Jump to content
Sign in to follow this  

Local Admin Group

Recommended Posts


Let me start off by saying that I am new to AutoIT. I have been working on a way to control the local administrators group on our desktops. Currently"Domain Users" are local admins on every computer and I would like to change this so that only the currently logged on user is a local admin. I have a vb script that works but only if the user is already a local admin. If the user is not a local admin they get access denied when trying to edit the local admin group. I thought AutoIT would allow me to us the RunAs function to add domain users or the local user to the admins group. I have been working on this for a while now and just can't get it to work in AutoIT. I also tried a vbs to AutoIT converter which didn't work for me.

This is what I am trying to accomplish:

1. Define permitted local admins (Administrator, Domain Admins, @UserName)

2. Enumerate the local admin group

3. Check to see if the local admin group matches the permitted admins group

4. If not RunAs admin to add Domain users to the local admin group (So the user can later add themselves)

5. Run as the current user to add @UserName to the admin group if it isnt there

6. Run as the current user to add Domain Admins to the admin group if it isnt there

7. Run as the current user to add the local Administrator to the local admin group if it isnt there

8. Run as the current user to remove Domain Users

This is the vb script that I have which works if you are already a local admin:

' Remove Unapproved Local Administrators.


'** Define Variables

Dim PermittedAdmins' As Array

Dim objNetwork

Dim strUserName

Dim objSrv

strDomain ="Domain"

strDomainAdmins = "Domain Admins"

'** Extract the username

Set objNetwork = WScript.CreateObject("WScript.Network")

strUserName = objNetwork.UserName

'** Define Permited Administrators List

PermittedAdmins = Array("Administrator", "Domain Admins", strUserName)

'** Get Local Administrator Group

Set AdminGroup = GetObject("WinNT://./Administrators, Group")

'** Search for Invalid Members & Remove Them

For Each GroupMember in AdminGroup.Members

Debug.WriteLine GroupMember.Name, GroupMember.Class, IsPermitedAdmin(GroupMember.Name)

If Not IsPermitedAdmin(GroupMember.Name) Then

AdminGroup.Remove GroupMember.ADsPath

End If

'** Add the current user to the local admins group


'** Checking local Administrator group

Set objSrv = GetObject("WinNT://" & strComputerName & "/Administrators,group")

if objSrv.IsMember("WinNT://" & strDomain & "/" & strUserName) then

' wscript.Echo "found " & strDomain & "\" & strUserName


' wscript.Echo "not found " & strDomain & "\" & strUserName

' wscript.Echo "Adding WinNT://" & strDomain & "/" & strUserName

objSrv.Add("WinNT://" & strDomain & "/" & strUserName)

end If

'** Add domain admins to the local admins group

if objSrv.IsMember("WinNT://" & strDomain & "/" & strDomainAdmins) then

' wscript.Echo "found " & strDomain & "\" & strDomainAdmins


' wscript.Echo "not found " & strDomain & "\" & strDomainAdmins

' wscript.Echo "Adding WinNT://" & strDomain & "/" & strDomainAdmins

objSrv.Add("WinNT://" & strDomain & "/" & strDomainAdmins)

end If


'** Functions *****************************************************************

Function IsPermitedAdmin(MemberName)' As Boolean

Dim i' As Long

For i = LBound(PermittedAdmins) To UBound(PermittedAdmins)

If UCase(MemberName) = UCase(PermittedAdmins(i)) Then

IsPermitedAdmin = True

Exit Function

End If


IsPermitedAdmin = False

End Function

If anyone can help me get this converted to AutoIT it will be appreciated.



Share this post

Link to post
Share on other sites

Thanks Volly...

I'll take a look at the examples but I have already seen most of them. Even with all of the examples I just can't get this to work.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this