antmar904

Delete users from the local admin group

43 posts in this topic

#1 ·  Posted

Hi

Is there an easy way to delete all users that are members of the local admin group on a Windows 7 computer except for User-A, User-b or User-c?

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

I started a script that will write all users and group that are members of the local admin group to a file "RemAdmin.txt".

I want to clean the output file of all junk (circled in red in my screenshot).

After I clean the output file up, I would like to delete all users and groups that are members of the local admin group BUT leave a list of users a groups that I specify.

Exp: Delete all users/groups except:

User-A

User-b

NA-GroupB

PXAdmin

Domain\NAIG Distributions, etc...

Any help is much appreciated.

#RequireAdmin
#include <Array.au3>
RunWait(@ComSpec & " /c net localgroup administrators>C:\Windows\Updates\RemAdmin.txt")
$aFile = FileReadToArray("C:\Windows\Updates\RemAdmin.txt")
_ArrayDisplay($aFile, "", "", "", "", "", "", "", "")

 

RemAdmin.JPG

Edited by antmar904

Share this post


Link to post
Share on other sites

#3 ·  Posted

I usually use something like this. You can then cycle through the array and delete:

#include <Array.au3>

Local $oGroup, $aUsers[1] = [""]
    $oGroup = ObjGet("WinNT://" & @ComputerName & "/Administrators,group")
        If IsObj($oGroup) Then
            For $member In $oGroup.Members
                _ArrayAdd($aUsers, StringRight($member.adsPath, (StringLen($member.adsPath) - 8)))
            Next
        EndIf

$aUsers[0] = UBound($aUsers) - 1
_ArrayDisplay($aUsers)

 


√-1 2^3 ∑ π, and it was delicious!

Share this post


Link to post
Share on other sites

#4 ·  Posted

@JLogan3o13

Thank you for your help.

How would I go about cycling through all the members and deleting the ones that I want deleted or keep the ones the I want?

Share this post


Link to post
Share on other sites

#5 ·  Posted

Do a normal for loop:

For $a = 1 To $aUsers[0]
    ...
Next

It has been a long time, but IIRC the syntax is either .Remove or .Delete, so try something like:

For $a = 1 To $aUsers[0]
    If StringInStr($aUsers[$a], "<name you're searching for>") Then
       $aUsers[$a].Remove
    EndIf
Next

 


√-1 2^3 ∑ π, and it was delicious!

Share this post


Link to post
Share on other sites

#6 ·  Posted

Brute Force w/ CMD

#RequireAdmin
#include <Array.au3>
$sKeepNames = "(AdminJohn|AdminPete|Administrator)"

Local $oGroup, $aUsers[1] = [""]
    $oGroup = ObjGet("WinNT://" & @ComputerName & "/Administrators,group")
        If IsObj($oGroup) Then
            For $member In $oGroup.Members
                _ArrayAdd($aUsers, StringRight($member.adsPath, (StringLen($member.adsPath) - 8)))
            Next
        EndIf

$aUsers[0] = UBound($aUsers) - 1
_ArrayDisplay($aUsers)

For $i = 1 To $aUsers[0]
    If Not StringRegExp($aUsers[$i], $sKeepNames) Then
        $sUser = StringTrimLeft($aUsers[$i], StringInStr($aUsers[$i], "/", 0, -1))
        RunWait(@ComSpec & ' /c' & ' "' & 'net localgroup Administrators ' & $sUser & ' /delete' & '"', "", @SW_HIDE)
    EndIf
Next

 

Share this post


Link to post
Share on other sites

#7 ·  Posted

Here is a cleaned up version of my post above. Easy enough to cycle through a list of users you would like to remove (this is where the "teach a man to fish" part comes in :) ). And no need to mix objects and command line.

#RequireAdmin

;Assume we want to delete Bob...
Local $oGroup = ObjGet("WinNT://./Administrators")
    For $sUser In $oGroup.Members
        If StringInStr($sUser.ADsPath, "/Bob") Then $oGroup.Remove($sUser.AdsPath)
    Next

 

1 person likes this

√-1 2^3 ∑ π, and it was delicious!

Share this post


Link to post
Share on other sites

#9 ·  Posted

That is one that needs some updating, it is a straight port of a very old vbscript written back in the 2003 days.


√-1 2^3 ∑ π, and it was delicious!

Share this post


Link to post
Share on other sites

#10 ·  Posted

@ViciousXUSMC

Some of my domain groups have spaces or "_" in the names.

This seems that it's not working:

#RequireAdmin
#include <Array.au3>
$sKeepNames = "(pxadmin|domain admins|desktop admin|ihisdskadm|matlab_desktopadmin|admindesktokingman|pdidesktop admin|pds_plantdesign_desktop_admin)"

RunWait(@ComSpec & " /c net localgroup administrators>C:\Windows\Updates\LocaAdminGroupMembers.txt", "", @SW_HIDE)

Local $oGroup, $aUsers[1] = [""]
$oGroup = ObjGet("WinNT://" & @ComputerName & "/Administrators,group")
If IsObj($oGroup) Then
    For $member In $oGroup.Members
        _ArrayAdd($aUsers, StringRight($member.adsPath, (StringLen($member.adsPath) - 8)))
    Next
EndIf

$aUsers[0] = UBound($aUsers) - 1
_ArrayDisplay($aUsers)

For $i = 1 To $aUsers[0]
    If Not StringRegExp($aUsers[$i], $sKeepNames) Then
        $sUser = StringTrimLeft($aUsers[$i], StringInStr($aUsers[$i], "/", 0, -1))
        RunWait(@ComSpec & ' /c' & ' "' & 'net localgroup Administrators ' & $sUser & ' /delete' & '"', "", @SW_HIDE)
    EndIf
Next

 

Share this post


Link to post
Share on other sites

#11 ·  Posted

19 hours ago, JLogan3o13 said:

Here is a cleaned up version of my post above. Easy enough to cycle through a list of users you would like to remove (this is where the "teach a man to fish" part comes in :) ). And no need to mix objects and command line.

#RequireAdmin

;Assume we want to delete Bob...
Local $oGroup = ObjGet("WinNT://./Administrators")
    For $sUser In $oGroup.Members
        If StringInStr($sUser.ADsPath, "/Bob") Then $oGroup.Remove($sUser.AdsPath)
    Next

 

Hi @JLogan3o13 

Thank you for your help.  I am looking at your recommendation now.

Share this post


Link to post
Share on other sites

#12 ·  Posted

38 minutes ago, antmar904 said:

@ViciousXUSMC

Some of my domain groups have spaces or "_" in the names.

This seems that it's not working:

#RequireAdmin
#include <Array.au3>
$sKeepNames = "(pxadmin|domain admins|desktop admin|ihisdskadm|matlab_desktopadmin|admindesktokingman|pdidesktop admin|pds_plantdesign_desktop_admin)"

RunWait(@ComSpec & " /c net localgroup administrators>C:\Windows\Updates\LocaAdminGroupMembers.txt", "", @SW_HIDE)

Local $oGroup, $aUsers[1] = [""]
$oGroup = ObjGet("WinNT://" & @ComputerName & "/Administrators,group")
If IsObj($oGroup) Then
    For $member In $oGroup.Members
        _ArrayAdd($aUsers, StringRight($member.adsPath, (StringLen($member.adsPath) - 8)))
    Next
EndIf

$aUsers[0] = UBound($aUsers) - 1
_ArrayDisplay($aUsers)

For $i = 1 To $aUsers[0]
    If Not StringRegExp($aUsers[$i], $sKeepNames) Then
        $sUser = StringTrimLeft($aUsers[$i], StringInStr($aUsers[$i], "/", 0, -1))
        RunWait(@ComSpec & ' /c' & ' "' & 'net localgroup Administrators ' & $sUser & ' /delete' & '"', "", @SW_HIDE)
    EndIf
Next

 

That is the names to keep,  spaces should not break anything.

It uses RegEx and as you can see spaces are supported.

https://regex101.com/r/ty4oVN/1

 

 

Share this post


Link to post
Share on other sites

#13 ·  Posted (edited)

6 minutes ago, ViciousXUSMC said:

That is the names to keep,  spaces should not break anything.

It uses RegEx and as you can see spaces are supported.

https://regex101.com/r/ty4oVN/1

 

 

Thank you however it does not look like it's showing all the groups that I want to keep.

Exp: matlab_desktopadmin, pdidesktop admin, pds_plantdesign_desktop_admin

Also, are the names of the groups that I want to keep case sensitive?

Rem Admin.JPG

Edited by antmar904

Share this post


Link to post
Share on other sites

#14 ·  Posted

Yes, it would be unless you add the case insensitive modifier.

Share this post


Link to post
Share on other sites

#15 ·  Posted (edited)

I added the case-insensitive modifier and it still does not work.

For testing, I am only excluding 1 user and 2 groups.

As you can see in my screenshot two groups that are not wanted are still members "naig distributions" and "pdidesktop admin".

#RequireAdmin
#include <Array.au3>
#include <StringConstants.au3>

$sKeepNames = "(pxadmin|domain admins|desktop admin)"

RunWait(@ComSpec & " /c net localgroup administrators>C:\Windows\Updates\LocaAdminGroupMembers.txt", "", @SW_HIDE)

Local $oGroup, $aUsers[1] = [""]
$oGroup = ObjGet("WinNT://" & @ComputerName & "/Administrators,group")
If IsObj($oGroup) Then
    For $member In $oGroup.Members
        _ArrayAdd($aUsers, StringRight($member.adsPath, (StringLen($member.adsPath) - 8)))
    Next
EndIf

$aUsers[0] = UBound($aUsers) - 1
_ArrayDisplay($aUsers)

For $i = 1 To $aUsers[0]
    If Not StringRegExp($aUsers[$i], "(?i)" & $sKeepNames) Then ;<-- Added case-insensitive "(?i)"
        $sUser = StringTrimLeft($aUsers[$i], StringInStr($aUsers[$i], "/", 0, -1))
        RunWait(@ComSpec & ' /c' & ' "' & 'net localgroup Administrators ' & $sUser & ' /delete' & '"', "", @SW_HIDE)
    EndIf
Next

 

admin.JPG

Edited by antmar904

Share this post


Link to post
Share on other sites

#16 ·  Posted

Hi All,

I'm still unable to get this working.

Share this post


Link to post
Share on other sites

#17 ·  Posted

Shouldn't this line be this to allow for spaces in names? :

RunWait(@ComSpec & ' /c net localgroup Administrators "' & $sUser & '" /delete', "", @SW_HIDE)

Jos


Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

#18 ·  Posted

Hi @Jos

That worked but it's still leaving one group that we don't want "PDIDesktop Admin".

#RequireAdmin
#include <Array.au3>
#include <StringConstants.au3>

$sKeepNames = "(pxadmin|domain admins|desktop admin)"

RunWait(@ComSpec & " /c net localgroup administrators>C:\Windows\Updates\LocaAdminGroupMembers.txt", "", @SW_HIDE)

Local $oGroup, $aUsers[1] = [""]
$oGroup = ObjGet("WinNT://" & @ComputerName & "/Administrators,group")
If IsObj($oGroup) Then
    For $member In $oGroup.Members
        _ArrayAdd($aUsers, StringRight($member.adsPath, (StringLen($member.adsPath) - 8)))
    Next
EndIf

$aUsers[0] = UBound($aUsers) - 1
;_ArrayDisplay($aUsers)

For $i = 1 To $aUsers[0]
    If Not StringRegExp($aUsers[$i], "(?i)" & $sKeepNames) Then ;<-- Added case-insensitive "(?i)"
        $sUser = StringTrimLeft($aUsers[$i], StringInStr($aUsers[$i], "/", 0, -1))
        ;RunWait(@ComSpec & ' /c' & ' "' & 'net localgroup Administrators ' & $sUser & ' /delete' & '"', "", @SW_HIDE)
        RunWait(@ComSpec & ' /c net localgroup Administrators "' & $sUser & '" /delete', "", @SW_HIDE)
    EndIf
Next

 

Capture.JPG

Share this post


Link to post
Share on other sites

#19 ·  Posted

So, for debugging: what does this show in the SciTE outputpane when ran from SciTE?:

#RequireAdmin
#include <Array.au3>
#include <StringConstants.au3>

$sKeepNames = "(pxadmin|domain admins|desktop admin)"

RunWait(@ComSpec & " /c net localgroup administrators>C:\Windows\Updates\LocaAdminGroupMembers.txt", "", @SW_HIDE)

Local $oGroup, $aUsers[1] = [""]
$oGroup = ObjGet("WinNT://" & @ComputerName & "/Administrators,group")
If IsObj($oGroup) Then
    For $member In $oGroup.Members
        _ArrayAdd($aUsers, StringRight($member.adsPath, (StringLen($member.adsPath) - 8)))
    Next
EndIf

$aUsers[0] = UBound($aUsers) - 1
;_ArrayDisplay($aUsers)

For $i = 1 To $aUsers[0]
    If Not StringRegExp($aUsers[$i], "(?i)" & $sKeepNames) Then ;<-- Added case-insensitive "(?i)"
        $sUser = StringTrimLeft($aUsers[$i], StringInStr($aUsers[$i], "/", 0, -1))
        RunWait(@ComSpec & ' /k net localgroup Administrators "' & $sUser & '" /delete')
        ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : cmd = ' & @ComSpec & ' /k net localgroup Administrators "' & $sUser & '" /delete' & @CRLF & '>Error code: ' & @error & @CRLF) ;### Debug Console
    EndIf
Next

It should show all performed commands and leave the cmd prompt open for you to close each time so you can see any errors that might be in the CMD console.

Jos


Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

#20 ·  Posted

I get no errors written to the console or cmd prompt windows.

Here is the output from SciTE:

>"C:\Program Files (x86)\AutoIt3\SciTE\..\AutoIt3.exe" "C:\Program Files (x86)\AutoIt3\SciTE\AutoIt3Wrapper\AutoIt3Wrapper.au3" /run /prod /ErrorStdOut /in "C:\Stuff\Scripts\AutoIT\RemoveAdmin\RemAdmin.au3" /UserParams    
+>08:31:55 Starting AutoIt3Wrapper v.17.224.935.0 SciTE v.3.7.3.0   Keyboard:00000409  OS:WIN_10/  CPU:X64 OS:X64  Environment(Language:0409)  CodePage:0  utf8.auto.check:4
+>         SciTEDir => C:\Program Files (x86)\AutoIt3\SciTE   UserDir => C:\Users\usaaxf18\AppData\Local\AutoIt v3\SciTE\AutoIt3Wrapper   SCITE_USERHOME => C:\Users\usaaxf18\AppData\Local\AutoIt v3\SciTE 
! Your script requires Admin rights while SciTE is running at normal level.
! This means no Console output from the script will be displayed and SciTE will show the script as ended right away.
>Running AU3Check (3.3.14.2)  from:C:\Program Files (x86)\AutoIt3  input:C:\Stuff\Scripts\AutoIT\RemoveAdmin\RemAdmin.au3
+>08:31:55 AU3Check ended.rc:0
>Running:(3.3.14.2):C:\Program Files (x86)\AutoIt3\autoit3.exe "C:\Stuff\Scripts\AutoIT\RemoveAdmin\RemAdmin.au3"    
--> Press Ctrl+Alt+Break to Restart or Ctrl+Break to Stop
+>08:31:57 AutoIt3.exe ended.rc:0
+>08:31:57 AutoIt3Wrapper Finished.
>Exit code: 0    Time: 2.173
 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now