}|Remove-LocalGroupMember -Group "Administrators"
Set-LocalUser -Name Administrator -Password (ConvertTo-SecureString -AsPlainText "Y0urP@ssWord" -Force)
I would recommend not using the same password for all local Administrator accounts, because once it gets out, it spreads like wildfire and it does get out when there are other people involved. Try looking into deploying LAPS. It is pretty easy to setup and works great. Very easy to setup.
