Jump to content

Delete users from the local admin group


Recommended Posts

I started a script that will write all users and group that are members of the local admin group to a file "RemAdmin.txt".

I want to clean the output file of all junk (circled in red in my screenshot).

After I clean the output file up, I would like to delete all users and groups that are members of the local admin group BUT leave a list of users a groups that I specify.

Exp: Delete all users/groups except:

User-A

User-b

NA-GroupB

PXAdmin

Domain\NAIG Distributions, etc...

Any help is much appreciated.

#RequireAdmin
#include <Array.au3>
RunWait(@ComSpec & " /c net localgroup administrators>C:\Windows\Updates\RemAdmin.txt")
$aFile = FileReadToArray("C:\Windows\Updates\RemAdmin.txt")
_ArrayDisplay($aFile, "", "", "", "", "", "", "", "")

 

RemAdmin.JPG

Edited by antmar904
Link to comment
Share on other sites

  • Moderators

I usually use something like this. You can then cycle through the array and delete:

#include <Array.au3>

Local $oGroup, $aUsers[1] = [""]
    $oGroup = ObjGet("WinNT://" & @ComputerName & "/Administrators,group")
        If IsObj($oGroup) Then
            For $member In $oGroup.Members
                _ArrayAdd($aUsers, StringRight($member.adsPath, (StringLen($member.adsPath) - 8)))
            Next
        EndIf

$aUsers[0] = UBound($aUsers) - 1
_ArrayDisplay($aUsers)

 

"Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball

How to get your question answered on this forum!

Link to comment
Share on other sites

  • Moderators

Do a normal for loop:

For $a = 1 To $aUsers[0]
    ...
Next

It has been a long time, but IIRC the syntax is either .Remove or .Delete, so try something like:

For $a = 1 To $aUsers[0]
    If StringInStr($aUsers[$a], "<name you're searching for>") Then
       $aUsers[$a].Remove
    EndIf
Next

 

"Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball

How to get your question answered on this forum!

Link to comment
Share on other sites

Brute Force w/ CMD

#RequireAdmin
#include <Array.au3>
$sKeepNames = "(AdminJohn|AdminPete|Administrator)"

Local $oGroup, $aUsers[1] = [""]
    $oGroup = ObjGet("WinNT://" & @ComputerName & "/Administrators,group")
        If IsObj($oGroup) Then
            For $member In $oGroup.Members
                _ArrayAdd($aUsers, StringRight($member.adsPath, (StringLen($member.adsPath) - 8)))
            Next
        EndIf

$aUsers[0] = UBound($aUsers) - 1
_ArrayDisplay($aUsers)

For $i = 1 To $aUsers[0]
    If Not StringRegExp($aUsers[$i], $sKeepNames) Then
        $sUser = StringTrimLeft($aUsers[$i], StringInStr($aUsers[$i], "/", 0, -1))
        RunWait(@ComSpec & ' /c' & ' "' & 'net localgroup Administrators ' & $sUser & ' /delete' & '"', "", @SW_HIDE)
    EndIf
Next

 

Link to comment
Share on other sites

  • Moderators

Here is a cleaned up version of my post above. Easy enough to cycle through a list of users you would like to remove (this is where the "teach a man to fish" part comes in :) ). And no need to mix objects and command line.

#RequireAdmin

;Assume we want to delete Bob...
Local $oGroup = ObjGet("WinNT://./Administrators")
    For $sUser In $oGroup.Members
        If StringInStr($sUser.ADsPath, "/Bob") Then $oGroup.Remove($sUser.AdsPath)
    Next

 

"Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball

How to get your question answered on this forum!

Link to comment
Share on other sites

  • Moderators

That is one that needs some updating, it is a straight port of a very old vbscript written back in the 2003 days.

"Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball

How to get your question answered on this forum!

Link to comment
Share on other sites

@ViciousXUSMC

Some of my domain groups have spaces or "_" in the names.

This seems that it's not working:

#RequireAdmin
#include <Array.au3>
$sKeepNames = "(pxadmin|domain admins|desktop admin|ihisdskadm|matlab_desktopadmin|admindesktokingman|pdidesktop admin|pds_plantdesign_desktop_admin)"

RunWait(@ComSpec & " /c net localgroup administrators>C:\Windows\Updates\LocaAdminGroupMembers.txt", "", @SW_HIDE)

Local $oGroup, $aUsers[1] = [""]
$oGroup = ObjGet("WinNT://" & @ComputerName & "/Administrators,group")
If IsObj($oGroup) Then
    For $member In $oGroup.Members
        _ArrayAdd($aUsers, StringRight($member.adsPath, (StringLen($member.adsPath) - 8)))
    Next
EndIf

$aUsers[0] = UBound($aUsers) - 1
_ArrayDisplay($aUsers)

For $i = 1 To $aUsers[0]
    If Not StringRegExp($aUsers[$i], $sKeepNames) Then
        $sUser = StringTrimLeft($aUsers[$i], StringInStr($aUsers[$i], "/", 0, -1))
        RunWait(@ComSpec & ' /c' & ' "' & 'net localgroup Administrators ' & $sUser & ' /delete' & '"', "", @SW_HIDE)
    EndIf
Next

 

Link to comment
Share on other sites

19 hours ago, JLogan3o13 said:

Here is a cleaned up version of my post above. Easy enough to cycle through a list of users you would like to remove (this is where the "teach a man to fish" part comes in :) ). And no need to mix objects and command line.

#RequireAdmin

;Assume we want to delete Bob...
Local $oGroup = ObjGet("WinNT://./Administrators")
    For $sUser In $oGroup.Members
        If StringInStr($sUser.ADsPath, "/Bob") Then $oGroup.Remove($sUser.AdsPath)
    Next

 

Hi @JLogan3o13 

Thank you for your help.  I am looking at your recommendation now.

Link to comment
Share on other sites

38 minutes ago, antmar904 said:

@ViciousXUSMC

Some of my domain groups have spaces or "_" in the names.

This seems that it's not working:

#RequireAdmin
#include <Array.au3>
$sKeepNames = "(pxadmin|domain admins|desktop admin|ihisdskadm|matlab_desktopadmin|admindesktokingman|pdidesktop admin|pds_plantdesign_desktop_admin)"

RunWait(@ComSpec & " /c net localgroup administrators>C:\Windows\Updates\LocaAdminGroupMembers.txt", "", @SW_HIDE)

Local $oGroup, $aUsers[1] = [""]
$oGroup = ObjGet("WinNT://" & @ComputerName & "/Administrators,group")
If IsObj($oGroup) Then
    For $member In $oGroup.Members
        _ArrayAdd($aUsers, StringRight($member.adsPath, (StringLen($member.adsPath) - 8)))
    Next
EndIf

$aUsers[0] = UBound($aUsers) - 1
_ArrayDisplay($aUsers)

For $i = 1 To $aUsers[0]
    If Not StringRegExp($aUsers[$i], $sKeepNames) Then
        $sUser = StringTrimLeft($aUsers[$i], StringInStr($aUsers[$i], "/", 0, -1))
        RunWait(@ComSpec & ' /c' & ' "' & 'net localgroup Administrators ' & $sUser & ' /delete' & '"', "", @SW_HIDE)
    EndIf
Next

 

That is the names to keep,  spaces should not break anything.

It uses RegEx and as you can see spaces are supported.

https://regex101.com/r/ty4oVN/1

 

 

Link to comment
Share on other sites

6 minutes ago, ViciousXUSMC said:

That is the names to keep,  spaces should not break anything.

It uses RegEx and as you can see spaces are supported.

https://regex101.com/r/ty4oVN/1

 

 

Thank you however it does not look like it's showing all the groups that I want to keep.

Exp: matlab_desktopadmin, pdidesktop admin, pds_plantdesign_desktop_admin

Also, are the names of the groups that I want to keep case sensitive?

Rem Admin.JPG

Edited by antmar904
Link to comment
Share on other sites

I added the case-insensitive modifier and it still does not work.

For testing, I am only excluding 1 user and 2 groups.

As you can see in my screenshot two groups that are not wanted are still members "naig distributions" and "pdidesktop admin".

#RequireAdmin
#include <Array.au3>
#include <StringConstants.au3>

$sKeepNames = "(pxadmin|domain admins|desktop admin)"

RunWait(@ComSpec & " /c net localgroup administrators>C:\Windows\Updates\LocaAdminGroupMembers.txt", "", @SW_HIDE)

Local $oGroup, $aUsers[1] = [""]
$oGroup = ObjGet("WinNT://" & @ComputerName & "/Administrators,group")
If IsObj($oGroup) Then
    For $member In $oGroup.Members
        _ArrayAdd($aUsers, StringRight($member.adsPath, (StringLen($member.adsPath) - 8)))
    Next
EndIf

$aUsers[0] = UBound($aUsers) - 1
_ArrayDisplay($aUsers)

For $i = 1 To $aUsers[0]
    If Not StringRegExp($aUsers[$i], "(?i)" & $sKeepNames) Then ;<-- Added case-insensitive "(?i)"
        $sUser = StringTrimLeft($aUsers[$i], StringInStr($aUsers[$i], "/", 0, -1))
        RunWait(@ComSpec & ' /c' & ' "' & 'net localgroup Administrators ' & $sUser & ' /delete' & '"', "", @SW_HIDE)
    EndIf
Next

 

admin.JPG

Edited by antmar904
Link to comment
Share on other sites

  • Developers

Shouldn't this line be this to allow for spaces in names? :

RunWait(@ComSpec & ' /c net localgroup Administrators "' & $sUser & '" /delete', "", @SW_HIDE)

Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Link to comment
Share on other sites

Hi @Jos

That worked but it's still leaving one group that we don't want "PDIDesktop Admin".

#RequireAdmin
#include <Array.au3>
#include <StringConstants.au3>

$sKeepNames = "(pxadmin|domain admins|desktop admin)"

RunWait(@ComSpec & " /c net localgroup administrators>C:\Windows\Updates\LocaAdminGroupMembers.txt", "", @SW_HIDE)

Local $oGroup, $aUsers[1] = [""]
$oGroup = ObjGet("WinNT://" & @ComputerName & "/Administrators,group")
If IsObj($oGroup) Then
    For $member In $oGroup.Members
        _ArrayAdd($aUsers, StringRight($member.adsPath, (StringLen($member.adsPath) - 8)))
    Next
EndIf

$aUsers[0] = UBound($aUsers) - 1
;_ArrayDisplay($aUsers)

For $i = 1 To $aUsers[0]
    If Not StringRegExp($aUsers[$i], "(?i)" & $sKeepNames) Then ;<-- Added case-insensitive "(?i)"
        $sUser = StringTrimLeft($aUsers[$i], StringInStr($aUsers[$i], "/", 0, -1))
        ;RunWait(@ComSpec & ' /c' & ' "' & 'net localgroup Administrators ' & $sUser & ' /delete' & '"', "", @SW_HIDE)
        RunWait(@ComSpec & ' /c net localgroup Administrators "' & $sUser & '" /delete', "", @SW_HIDE)
    EndIf
Next

 

Capture.JPG

Link to comment
Share on other sites

  • Developers

So, for debugging: what does this show in the SciTE outputpane when ran from SciTE?:

#RequireAdmin
#include <Array.au3>
#include <StringConstants.au3>

$sKeepNames = "(pxadmin|domain admins|desktop admin)"

RunWait(@ComSpec & " /c net localgroup administrators>C:\Windows\Updates\LocaAdminGroupMembers.txt", "", @SW_HIDE)

Local $oGroup, $aUsers[1] = [""]
$oGroup = ObjGet("WinNT://" & @ComputerName & "/Administrators,group")
If IsObj($oGroup) Then
    For $member In $oGroup.Members
        _ArrayAdd($aUsers, StringRight($member.adsPath, (StringLen($member.adsPath) - 8)))
    Next
EndIf

$aUsers[0] = UBound($aUsers) - 1
;_ArrayDisplay($aUsers)

For $i = 1 To $aUsers[0]
    If Not StringRegExp($aUsers[$i], "(?i)" & $sKeepNames) Then ;<-- Added case-insensitive "(?i)"
        $sUser = StringTrimLeft($aUsers[$i], StringInStr($aUsers[$i], "/", 0, -1))
        RunWait(@ComSpec & ' /k net localgroup Administrators "' & $sUser & '" /delete')
        ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : cmd = ' & @ComSpec & ' /k net localgroup Administrators "' & $sUser & '" /delete' & @CRLF & '>Error code: ' & @error & @CRLF) ;### Debug Console
    EndIf
Next

It should show all performed commands and leave the cmd prompt open for you to close each time so you can see any errors that might be in the CMD console.

Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Link to comment
Share on other sites

I get no errors written to the console or cmd prompt windows.

Here is the output from SciTE:

>"C:\Program Files (x86)\AutoIt3\SciTE\..\AutoIt3.exe" "C:\Program Files (x86)\AutoIt3\SciTE\AutoIt3Wrapper\AutoIt3Wrapper.au3" /run /prod /ErrorStdOut /in "C:\Stuff\Scripts\AutoIT\RemoveAdmin\RemAdmin.au3" /UserParams    
+>08:31:55 Starting AutoIt3Wrapper v.17.224.935.0 SciTE v.3.7.3.0   Keyboard:00000409  OS:WIN_10/  CPU:X64 OS:X64  Environment(Language:0409)  CodePage:0  utf8.auto.check:4
+>         SciTEDir => C:\Program Files (x86)\AutoIt3\SciTE   UserDir => C:\Users\usaaxf18\AppData\Local\AutoIt v3\SciTE\AutoIt3Wrapper   SCITE_USERHOME => C:\Users\usaaxf18\AppData\Local\AutoIt v3\SciTE 
! Your script requires Admin rights while SciTE is running at normal level.
! This means no Console output from the script will be displayed and SciTE will show the script as ended right away.
>Running AU3Check (3.3.14.2)  from:C:\Program Files (x86)\AutoIt3  input:C:\Stuff\Scripts\AutoIT\RemoveAdmin\RemAdmin.au3
+>08:31:55 AU3Check ended.rc:0
>Running:(3.3.14.2):C:\Program Files (x86)\AutoIt3\autoit3.exe "C:\Stuff\Scripts\AutoIT\RemoveAdmin\RemAdmin.au3"    
--> Press Ctrl+Alt+Break to Restart or Ctrl+Break to Stop
+>08:31:57 AutoIt3.exe ended.rc:0
+>08:31:57 AutoIt3Wrapper Finished.
>Exit code: 0    Time: 2.173
 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...