Delete/remove local user from local admin gro
Solved/Closed
Related:
- Remove user from local admin group cmd
- Gpo delete local user account - Best answers
- Remove user from administrators group command line - Best answers
- Remove user password windows 8 - Guide
- How to remove autorun virus from usb using cmd - Guide
- Remove user password ubuntu - Guide
- How to remove user account in windows 8 - Guide
- Local admin account locked out ✓ - Forum - Windows XP
8 replies
NET LOCALGROUP administrators UserName /delete
change UserName with required name & use this command in batch file.
change UserName with required name & use this command in batch file.
You can write a VBscript that will remove a user from the local administrator group on all the pc in your domain. Then you set the script up to be a startup script in group policy and it will remove the user from every computers local admin group when the computer boots up. We also use this script to change the local administrator account's name and password. If the systems are Windows 2000 there are some AD dll's that have to be registered. If they are Windows XP, it will work with out any dll registration.
Sample....
Dim strLocalAdminGroup
Dim strComputer
Dim remadmins
Set WshShell = Wscript.CreateObject("Wscript.Shell")
Set WshSysEnv = WshShell.Environment("SYSTEM")
Set WshUserEnv = WshShell.Environment("User")
Set WshProEnv = WshShell.Environment("Process")
strComputer = WshProEnv("COMPUTERNAME")
remadmins = array("DomainName\UserID","Everyone")
strLocalAdminGroup = "Administrators"
For I = lbound(remAdmins) to ubound(remAdmins)
Set grp = GetObject("WinNT://" & strComputer & "/" & strLocalAdminGroup)
member = "WinNT://" & remAdmins(i)
if grp.Ismember(member) = True then
grp.Remove(member)
end if
next
Sample....
Dim strLocalAdminGroup
Dim strComputer
Dim remadmins
Set WshShell = Wscript.CreateObject("Wscript.Shell")
Set WshSysEnv = WshShell.Environment("SYSTEM")
Set WshUserEnv = WshShell.Environment("User")
Set WshProEnv = WshShell.Environment("Process")
strComputer = WshProEnv("COMPUTERNAME")
remadmins = array("DomainName\UserID","Everyone")
strLocalAdminGroup = "Administrators"
For I = lbound(remAdmins) to ubound(remAdmins)
Set grp = GetObject("WinNT://" & strComputer & "/" & strLocalAdminGroup)
member = "WinNT://" & remAdmins(i)
if grp.Ismember(member) = True then
grp.Remove(member)
end if
next
That script will also remove the local "everyone" group from the local administrators group. If the account is local then leave off the domain name and slash in the array.
Didn't find the answer you are looking for?
Ask a question
If a user is an admin, he can remove 'himself' from admin group... why not use the command, on his account :
net localgroup administrators %username% /delete
You can launch that with GPO or a login script, or by SCCM.
net localgroup administrators %username% /delete
You can launch that with GPO or a login script, or by SCCM.
haveffun
Nov 9, 2008 at 05:20 AM
- Posts
- 8
- Registration date
- Friday November 7, 2008
- Status
- Member
- Last seen
- April 26, 2009
Nov 9, 2008 at 05:20 AM
well its for windows server I guessed? and I dont think that there exist any script for what you are trying to do buddy.
instead just disable them they wont be able to log onto the account if its disabled from the domain
instead just disable them they wont be able to log onto the account if its disabled from the domain
What to do if a username or groupname are too long? For example I've got a trouble with removing a domain group from local group with in a command line? For example I'm
using next command (net localgroup "Administrator" "mydomn\uk-kre-workstation-adm" /delete) and it dosn't work, however I can to do this easely from mmc console, but question is how to run a selected task on more that 200 PC
using next command (net localgroup "Administrator" "mydomn\uk-kre-workstation-adm" /delete) and it dosn't work, however I can to do this easely from mmc console, but question is how to run a selected task on more that 200 PC