Notification

Icon
Error

Remove user from local admin group

Posted: Friday, August 19, 2016 6:44:57 PM(UTC)
mickeyshowers

mickeyshowers

Member Original PosterPosts: 34
0
Like
I searched for an action to do this but I didn't find anything. Basically, I'm looking for a custom action that will remove the Last User from the local administrators group. Any ideas? Thanks!
Bart.E
#1Bart.E Member Administration Posts: 73  
posted: 9/27/2016 12:51:32 PM(UTC)
You can write a VBscript that removes a user from the local administrator group and set it up as a custom action. Unfortunately, we can't provide support for custom script but we did find several examples online which could help you out if you perform a search for 'remove local admin rights users script'. Another option would be using the Lansweeper deployment feature to deploy certain scripts.
scarsysadmin
#2scarsysadmin Member Posts: 31  
posted: 3/31/2017 1:34:10 PM(UTC)
I would recommend powershell. You could display the current admins and then prompt for a username to replace.

The actual command is
net localgroup administrators
net localgroup administrators /delete domain\user

scarsysadmin
#3scarsysadmin Member Posts: 31  
posted: 6/19/2017 8:03:16 PM(UTC)
To add to this, I would do this through User Pages actions. The workflow would be click computer, click username of person to be removed, click "remove" action, voila.

action to be called by something like this:
powershell -noprofile -ExecutionPolicy bypass -file {actionpath}RemoveAdmin.ps1 -user {username} -domain {userdomain}

Then use that information to run the commands.
warlock1663
#4warlock1663 Member Posts: 15  
posted: 9/7/2017 6:03:19 PM(UTC)
Can this be done to remove multiple users from the local admin group?
scarsysadmin
#5scarsysadmin Member Posts: 31  
posted: 9/7/2017 6:05:32 PM(UTC)
yup
warlock1663
#6warlock1663 Member Posts: 15  
posted: 9/7/2017 6:07:42 PM(UTC)
Im not that great at scripting though.
scarsysadmin
#7scarsysadmin Member Posts: 31  
posted: 9/7/2017 6:13:21 PM(UTC)
Nows a good time to learn!

Or, use psexec and do it manually. Psexec has to be run from an account that is in the admin group.
psexec.exe \\Computername cmd.exe /K

View users in the group
net localgroup admnistrators

Delete Users in the group
net localgroup administrators /delete Domain\username

jacob_bks
#8jacob_bks Member Posts: 49  
posted: 9/7/2017 8:51:54 PM(UTC)
I use a deployment package, one step:
command > net localgroup administrators DOMAIN\UserName /delete

I then use a report that shows me local administrator group membership, filter by DOMAIN\Username that I am looking for, then deploy package to the results.

Sounds dumb, but it takes like 3 minutes and you're done.



jacob_bks
#9jacob_bks Member Posts: 49  
posted: 9/7/2017 8:56:18 PM(UTC)
and then if I wanted to be awesome, I would edit the local admin membership report, SAVE AS, put a filter on it where user is na\username, then set deployment package to rescan assets after deploying...

and set up the new report to be emailed to me so I know when that user pops back in the local admin group...

then, set up a schedule every 1 day or so, deploy the package to that report I just made... so in the future, if someone puts the user back in local administrator group... Lansweeper will remove it :)

jacob_bks
#10jacob_bks Member Posts: 49  
posted: 9/7/2017 8:59:23 PM(UTC)
and if that doesn't solve it... add the auditor's email address to the report that emails you when the user gets put back in the group :)

jacob_bks
#11jacob_bks Member Posts: 49  
posted: 9/7/2017 9:09:16 PM(UTC)
here - not sure if this one was a built-in report or not...

here's the report that will give you local administrators

Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblUsersInGroup.Username,
tblUsersInGroup.Domainname,
tblUsersInGroup.Groupname
From tblAssets
Inner Join tblUsersInGroup On tblAssets.AssetID = tblUsersInGroup.AssetID
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tblComputersystem On tblAssets.AssetID = tblComputersystem.AssetID
Where tblUsersInGroup.Groupname =
'administrators' And tblComputersystem.Domainrole > 1 And
tblAssetCustom.State = 1
Order By tblAssets.AssetName



Run it, type in your username you're looking for in the report filter column, deploy your one line Lansweeper deployment package that removes that user.

no scripting required, and you leverage Lansweeper to find exactly what your targets are (like, edit the above group with more criteria, say production servers only...), versus using scripting to scan everything and remove it if it finds it... which can be dangerous and accidentally remove the user from places where he/she needs to be.
mickeyshowers
#12mickeyshowers Member Original PosterPosts: 34  
posted: 7/16/2018 9:35:40 PM(UTC)
Originally Posted by: jacob_bks Go to Quoted Post
I use a deployment package, one step:
command > net localgroup administrators DOMAIN\UserName /delete

I then use a report that shows me local administrator group membership, filter by DOMAIN\Username that I am looking for, then deploy package to the results.

Sounds dumb, but it takes like 3 minutes and you're done.





Hi Jacob,

I created a package like you mentioned above but when I run it against one of the machines it fails.

Result: Deployment ended: Incorrect function. Stop(Failure). Credential: (*******\*******). ShareCredential: (lansweeper). Command: net localgroup administrators DOMAIN\UserName /delete

Are DOMAIN and username variables that it should pick up when I run the package against a machine?
bubba198
#13bubba198 Member Posts: 5  
posted: 8/12/2018 6:14:35 PM(UTC)
Originally Posted by: jacob_bks Go to Quoted Post
I use a deployment package, one step:
command > net localgroup administrators DOMAIN\UserName /delete



That's an awesome idea, thank you for sharing. Sweet and simple. I do have a follow up question, I also suck at scripting. Is there a way to choose whether to deploy the package on-the-fly by using if...then inside the actual package script.

In other words before executing the "meat" of it being net localgroup administrators DOMAIN\UserName /delete the first line would check whether DOMAIN\UserName is member of localgroup administrators and only if YES then the "/delete" command is run.

I know there's no harm in banging the /delete against non-existent user but just though it would be more elegant to check first and only if the /delete needs to be carried out then the deployment continues, otherwise it just exists.
jhartley@alcona-county.net
posted: 3/24/2021 4:27:30 PM(UTC)
Originally Posted by: jacob_bks Go to Quoted Post
I use a deployment package, one step:
command > net localgroup administrators DOMAIN\UserName /delete

I then use a report that shows me local administrator group membership, filter by DOMAIN\Username that I am looking for, then deploy package to the results.

Sounds dumb, but it takes like 3 minutes and you're done.





How does the command know which username has local admin privilege's?

Active Discussions

Lansweeper Monitor history showing only last monitors
by  cross_eur   Go to last post Go to first unread
Last post: 7/23/2021 6:06:51 PM(UTC)
Lansweeper Report Login time reduces number of computers by 300
by  cross_eur  
Go to last post Go to first unread
Last post: 7/23/2021 6:05:42 PM(UTC)
Lansweeper Merging 2 reports
by  Apaulcolypse   Go to last post Go to first unread
Last post: 7/22/2021 10:02:59 PM(UTC)
Lansweeper HELP - Add Registry Key Values to Asset Report
by  Apaulcolypse  
Go to last post Go to first unread
Last post: 7/22/2021 9:26:43 PM(UTC)
Lansweeper Can I request a custom report here?
by  Brian G   Go to last post Go to first unread
Last post: 7/22/2021 7:20:56 PM(UTC)
Lansweeper List all users with E-mail address
by  Brandon  
Go to last post Go to first unread
Last post: 7/21/2021 7:06:36 PM(UTC)
Lansweeper Identifying users of Windows legacy authentication
by  Baronet   Go to last post Go to first unread
Last post: 7/21/2021 5:26:38 PM(UTC)
Lansweeper Windows Version different between reports
by  RC62N  
Go to last post Go to first unread
Last post: 7/21/2021 3:27:04 PM(UTC)