move domain users from local admin groups to local special users g

Discussion in 'Scripting' started by Benny, Feb 14, 2005.

  1. Benny

    Benny Guest

    Before we apply policies on our domain, we add each domain user to the
    local admin group. Now we need to reverse this and add them to a local
    special users group, and aply the new policies.
    Is there a way to automate this? Is there a script we can create and add to
    the new policies?
    Doing this on every computer would be very time consuming. Besides, some
    of the machines are located in different branches through the US.
    Any help would be very much appreciated
    Ben Fernandes
    Benny, Feb 14, 2005
    1. Advertisements

  2. Hi

    Assuming you have a Active Directory domain, you could put the script
    below in a computer startup script (with a GPO) that runs as part of
    he boot up process (before the user logs in). It runs under the system
    context and has admin rights.

    Set oWshNet = CreateObject("WScript.Network")
    sNode = oWshNet.ComputerName

    ' group name to add user to
    Set oGroupAdd = GetObject("WinNT://" & sNode & "/Power Users")

    ' group name to remove user from
    Set oGroupRmv = GetObject("WinNT://" & sNode & "/Administrators")

    ' loop through all members of the Administrators group
    For Each oGroupRmv In oGroupRmv.Members
    If oGroupRmv.Class = "User" Then

    On Error Resume Next ' implicit Err.Clear

    ' try to connect to user object to see if account is a local user
    Set oUser = GetObject("WinNT://" & sNode & "/" _
    & oGroupRmv.Name & ",user")

    If Err.Number <> 0 Then
    ' user is not local!

    ' add user to other group
    oGroupAdd.Add oUser.ADsPath

    ' remove user from group
    oGroupRmv.Remove oUser.ADsPath

    End If
    End If
    Torgeir Bakken \(MVP\), Feb 14, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.