Script Name: Remove an account from local admins Script Description: Removes the defined domain user from the local administrators group. Edit the script before executing to customize for your use. IF True THEN Execute Shell Command Parameter 1 : net localgroup administrators "domain\user" /delete Parameter 2 : 1 OS Type : 0 ELSE
lwolfLet me take this one a step further... We are just beginning a project to remove local admin rights from users - to address security concerns, reduce virus/malware infections, etc. I am tryign to think of a way that I might be able to automate this with Kaseya. I can use the above logic to export a list to a text/log file. But then I need to parge that file, ake a list of the local administrators, then remove each of them from the local adminsitrators group - execpt for the domain admin account, and our custom account. I haven't started this effort yet. I thought I would check to see if anyone else migth have already written the script, or a piece of it. Lloyd
Set oShell = CreateObject( "WScript.Shell" ) comp=oShell.ExpandEnvironmentStrings("%ComputerName%") Set objGroup = GetObject("WinNT://" & comp & "/Administrators") For Each objUser In objGroup.Members If objUser.Name <> "Administrator" AND objUser.Name <> "Domain Admins" AND objUser.Name <> "kserviceaccount Then objGroup.Remove(objUser.AdsPath) End If Next
boudjthat will use Todd's delete user command to remove everyone but who you want to keep as a local admin.
If objUser.Name <> "Administrator" AND objUser.Name <> "Domain Admins" AND objUser.Name <> "kserviceaccount" Then
lwolftsorensen, Looking very good. I am working on a combined script that does the following: - export BEFORE list of local administrators to text file, and upload to kserver - copy VBScript from KServer to Agent - Use VBScript to purge local administrators, leaving only local administrator, domain admins, and our custom Kaseya account - export AFTER list of local administrators to text file, and upload to kserver - write message to local Windows event log, and K script log. I will definately post when I am done. But, I have a VB Script question that I need help with. The code provided uses In some cases, we were inconsistent with our Kaseya service account. In some cases it is "kserviceaccount", other cases it is "Kserviceaccount", other cases it is "KServiceAccount", etc. Always the same letters of the alphabet, just different lowercase and uppercase combinations. Could you provdie the VB Script IF statement to make the comparison be case insensitive? Thanks so much! Lloyd
If objUser.Name <> "Administrator" AND objUser.Name <> "Domain Admins" AND LCase(objUser.Name) <> "kserviceaccount" Then