forked from joerod/powershell
-
Notifications
You must be signed in to change notification settings - Fork 0
/
remove_local_admin_domain_users.ps1
89 lines (72 loc) · 3.82 KB
/
remove_local_admin_domain_users.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
#rewrote this script using invoke-command and net lcoalgroup cmd. Also added logging to each function
Function Get-AdminGroups{
foreach($i in (Get-Content C:\Users\joerod\Desktop\remove_users.txt)){
#test if machine is on the network
if (-not (Test-Connection -computername $i -count 1 -Quiet -ErrorAction SilentlyContinue)) {
Write-Warning "$i is Unavalible"
"`r"
$i | Out-File C:\Script_logs\remove_local_admin_$(get-date -f MM-dd-yyyy).log -Append
}
else {
$i | Out-File C:\Script_logs\remove_local_admin_$(get-date -f MM-dd-yyyy).log -Append
Write-Output "Added $i to list...."
(invoke-command {
$members = net localgroup administrators |
where {$_ -AND $_ -notmatch "command completed successfully"} |
select -skip 4
New-Object PSObject -Property @{
Computername = $env:COMPUTERNAME
Group = "Administrators"
Users=$members
}
} -computer $i -HideComputerName |
Select * -ExcludeProperty RunspaceID )
}
}
}
$admins = Get-AdminGroups
Function Remove-Admin{
foreach($admin in $admins){
#deletes local accounts if conditions are met
for($i=0;$i -lt $admin.users.count;$i++){
if(($admin.users[$i] -ne "contoso\Domain Admins") -and ($admin.users[$i] -notlike "contoso\WkstPerm*") -and ($admin.users[$i] -notlike "administrator") -and ($admin.users[$i] -ne $null)){
#Add user to Remote Desktop Users Group
Try{
# adds logged in use to remote desktop users group
$logoff_user = gwmi -computername $($admin.computername) -class win32_computersystem |select -ExpandProperty UserName
if($logoff_user -ne $null){
$scriptblock = $ExecutionContext.InvokeCommand.NewScriptBlock("NET LOCALGROUP 'Remote Desktop Users' $logoff_user /add")
Invoke-Command -ComputerName $($admin.computername) -ScriptBlock $scriptblock -ErrorAction Stop -ErrorVariable remotedesktop
}
}
Catch{
Write-Warning "$($admin.users[$i]) is already a member of the remote users group." #| Out-File C:\Script_logs\remove_local_admin$(get-date -f MM-dd-yyyy).log -append
}
Try{
# add users who are in admin group to remote admin group
$scriptblock2 = $ExecutionContext.InvokeCommand.NewScriptBlock("NET LOCALGROUP 'Remote Desktop Users' $($admin.users[$i]) /add")
Invoke-Command -ComputerName $($admin.computername) -ScriptBlock $scriptblock2 -ErrorAction Stop -ErrorVariable remotedesktop
Write-Output "Add $($admin.users[$i]) to Remote Desktop Users group on $($admin.computername)`r" #|Out-File C:\Script_logs\remove_local_admin.log -Append
$remotedesktop | Out-File C:\Script_logs\remove_local_admin_$(get-date -f MM-dd-yyyy).log -append
}
Catch{
Write-Warning "$($admin.users[$i]) is already a member of the remote users group." #| Out-File C:\Script_logs\remove_local_admin_$(get-date -f MM-dd-yyyy).log -append
$($admin.users[$i]) | Out-File C:\Script_logs\remove_local_admin_$(get-date -f MM-dd-yyyy).log -append
}
#Removes user from Administrators Group
$scriptblock = $ExecutionContext.InvokeCommand.NewScriptBlock("NET LOCALGROUP administrators $($admin.users[$i]) /delete")
Invoke-Command -ComputerName $($admin.computername) -ScriptBlock $scriptblock ErrorVariable $admingroup
Write-Output "Delete $($admin.users[$i]) from Administrators group on $($admin.computername)`r" #|Out-File C:\Script_logs\remove_local_admin_$(get-date -f MM-dd-yyyy).log -Append
}
}
#Logs off user
Try{
Invoke-Command -ComputerName $($admin.computername) { (gwmi win32_operatingsystem).Win32Shutdown(4) |Out-Null} -ErrorAction Stop -ErrorVariable logoff
Write-Output "Logging off $logoff_user" #|Out-File C:\Script_logs\remove_local_admin_$(get-date -f MM-dd-yyyy).log -Append
}
Catch{
Write-Output "Cannot log off $logoff_user" #|Out-File C:\Script_logs\remove_local_admin_$(get-date -f MM-dd-yyyy).log -Append
}
}
}
Remove-Admin