top of page

PowerShell | Local Accounts | Admin Group Management

This scripts below are designed so that it can be used to query the local machine, if named, but also a remote computer. The remote computer has to be set up to accept the query:

 

- Enable WinRM on Remote Machine Using WinRM quickconfig

-Windows Firewall Inbound Rules Enabled or Firewall Disabled

-Administrative Rights on the Remote Machine

 

List Local Admin Group Membership

<#
When running script against the computer you are logged into:
1. Disable UAC in the Registry and Reboot:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
2 You must be logged in as a local admin and have a password
#>
#Prompt User for ComputerName
$ComputerName = Read-Host "Enter your Comptuer Name:"
#Query Computer for list of Local Admins Group
Invoke-Command -ComputerName $ComputerName -ScriptBlock {
    #List of Local Admins 
    Get-LocalGroupMember -Group "Administrators"
}

 

Remove User from Local Admin Group Membership

<#
Designed to simply remove 1 user from the local admin group 
on a remote computer. You could modify this to loop through
a list of computers to remove an account on a list of 
specific computers. 
#>
#Prompt User for Computer Name:
$ComputerName = Read-Host "Enter your Computer Name"
#Promputer User for Username:
$Username= Read-Host "Enter Username"

#Strings Computer Name and User Name Together
$Login="$Computername\$Username"
#Remove Account from Local Admins Group
Invoke-Command -ComputerName $ComputerName -ScriptBlock {    
    Remove-LocalGroupMember -Group "Administrators" -Member $args
} -ArgumentList $Login

Add User to Local Admin Group Membership

<#
Designed to simply add 1 user to the local admin group 
on a remote computer. You could modify this to loop through
a list of computers to add an account on a list of 
specific computers. 
#>
#Prompt User for Computer Name:
$ComputerName = Read-Host "Enter your Computer Name"
#Prompt User for Username:
$Username= Read-Host "Enter Username"

#Strings Computer Name and User Name Together
$Login="$Computername\$Username"
#Add User to Local Admin Group on Machine
Invoke-Command -ComputerName $ComputerName -ScriptBlock {    
   Add-LocalGroupMember -Group "Administrators" -Member $args
} -ArgumentList $Login

bottom of page