Hi.
I need to disable the local administrator account on servals servers for security policy. I hope and i think there must be a simple way to do this with PS so i dont have to login into each server and disable the account?
Hi.
I need to disable the local administrator account on servals servers for security policy. I hope and i think there must be a simple way to do this with PS so i dont have to login into each server and disable the account?
Yes i saw this too when i did a google on this, but im pretty new on PS and just wanna one command that disable the ,\Administator account, think this script/solution do much more than that?
Did you read the blog post the script was based on? Use PowerShell to Enable or Disable a Local User Account - Scripting Blog
yes i read it but dont understand much of it, am i right that i must know the password for the local account i want to disable?
the script in the blog was written to have you set the password when you enable a user but it is not a requirement.
At a very basic level this is what you need
$user = "TestUser" $computer = "." $EnableUser = 512 $DisableUser = 2 $ObjUser = [ADSI]”WinNT://$computer/$user” $objUser.userflags = $DisableUser # This set the disabled flag. To Enable the user change to $objUser.userflags = $EnableUser $objUser.setinfo() # The writes the changes to the user account
OK, thanks alote, i will test this and get back
It works fine for one computer but i cannot add in servals computernames ex
$computername = “serve1,server2,server3”
Is where any way this can be solved?
To do this for multiple computers you will need to use a for each loop to process all the computers.
$user = "TestUser" $computers = ".","localhost" $EnableUser = 512 $DisableUser = 2 Foreach ($computer in $computers){ $ObjUser = [ADSI]”WinNT://$computer/$user” $objUser.userflags = $DisableUser # This set the disabled flag. To Enable the user change to $objUser.userflags = $EnableUser $objUser.setinfo() # The writes the changes to the user account }
that doesnt work, the script looking for a host called “,” if i set this
$computer = “server1”,“server2”,“server3” . Or have i misunderstand this?
It should work if you set it like this:
$computers = “Server01”, “Server02”, “Server03”
Also take a look at this:
$ObjUser = [ADSI]”WinNT://$computer/$user”
Replace those ” quotes with this "
$ObjUser = [ADSI]“WinNT://$computer/$user”
Still same error. As soon i put in 2 servers with “server01”,“server02” it cannot find name called “,” . Works fine with one “server01”. I have installed PS 5 on this machine if that should make any differens?
Exception setting “userflags”: "The following exception occurred while retrieving member “userflags”: "The network path was not found.
“”
At G:\PS_Scripts\disablelocaladmin.ps1:6 char:1
+ CategoryInfo : NotSpecified: (:) [], SetValueInvocationException
+ FullyQualifiedErrorId : ExceptionWhenSetting
The following exception occurred while retrieving member “setinfo”: "The network path was not found.
"
At G:\PS_Scripts\disablelocaladmin.ps1:7 char:1
+ CategoryInfo : NotSpecified: (:) [], ExtendedTypeSystemException
+ FullyQualifiedErrorId : CatchFromBaseGetMember
Post the whole code you are running and the output with errors here.
The output from the script that is exact like Jonathan have deliver above with change that i have put in.
$computer = “server01”,“server02”
Exception setting “userflags”: "The following exception occurred while retrieving member “userflags”: "The network path was not found.
“”
At G:\PS_Scripts\disablelocaladmin.ps1:6 char:1
+ CategoryInfo : NotSpecified: (:) [], SetValueInvocationException
+ FullyQualifiedErrorId : ExceptionWhenSetting
The following exception occurred while retrieving member “setinfo”: "The network path was not found.
"
At G:\PS_Scripts\disablelocaladmin.ps1:7 char:1
+ CategoryInfo : NotSpecified: (:) [], ExtendedTypeSystemException
+ FullyQualifiedErrorId : CatchFromBaseGetMember
I put in the script anyway.
$user = “NTAdmin”
$computer = “server01”,“server02”
$EnableUser = 512
$DisableUser = 2
$ObjUser = [ADSI]”WinNT://$computer/$user”
$objUser.userflags = $DisableUser # This set the disabled flag. To Enable the user change to $objUser.userflags = $EnableUser
$objUser.setinfo() # The writes the changes to the user account
HMmm sorry i havent run the change Jonathan have add in with each computer part. Will be back
Hmm sorry guys with all trouble and time you have to spend on this. I didnt add the part Jonathan put in with the for each computers.
It works fine now
$user = "NTAdmin" $computers = "server01","server02" $EnableUser = 512 $DisableUser = 2 Foreach($computer in $computers){ $ObjUser = [ADSI]”WinNT://$computer/$user” $objUser.userflags = $DisableUser # This set the disabled flag. To Enable the user change to $objUser.userflags = $EnableUser $objUser.setinfo() # The writes the changes to the user account }
Hi.
Can i please get your help to extend this, its hard time to put in all servers in the script, its about 90 servers i have to do this on. Is it possible to import a txt or csv file with all servernames?
That is very easily done just create a text file with a server name on each line
$user = "NTAdmin" $computers = get-content -path .\Serverlist.txt $EnableUser = 512 $DisableUser = 2 Foreach($computer in $computers){ $ObjUser = [ADSI]”WinNT://$computer/$user” $objUser.userflags = $DisableUser # This set the disabled flag. To Enable the user change to $objUser.userflags = $EnableUser $objUser.setinfo() # The writes the changes to the user account }