Remove all members in local Power User Group Ken 4/26/2007 3:20:02 PM I need to remove all membership in the local power users group on the local machines. I would like to use a logon scipt to do this. I see examples of adding or removing specific users but nothing to set group membership to 0.

Re: Remove all members in local Power User Group "Richard Mueller [MVP]" <rlmueller-nospam[ at ]ameritech.nospam.net> 4/26/2007 4:25:14 PM Ken wrote: [Quoted Text] >I need to remove all membership in the local power users group on the local > machines. I would like to use a logon scipt to do this. I see examples > of > adding or removing specific users but nothing to set group membership to > 0. First, this won't work in a logon script, unless the user is a member of the local Administrators group. It could be done in a Startup script, which runs with System privileges on the local machine. Even better, a member of Domain Admins should be able to do this remotely if the computer is authenticated to the domain. By default, the group Domain Admins is added to the local Administrators group when the computer is joined to the domain. In either case (a startup script or a script run remotely), I don't know of any method to remove all members of a group at once. You must enumerate each member and remove individually. You must use the WinNT provider to deal with local objects. A VBScript example: ========= ' Specify the NetBIOS name of the computer. ' You can use "." for current local computer. strComputer = "TestComputer" ' Bind to local Power Users group on the computer. Set objLocalGroup = GetObject("WinNT://" & strComputer & "/Power Users,group") ' Enumerate all members of the local group. For Each objMember In objLocalGroup.Members ' Remove the member from the group. objLocalGroup.Remove(objMember.AdsPath) Next ======== You can test by first having the loop enumerate the members (Wscript.Echo objMember.Name), then revise to remove. -- Richard Mueller Microsoft MVP Scripting and ADSI Hilltop Lab - http://www.rlmueller.net --

Re: Remove all members in local Power User Group Ken 4/27/2007 12:58:01 PM Tks for the help. We lost our scripting guy (retirement) and he took and his nice network management tools with him. I have dabbled with Visual Basic several years ago - so the scripts are not totally foreign but as with everytihing else - it is a learning curve. I will try not to wear out my welcome and will do a lot of research before posting a question. Right now we are going through a C & A accreditation and am working on several short fuses to get the network in complaince to keep our networthyness to stay on the army network. Tks again for the help. Ken "Richard Mueller [MVP]" wrote: [Quoted Text] > Ken wrote: > > >I need to remove all membership in the local power users group on the local > > machines. I would like to use a logon scipt to do this. I see examples > > of > > adding or removing specific users but nothing to set group membership to > > 0. > > First, this won't work in a logon script, unless the user is a member of the > local Administrators group. It could be done in a Startup script, which runs > with System privileges on the local machine. Even better, a member of Domain > Admins should be able to do this remotely if the computer is authenticated > to the domain. By default, the group Domain Admins is added to the local > Administrators group when the computer is joined to the domain. > > In either case (a startup script or a script run remotely), I don't know of > any method to remove all members of a group at once. You must enumerate each > member and remove individually. You must use the WinNT provider to deal with > local objects. A VBScript example: > ========= > ' Specify the NetBIOS name of the computer. > ' You can use "." for current local computer. > strComputer = "TestComputer" > > ' Bind to local Power Users group on the computer. > Set objLocalGroup = GetObject("WinNT://" & strComputer & "/Power > Users,group") > > ' Enumerate all members of the local group. > For Each objMember In objLocalGroup.Members > ' Remove the member from the group. > objLocalGroup.Remove(objMember.AdsPath) > Next > ======== > You can test by first having the loop enumerate the members (Wscript.Echo > objMember.Name), then revise to remove. > > -- > Richard Mueller > Microsoft MVP Scripting and ADSI > Hilltop Lab - http://www.rlmueller.net > -- > > >

Re: Remove all members in local Power User Group "Jeremy" <jeremy[ at ]discussions.microsoft.com> 4/28/2007 12:36:07 AM You could use a restricted groups policy too. Simply add Power Users as a restricted group and don't specify any members, link the policy to the OU that has your computer accounts in it and voila, no script required. "Ken" <Ken[ at ]discussions.microsoft.com> wrote in message news:BCF9F654-C709-4FF9-8247-26963BA97DF8[ at ]microsoft.com... [Quoted Text] >I need to remove all membership in the local power users group on the local > machines. I would like to use a logon scipt to do this. I see examples > of > adding or removing specific users but nothing to set group membership to > 0.