Revove local admin but NOT Domain admin
Question
Using this script to remove all local admins from each computer however it also removes domain admins is there a way to do this without removing domain administrators?
$remove = net localgroup administrators |
select -skip 6 |
? {$_ -and $_ -notmatch 'successfully|^administrator$'};
foreach ($user in $remove) {
net localgroup administrators "`"$user`"" /delete
};
2 answers
solution1
2 ACCPTED 2019-05-22 15:11:01
Another solution:
Get-LocalGroupMember administrators |
Where {$_.name -like "$($env:COMPUTERNAME)\*" -and $_.objectclass -eq "User"} |
Remove-LocalGroupMember -Group 'Administrators'
To make it more locale independent you could use SID S-1-5-32-544 instead of a group name.
solution2
1 2019-05-22 15:08:40
Here is one option:
Get-LocalGroupMember -Group 'Administrators' |
Where-Object Name -notlike '*Domain Admins' |
Remove-LocalGroupMember -Group 'Administrators'
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
List all local administrator accounts excluding domain admin and local admin
Local Admin password change throughout the domain
PowerShell Access Denied only for Local user who is also Admin but not for domain user who is local admin
Install as local admin user
Powershell To Check Local Admin Credentials
Adding Local Admin & Applying Password
Get Local Admin Accounts on every computer in OU
Fetch users from local admin group on server
Domain Admin Cleanup with Foreach-Object
get local admin users with password age
Related Tags