cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Remove list of users from Local Administrators group on list of computers

charlie4872
Brass Contributor

‎Apr 27 2022 07:54 AM

‎Apr 27 2022 07:54 AM

Remove list of users from Local Administrators group on list of computers

Hello, we are trying to remove users from the local administrators group on a bunch of computers. After that we will implement a GPO to control who is added to the local admin group on all computers. What I am looking for is a script to remove multiple users from the local admin group a list of multiple computers. The code below does not seem to be working correctly. Can anyone help with what I am doing wrong?

$users = get-content .\users.txt
$computers = get-content .\computers.txt
foreach ($computer in $computers){
invoke-command -computername $computer -scriptblock {Get-LocalGroupMember -Group 'Administrators' | where {$_.objectclass -like $users} | Remove-LocalGroupmember Administrators}
}
5,476 Views
0 Likes
3 Replies
Reply
3 Replies
best response confirmed by charlie4872 (Brass Contributor)
LainRobertson

‎Apr 27 2022 07:01 PM

‎Apr 27 2022 07:01 PM

Solution

Re: Remove list of users from Local Administrators group on list of computers

@charlie4872 

 

Hi.

 

There's a number of issues with your "Invoke-Command" statement, the most notable being this part:

 

where {$_.objectclass -like $users}

 

$_.objectClass isn't something you're ever going to measure a user account name against.

 

We also can't see examples of the data you're pulling from the users.txt and computers.txt files, meaning there could be issue there, too, and we wouldn't know.

 

Anyhow, forging ahead.

 

Let's say your data from computers.txt looks like this:

client01.mydomain.com
client02.mydomain.com
client03.mydomain.com

 

And your users.txt looks like this:

mydomain\user01
mydomain\user02
mydomain\user03

 

Then your script - in its simplest form - would look like this:

 

Invoke-Command -ComputerName (Get-Content -Path .\computers.txt) -ArgumentList (Get-Content -Path .\users.txt) -ScriptBlock { $args | Remove-LocalGroupMember -Group "Administrators" -ErrorAction:SilentlyContinue; }

 

Cheers,

Lain

0 Likes
Reply
charlie4872

‎May 02 2022 07:34 AM

‎May 02 2022 07:34 AM

Re: Remove list of users from Local Administrators group on list of computers

Hello Lain, I have tested the script you provided and it works perfectly. Your help is greatly appreciated!

Thanks!
1 Like
Reply
1 best response

Accepted Solutions
best response confirmed by charlie4872 (Brass Contributor)
LainRobertson

‎Apr 27 2022 07:01 PM

‎Apr 27 2022 07:01 PM

Solution

Re: Remove list of users from Local Administrators group on list of computers

@charlie4872 

 

Hi.

 

There's a number of issues with your "Invoke-Command" statement, the most notable being this part:

 

where {$_.objectclass -like $users}

 

$_.objectClass isn't something you're ever going to measure a user account name against.

 

We also can't see examples of the data you're pulling from the users.txt and computers.txt files, meaning there could be issue there, too, and we wouldn't know.

 

Anyhow, forging ahead.

 

Let's say your data from computers.txt looks like this:

client01.mydomain.com
client02.mydomain.com
client03.mydomain.com

 

And your users.txt looks like this:

mydomain\user01
mydomain\user02
mydomain\user03

 

Then your script - in its simplest form - would look like this:

 

Invoke-Command -ComputerName (Get-Content -Path .\computers.txt) -ArgumentList (Get-Content -Path .\users.txt) -ScriptBlock { $args | Remove-LocalGroupMember -Group "Administrators" -ErrorAction:SilentlyContinue; }

 

Cheers,

Lain

View solution in original post

0 Likes
Reply