PowerShell | Local Accounts | Admin Group Management
This scripts below are designed so that it can be used to query the local machine, if named, but also a remote computer. The remote computer has to be set up to accept the query:
- Enable WinRM on Remote Machine Using WinRM quickconfig
-Windows Firewall Inbound Rules Enabled or Firewall Disabled
-Administrative Rights on the Remote Machine
List Local Admin Group Membership
<#
When running script against the computer you are logged into:
1. Disable UAC in the Registry and Reboot:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
2 You must be logged in as a local admin and have a password
#>
#Prompt User for ComputerName
$ComputerName = Read-Host "Enter your Comptuer Name:"
#Query Computer for list of Local Admins Group
Invoke-Command -ComputerName $ComputerName -ScriptBlock {
#List of Local Admins
Get-LocalGroupMember -Group "Administrators"
}
Remove User from Local Admin Group Membership
<#
Designed to simply remove 1 user from the local admin group
on a remote computer. You could modify this to loop through
a list of computers to remove an account on a list of
specific computers.
#>
#Prompt User for Computer Name:
$ComputerName = Read-Host "Enter your Computer Name"
#Promputer User for Username:
$Username= Read-Host "Enter Username"
#Strings Computer Name and User Name Together
$Login="$Computername\$Username"
#Remove Account from Local Admins Group
Invoke-Command -ComputerName $ComputerName -ScriptBlock {
Remove-LocalGroupMember -Group "Administrators" -Member $args
} -ArgumentList $Login
Add User to Local Admin Group Membership
<#
Designed to simply add 1 user to the local admin group
on a remote computer. You could modify this to loop through
a list of computers to add an account on a list of
specific computers.
#>
#Prompt User for Computer Name:
$ComputerName = Read-Host "Enter your Computer Name"
#Prompt User for Username:
$Username= Read-Host "Enter Username"
#Strings Computer Name and User Name Together
$Login="$Computername\$Username"
#Add User to Local Admin Group on Machine
Invoke-Command -ComputerName $ComputerName -ScriptBlock {
Add-LocalGroupMember -Group "Administrators" -Member $args
} -ArgumentList $Login