-
Notifications
You must be signed in to change notification settings - Fork 15
/
Copy pathLocalAdminGroup.ps1
108 lines (87 loc) · 3.12 KB
/
LocalAdminGroup.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
<#
.Synopsis
LocalAdminGroup is a script that can be deployed in a Domain environment, from ConfigMgr, that will add or remove individual users from the Local Administrators group.
Careful thought should be exercised on why you would want to use this.
.Description
===========================================================================
Created on: 05/03/2021
Created by: Ben Whitmore
Organization: -
Filename: LocalAdminGroup.ps1
===========================================================================
Version:
1.0.1 - 05/03/2021
- Replaced ADSI command with Add-LocalGroupMember and Remove-LocalGroupMember. Thanks @IoanPopovici
1.0 - 05/03/2021
.Parameter Username
SAMAccountName of the user being added
.Parameter Action
"Add" will add the user to the Local Administrators Group
"Remove" will remove the user from the Local Administrators Group
.Example
LocalAdminGroup.ps1 -Username ernest.shackleton -Action "Add"
.Example
LocalAdminGroup.ps1 -Username ernest.shackleton -Action "Remove"
#>
[CmdletBinding()]
param(
[Parameter(Position = 0, Mandatory = $true)]
[String]$Username,
[Parameter(Position = 1, Mandatory = $true)]
[ValidateSet ("Add", "Remove")]
[String]$Action
)
$LocalAdmins = Get-LocalGroupMember Administrators | Select-Object -ExpandProperty Name
$User = Join-Path -Path $env:USERDOMAIN -ChildPath $Username
$UserExists = $Null
$UserExistsFinal = $Null
Switch ($Action) {
Add {
Write-Output "Checking if $Username is already in the Local Administrators Group"
foreach ($Admin in $LocalAdmins) {
If ($Admin -eq $User) {
Write-Output "$Username already exists in the Local Administrators Group"
$UserExists = $True
}
}
If (!($UserExists)) {
Write-Output "Adding $Username to Local Administrators Group"
Try {
Add-LocalGroupMember -Group "Administrators" -Member $User -ErrorAction Stop
}
Catch {
Write-Warning $error[0]
}
}
}
Remove {
Write-Output "Checking if $Username is in the Local Administrators Group"
foreach ($Admin in $LocalAdmins) {
If ($Admin -eq $User) {
Write-Output "$Username is in the Local Administrators Group"
$UserExists = $True
}
}
If ($UserExists) {
Write-Output "Removing $Username from Local Administrators Group"
Try {
Remove-LocalGroupMember -Group "Administrators" -Member $User -ErrorAction Stop
}
Catch {
Write-Warning $error[0]
}
}
}
}
$LocalAdminsFinal = Get-LocalGroupMember Administrators | Select-Object -ExpandProperty Name
foreach ($Admin in $LocalAdminsFinal) {
If ($Admin -eq $User) {
$UserExistsFinal = $True
}
}
If ($UserExistsFinal) {
Write-Output "Summary: $Username is present in the Local Administrators Group on $env:ComputerName"
}
else {
Write-Output "Summary: $Username is absent from the Local Administrators Group on $env:ComputerName"
}