Jump to content
Sign in to follow this  

Removing Remote User from LOCALADMIN GROUP

Recommended Posts


So far I have been able to remove remote accounts from pcs that have domain users but unable to remove LOCAL Admin USers here is the code for the domain portion .. Maybe I'm just blind and missing something...

$objGroup = ObjGet("WinNT://" & $PC & "/" & "Administrators" & ",group")

$objUser = ObjGet("WinNT://" & $domain & "/" & $USER & ",user")

If ($objGroup.IsMember ($objUser.AdsPath) = True) Then

MsgBox(0, "Administrators", "Removed " & $USER & ": " & $objGroup.ADsPath, 3)

$objGroup.Remove ($objUser.AdsPath)

If @error <> 0 Then Exit




Share this post

Link to post
Share on other sites

Try this, use PSEXEC for REMOTE Executing


; ===================================================================================================
; Name...........: _NetAPI_NetLocalGroupDelMembers
; Description ...: Delete membership of one existing user or global group account to an existing local group
; Syntax.........: _NetAPI_NetLocalGroupDelMembers($sAccount, $sGroup, $sServer)
; Parameters ....: $sAccount - Account name of the Local Group member prefixed by the domain name and the "\" separator
;               : $sGroup   - Name of the Local Group to which the specified users or global groups will be deleted
;               : $sServer  - DNS or NetBIOS name of the remote Server or Null for Local use
; Return values .: Success   - True
;                 Failure   - False and @Extended set error code
; Author ........: micha1405
; Example .......: _NetAPI_NetLocalGroupDelMembers("Domain\User", "Administrators")
; ===================================================================================================
Func _NetAPI_NetLocalGroupDelMembers($sAccount, $sGroup, $sServer = '')
    Local $twUser = DllStructCreate("wchar["& StringLen($sAccount)+1 &"]")
    Local $tpUser = DllStructCreate("ptr")
    DllStructSetData($twUser, 1, $sAccount)
    DllStructSetData($tpUser, 1, DllStructGetPtr($twUser))

    Local $aRet = DllCall("netapi32.dll", "int", "NetLocalGroupDelMembers", _
        "wstr", $sServer, "wstr", $sGroup, "int", 3, "ptr", DllStructGetPtr($tpUser), "int", 1 )
    If $aRet[0] Then Return SetError(1, $aRet[0], False)
    Return True
EndFunc; ==> _NetAPI_NetLocalGroupDelMembers
Edited by Micha1405

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this