Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Remove a User From Local Admins Group

21 views
Skip to first unread message

doug

unread,
Feb 2, 2004, 10:40:42 AM2/2/04
to
I am trying to create a vbscript to perform the following:

- Get the current user's logon name

- Determine if that user is a member of the local administrator group

- delete that username from the local administrator group.

This is needed because we have over 100 field users who have laptops,
but do not have computer accounts in AD, so the script must be
downloaded via our intranet and run locally.

Here's what I have so far:


Set Sh = WScript.CreateObject("Wscript.Shell")
' For non-networked users
Set Env = Sh.Environment("SYSTEM")
' For networked users
If Env("USERNAME")="" then
Set Net = WScript.CreateObject("Wscript.Network")
CurrentUser = Net.UserName
Else
CurrentUser = Env("USERNAME")
End If
' Solves that problem...
If CurrentUser = "Administrator" then
Wscript.Echo "You are a local Administrator!"
' Can't remove administrator from the Built-in Group
Else
strComputer = "."
' Designate the local computer
Set colGroups = GetObject(WinNT://" & strComputer & "")
colGroups.Filter = Array("group")
For Each objGroup in colGroups
For Each objUser in objGroups.Members
If objUser.Name = CurrentUser then
' The script works great up to this point...
If objGroup.Name = "Administrators" then
Set objGroup = GetObject("WinNT://" & strComputer &
"Administrators, Group")
Set objUser = GetObject("WinNT://" & strComputer & "/" &
CurrentUser & ", user")
objGroup.Remove(objUser.ADsPath)
Wscript.Echo "You have been removed from the Local
Administrators Group!"
End If
End If
Next
Next
End if

When I try the script, it dies on objGroup.Remove(objUser.ADsPath)...

I’ve seen many references to ‘Remove’ as the most common method of
removing a user from a group but I can’t get it to work. It seems that
this may be a 'binding' issue with the local ADsPath. Can someone help
me with this ?
--
doug
------------------------------------------------------------------------
posted via www.WebFrustration.com

Torgeir Bakken (MVP)

unread,
Feb 2, 2004, 11:28:17 AM2/2/04
to
doug wrote:

> I am trying to create a vbscript to perform the following:
>
> - Get the current user's logon name

Note that the Wscript.Network object will also work for non-networked users.


> - Determine if that user is a member of the local administrator group

I would just have tried to remove the user without checking if the user is a
member first.


> - delete that username from the local administrator group.

Most likely your script doesn't work because you have a space between the comma
and the "group"/"user" text in the WinNT binding string.

Instead of
GetObject("WinNT://" & strComputer & "Administrators, group")


GetObject("WinNT://" & strComputer & "/" & CurrentUser & ", user")

always do like this:
GetObject("WinNT://" & strComputer & "Administrators,group")


GetObject("WinNT://" & strComputer & "/" & CurrentUser & ",user")

Here is rewritten script that I think should work for you:


strComputer = objWshNet.ComputerName
strUser = objWshNet.UserName

If LCase(strUser) <> "administrator" Then
On Error Resume Next
' connect to the user object
Set objUser = GetObject("WinNT://" _
& strComputer & "/" & strUser & ",user")
' group name to remove user from
Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")

' try to remove the user
objGroup.Remove objUser.ADsPath
If Err.Number = 0 Then


Wscript.Echo "You have been removed from the Local Administrators Group!"
End If
End If


--
torgeir
Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of the 1328 page
Scripting Guide: http://www.microsoft.com/technet/scriptcenter


0 new messages