Page 1 of 1 1
Topic Options
#120401 - 2004-05-30 04:00 PM Remove user from group
wombat Offline
Fresh Scripter

Registered: 2004-05-24
Posts: 5
Hi all,

I need to script something that removes a user from a domain group under NT4. Could somebody be kind enough to point me in the correct direction?

Basically....the main idea is

If InGroup("Domain Admin")
remove_user("unauthorised_username")
endif

Top
#120402 - 2004-05-30 04:41 PM Re: Remove user from group
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
KiX has no built-in command or function to do this. Since you failed to mention the KiX version or client OS, we cannot advise whether ADSI is an option. If you meet the req's for ADSI, have a look at our UDF library. There are at least UDFs to add members that you could borrow from.

Why not just SHELL out and use NET or CUSRMGR?

Why on earth would you have to scipt this? Why not just do it in User Manager? It looks to me that there may be malicious intent.
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#120403 - 2004-05-30 05:11 PM Re: Remove user from group
wombat Offline
Fresh Scripter

Registered: 2004-05-24
Posts: 5
It is because I am instructed to give some deskside engineers a domain admin account for work related purposes. And those engineers, keep adding themselves as domain admins.

Had given them verbal warning, and told my boss. But he's not doing a thing about it. ...Extremely tiring to check usermgr every few hours or so.


Edited by wombat (2004-05-30 05:14 PM)

Top
#120404 - 2004-05-30 06:45 PM Re: Remove user from group
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
IMHO, adding code in their logon script to trick them to remove themselves is not the way to go. It will just elevate the conflict and the beligerent users will simply modify the script or their call to it.

I would turn on security auditing and have an admin script that monitors the event log. Then take the event log info to trigger the removal of the account.

Really though, it is a security policy enforcement issue and needs to be dealt with by management.
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#120405 - 2004-05-30 08:30 PM Re: Remove user from group
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
no user should have domain admin rights.
nor access to account that has such.
_________________________
!

download KiXnet

Top
#120406 - 2004-05-30 09:05 PM Re: Remove user from group
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
Quote:

no user should have domain admin rights.
nor access to account that has such.



Well... I do, and so do many others... otherwise there would be nobody to administer the domain.
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#120407 - 2004-05-30 09:21 PM Re: Remove user from group
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
well, domain admin is domain admin.
you don't need to be domain admin to admin parts of the domain.
_________________________
!

download KiXnet

Top
Page 1 of 1 1


Moderator:  Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart 
Hop to:
Shout Box

Who's Online
1 registered (Allen) and 466 anonymous users online.
Newest Members
gespanntleuchten, DaveatAdvanced, Paulo_Alves, UsTaaa, xxJJxx
17864 Registered Users

Generated in 0.056 seconds in which 0.024 seconds were spent on a total of 12 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org