Remove users from local admin group with exclusions

PowerShell Help
1

Hi all,

I am looking for help
I am trying to remove users from local admin group with exclusions
the script working almost correct when i run it on my machine, but failing when it pushed by SCCM
This is the script

function Get-GroupBySid () {
param(
[parameter(Mandatory=$true,ValueFromPipeline=$true,ValueFromPipelineByPropertyName=$true)]
[Alias("Name")]
[string]$ComputerName,
[string]$GroupNameSid = "S-1-5-32-544"
)
$objSID = New-Object System.Security.Principal.SecurityIdentifier($GroupNameSid)
$objgroup = $objSID.Translate( [System.Security.Principal.NTAccount])
$objgroupname = ($objgroup.Value).Split("\")[1]
return ,$objgroupname
}
$Admingroup = Get-GroupBySid -ComputerName $ENV:COMPUTERNAME #localhost
$members = net localgroup $Admingroup #| where {$_ -and $_ -notmatch "command completed successfully"} | select -skip 8
$Adminaccounts = $null
$Adminaccounts = @()

foreach ($member in $members)
{

switch ($member)
{

"pl\prg_test_1"{}
"pl\prg_test_1"{}
"pl\pprg_test_2"{}
"pl\pprg_test_2"{}
"pl\strd*" {}

default {$Adminaccounts += $member}
}
}

foreach ($Adminaccount in $Adminaccounts)
{
net localgroup Administrators $Adminaccount /delete
}

if i run script i will get couple errors but all account will be removed and also this part not working “pl\strd*” {}

Please, help
Thanks

2

That is likely because you are always taking the default action in your Switch statement. I suspect the errors are coming from the entries in $members that are not actual members since you are getting additional items from your net localgroup command.

You might try this instead:

$members = Get-LocalGroupMember -Name $Admingroup

Then, reference the member via:

Switch ($member.Name)

I would get rid of default if all you want to do is remove the members in your Switch statement and just add them to your array:

"pl\prg_test_1"{$Administrators += $member.Name}

Then, if you want to stick with PowerShell, remove the member as such:

Remove-LocalGroupMember -Group $AdminGroup -Member $AdminAccount
3

Thank you [tonys] for your approach
I try to avoid Get-LocalGroupMember command because i received error:
The term ‘Get-LocalGroupMember’ is not recognized as the name of a cmdlet, function, script
file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
Can somebody explain why this part not working: “pl\strd*” {}
If any accounts start with strd - i dont want them delete, but if i run script they will be deleted

Thanks.

4

What version of PowerShell are you using? There is also this:

The Get-LocalGroupMember cmdlet gets members from a local group.

Note

The Microsoft.PowerShell.LocalAccounts module is not available in 32-bit PowerShell on a 64-bit system.

5

This is the thing, I have win 7 and windows 10 machines, so PS version will be different
but can you explain why this part not working “pl\strd*” {}

Thanks.

6

Is the asterisk in the string pl\strd* intended to be used as a wildcard? if so, you need to include the -Wildcard switch on the switch statement. See about Switch - PowerShell | Microsoft Learn

Example:

$array = 'array1' , 'skipme', 'skipme', 'silly' , 'lol', 'whocares'

$array | ForEach-Object {
    switch -Wildcard ($_) {
        arr* { 'hello' }
        skip* { 'Skipped' }
        default {}
    }
}

outputs:

hello
Skipped
Skipped
7

Thank you,
this is what i was looking :slight_smile:
This small change make all work -Wildcard

Thanks

8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.