PowerShell script to remove a domain user from the Local Administrators group on remote machines

I want to mention that Ying Li created some scripts similar to this one. I just modified them to fit my needs.

I use Group Policy to add and remove Groups from Local Administrator Group, however something happened and when we modified our Group Policy to remove “Domain Users” Group(after some testing), it did not happen. We looked thru other GPOs and could not find anything. When we manually removed from test computer the “Domain Users” group from Local Adminsitrators group and we issued the command “gpupdate /force” and rebooted, the “Domain Users” group was not added back so definitelly it was not a policy.

So it was a weird behaviour and I decided to look for some VB scripts to do this for me, but as I started to learn PowerShell I decided to do some research and  at the end I came up with this script.

$erroractionpreference = “SilentlyContinue”

$domain = “yourdomain”
$username = “Domain Users”

$strComputer = get-content “computer_list.txt”

Foreach ($i in $strComputer)
{    $computer = [ADSI](“WinNT://” + $i + “,computer”)

$Group = $computer.psbase.children.find(“administrators”)
#    $Group.name
$Group.Remove(“WinNT://” + $domain + “/” + $username)


That’s it 🙂

Tags: , , , ,

Locations of visitors to this page