|
server
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Remove all members in local Power User GroupI need to remove all membership in the local power users group on the local
machines. I would like to use a logon scipt to do this. I see examples of adding or removing specific users but nothing to set group membership to 0. Ken wrote:
>I need to remove all membership in the local power users group on the local First, this won't work in a logon script, unless the user is a member of the > machines. I would like to use a logon scipt to do this. I see examples > of > adding or removing specific users but nothing to set group membership to > 0. local Administrators group. It could be done in a Startup script, which runs with System privileges on the local machine. Even better, a member of Domain Admins should be able to do this remotely if the computer is authenticated to the domain. By default, the group Domain Admins is added to the local Administrators group when the computer is joined to the domain. In either case (a startup script or a script run remotely), I don't know of any method to remove all members of a group at once. You must enumerate each member and remove individually. You must use the WinNT provider to deal with local objects. A VBScript example: ========= ' Specify the NetBIOS name of the computer. ' You can use "." for current local computer. strComputer = "TestComputer" ' Bind to local Power Users group on the computer. Set objLocalGroup = GetObject("WinNT://" & strComputer & "/Power Users,group") ' Enumerate all members of the local group. For Each objMember In objLocalGroup.Members ' Remove the member from the group. objLocalGroup.Remove(objMember.AdsPath) Next ======== You can test by first having the loop enumerate the members (Wscript.Echo objMember.Name), then revise to remove. Tks for the help. We lost our scripting guy (retirement) and he took and his
nice network management tools with him. I have dabbled with Visual Basic several years ago - so the scripts are not totally foreign but as with everytihing else - it is a learning curve. I will try not to wear out my welcome and will do a lot of research before posting a question. Right now we are going through a C & A accreditation and am working on several short fuses to get the network in complaince to keep our networthyness to stay on the army network. Tks again for the help. Ken Show quoteHide quote "Richard Mueller [MVP]" wrote: > Ken wrote: > > >I need to remove all membership in the local power users group on the local > > machines. I would like to use a logon scipt to do this. I see examples > > of > > adding or removing specific users but nothing to set group membership to > > 0. > > First, this won't work in a logon script, unless the user is a member of the > local Administrators group. It could be done in a Startup script, which runs > with System privileges on the local machine. Even better, a member of Domain > Admins should be able to do this remotely if the computer is authenticated > to the domain. By default, the group Domain Admins is added to the local > Administrators group when the computer is joined to the domain. > > In either case (a startup script or a script run remotely), I don't know of > any method to remove all members of a group at once. You must enumerate each > member and remove individually. You must use the WinNT provider to deal with > local objects. A VBScript example: > ========= > ' Specify the NetBIOS name of the computer. > ' You can use "." for current local computer. > strComputer = "TestComputer" > > ' Bind to local Power Users group on the computer. > Set objLocalGroup = GetObject("WinNT://" & strComputer & "/Power > Users,group") > > ' Enumerate all members of the local group. > For Each objMember In objLocalGroup.Members > ' Remove the member from the group. > objLocalGroup.Remove(objMember.AdsPath) > Next > ======== > You can test by first having the loop enumerate the members (Wscript.Echo > objMember.Name), then revise to remove. > > -- > Richard Mueller > Microsoft MVP Scripting and ADSI > Hilltop Lab - http://www.rlmueller.net > -- > > > You could use a restricted groups policy too. Simply add Power Users as a
restricted group and don't specify any members, link the policy to the OU that has your computer accounts in it and voila, no script required. Show quoteHide quote "Ken" <K**@discussions.microsoft.com> wrote in message news:BCF9F654-C709-4FF9-8247-26963BA97DF8@microsoft.com... >I need to remove all membership in the local power users group on the local > machines. I would like to use a logon scipt to do this. I see examples > of > adding or removing specific users but nothing to set group membership to > 0. 
Other interesting topics
How to ping multiple hosts via a script
script to copy user profile!! Outllok 2003 Signature script Delete Parent registry key based on subkey data fire script in remote servers Script for mapped network drives create AD-PC-Account with given GUID per script Move files logevent command bombs scheduled task WScript error |
|||||||||||||||||||||||
