----- Original Message -----
From: "chang zhu" <cyz2000 (at) yahoo (dot) com [email concealed]>
To: <focus-ms (at) securityfocus (dot) com [email concealed]>
Sent: Tuesday, October 12, 2004 10:17 AM
Subject: Remove domain user from local administrators group

> Hi,all
>
> I just went to this new company and found out that
> each domain user is assigned to local administrators
> group.
>
> We need to remove domain user from local
> administrators group. Is there any MS utility that
> allows to do this instead of going to each workstation
>
> to remove and assign them to Power Users group?
>
> The environment is Win2K and XP.
>
> Thanks always,
>
> Chang
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>

I would think that a login script containing the net localgroup directive
would help here.

The syntax of this command is:

NET LOCALGROUP [groupname [/COMMENT:"text"]] [/DOMAIN]
groupname {/ADD [/COMMENT:"text"] | /DELETE} [/DOMAIN]
groupname name [...] {/ADD | /DELETE} [/DOMAIN]

As an example, what I've added in the past to "add" certain users and groups
to another group:

net localgroup administrators "mydomainname\Domain Admins" /ADD
:end

This should be just as easy to run to remove someone:

net localgroup administrators "mydomainname\Domain Users" /delete
:end

--

Micheal Patterson
Senior Communications Systems Engineer
405-917-0600

Confidentiality Notice: This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and privileged information. Any unauthorized review, use,
disclosure or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message.

------------------------------------------------------------------------
---
------------------------------------------------------------------------
---

[ reply ]