Delete/remove local user from local admin gro [Solved/Closed]

tony - Nov 8, 2008 at 08:00 PM - Latest reply:  KD
- Feb 26, 2015 at 04:54 AM
Hello,
we added 1000 computers to a domain/AD. Bfore deployment they imaging guy created a local user with admin rights
just for administrative purposes. After distributing the computers, we realized that we need to delete/remove the account from all the computers. we do not want to go in every computer and delete the account. All the computers have already been added to the domain in their proper OU. My question is: can someone help me with a script that can delete the user from the local admin group. I know I can disable the account but I think I would be safer to delete the account. Any help will be greatly appreciated.
thands
See more 

8 replies

Best answer
27
Thank you
NET LOCALGROUP administrators UserName /delete

change UserName with required name & use this command in batch file.

Thank you, sujit 27

Something to say? Add comment

CCM has helped 1699 users this month

17
Thank you
Here is a one line command;
net user ACCOUNTNAME /delete
5
Thank you
You can write a VBscript that will remove a user from the local administrator group on all the pc in your domain. Then you set the script up to be a startup script in group policy and it will remove the user from every computers local admin group when the computer boots up. We also use this script to change the local administrator account's name and password. If the systems are Windows 2000 there are some AD dll's that have to be registered. If they are Windows XP, it will work with out any dll registration.

Sample....

Dim strLocalAdminGroup
Dim strComputer
Dim remadmins

Set WshShell = Wscript.CreateObject("Wscript.Shell")
Set WshSysEnv = WshShell.Environment("SYSTEM")
Set WshUserEnv = WshShell.Environment("User")
Set WshProEnv = WshShell.Environment("Process")

strComputer = WshProEnv("COMPUTERNAME")
remadmins = array("DomainName\UserID","Everyone")
strLocalAdminGroup = "Administrators"


For I = lbound(remAdmins) to ubound(remAdmins)
Set grp = GetObject("WinNT://" & strComputer & "/" & strLocalAdminGroup)
member = "WinNT://" & remAdmins(i)
if grp.Ismember(member) = True then
grp.Remove(member)
end if
next
4
Thank you
That script will also remove the local "everyone" group from the local administrators group. If the account is local then leave off the domain name and slash in the array.
2
Thank you
If a user is an admin, he can remove 'himself' from admin group... why not use the command, on his account :
net localgroup administrators %username% /delete

You can launch that with GPO or a login script, or by SCCM.
haveffun 8 Posts Friday November 7, 2008Registration date April 26, 2009 Last seen - Nov 9, 2008 at 05:20 AM
1
Thank you
well its for windows server I guessed? and I dont think that there exist any script for what you are trying to do buddy.

instead just disable them they wont be able to log onto the account if its disabled from the domain
0
Thank you
What to do if a username or groupname are too long? For example I've got a trouble with removing a domain group from local group with in a command line? For example I'm
using next command (net localgroup "Administrator" "mydomn\uk-kre-workstation-adm" /delete) and it dosn't work, however I can to do this easely from mmc console, but question is how to run a selected task on more that 200 PC
0
Thank you
Could any one provide me script so I can delete all local user from my all workstation, except administrator.