Jump to content
Sign in to follow this  
Ghost21

Removing Remote User from LOCALADMIN GROUP

Recommended Posts

Ghost21

So far I have been able to remove remote accounts from pcs that have domain users but unable to remove LOCAL Admin USers here is the code for the domain portion .. Maybe I'm just blind and missing something...

$objGroup = ObjGet("WinNT://" & $PC & "/" & "Administrators" & ",group")

$objUser = ObjGet("WinNT://" & $domain & "/" & $USER & ",user")

If ($objGroup.IsMember ($objUser.AdsPath) = True) Then

MsgBox(0, "Administrators", "Removed " & $USER & ": " & $objGroup.ADsPath, 3)

$objGroup.Remove ($objUser.AdsPath)

If @error <> 0 Then Exit

Else

EndIf

Help..

Share this post


Link to post
Share on other sites
Micha1405

Try this, use PSEXEC for REMOTE Executing

_NetAPI_NetLocalGroupDelMembers("USERAccountName","Administrators","")


; ===================================================================================================
; Name...........: _NetAPI_NetLocalGroupDelMembers
; Description ...: Delete membership of one existing user or global group account to an existing local group
; Syntax.........: _NetAPI_NetLocalGroupDelMembers($sAccount, $sGroup, $sServer)
; Parameters ....: $sAccount - Account name of the Local Group member prefixed by the domain name and the "\" separator
;               : $sGroup   - Name of the Local Group to which the specified users or global groups will be deleted
;               : $sServer  - DNS or NetBIOS name of the remote Server or Null for Local use
; Return values .: Success   - True
;                 Failure   - False and @Extended set error code
; Author ........: micha1405
; Example .......: _NetAPI_NetLocalGroupDelMembers("Domain\User", "Administrators")
; ===================================================================================================
Func _NetAPI_NetLocalGroupDelMembers($sAccount, $sGroup, $sServer = '')
    Local $twUser = DllStructCreate("wchar["& StringLen($sAccount)+1 &"]")
    Local $tpUser = DllStructCreate("ptr")
    DllStructSetData($twUser, 1, $sAccount)
    DllStructSetData($tpUser, 1, DllStructGetPtr($twUser))

    Local $aRet = DllCall("netapi32.dll", "int", "NetLocalGroupDelMembers", _
        "wstr", $sServer, "wstr", $sGroup, "int", 3, "ptr", DllStructGetPtr($tpUser), "int", 1 )
    If $aRet[0] Then Return SetError(1, $aRet[0], False)
    Return True
EndFunc; ==> _NetAPI_NetLocalGroupDelMembers
Edited by Micha1405

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.