What is the prize for this challenge?
Please see this post for enumerating the groups (Bryce's code piece)
Multiple INGROUP()
Here is some code that should work for some of it...
code:
$x=(@DOMAIN+"\"+@USERID)
$CleanAdmin = "net localgroup administrators /del $x"
IF INGROUP("\\@WKSTA\Administrators")
shell '%comspec% /c $CleanAdmin >nul'
ENDIF
It will remove specified username from the local admin group, but won't remove your Domain Admins when they logon with their Domain Admin accounts, but it will if they logon with another account that is a member of the local admin, so you would need to modify it some to prevent specified members from not being removed. Possibly by using a GLOBAL group membership of those not to remove from local admin groups.
James Bond post ![[Wink]](images/icons/wink.gif)
[ 03 April 2002, 19:52: Message edited by: NTDOC ]
