Hi everyone , guess it's a good time to start new blog of mine :)
I’ve always been asked by partners : “how can we easily remove normal user accounts from local administers group” thus I dug a little and developed this small simple script below , tested also in my lab (win2012r2+win8).
This script will remove all user accounts (expect “administrator” and “domain admins” of course :) )from local administrators group.
Please save it as *.vbs and deploy to all your client computers that you wish to perform the action through either group policy or SCCM:
Option Explicit
Dim N, G, U
Set N = CreateObject("WScript.Network")
Set G = GetObject("WinNT://" & N.ComputerName & "/Administrators,group")
For Each user In G.members
If UCase(U.name) <> "ADMINISTRATOR" And UCase(U.name) <> "DOMAIN ADMINS" Then
G.remove U.adspath
End If
Next