Need some help here.
I need to get the local user list of a remote computer and what group they belong to using PowerShell script.
I tried:
Get-LocalUser
Get-LocalGroup
Get-LocalGroupMember
Also:
gwmi win32_UserAccount
gwmi win32_group
but it is very slow and pulling the information more than requirement which consumes time.
I would like the output formatted something like below:
User Memberof
------ --------------------
abc12 Administrators
efg23 remote desktop users
hij45 Administrators,Backup Operators,users
xyz56 remote desktop users,Backup Operators
Thanks in Advance,
Cheers.
I use ADSI and it's pretty quick.
$RemoteComputerName = 'RemoteComputer'
$LocalGroup = 'Remote Desktop Users'
$ADSI = [ADSI]("WinNT://$RemoteComputerName,Computer")
$Group = $ADSI.PSBase.Children.Find($LocalGroup,'Group')
$Group.PSBase.Invoke('Members').Foreach{ $_.GetType().InvokeMember('Name','GetProperty',$null,$_,$null) }
Related
i'm trying to develop a script that remove a domain user from local administrators group (i can use computer management from ad but its a graphical interface i need to do it with commands) for now i'm using invoke command to remotely connect to machines and remove their users from local admins group .
im using this command : Invoke-Command -ComputerName $line2.split(";")[0] -ScriptBlock { net localgroup "administrators" $using:notadmin /DELETE } -Credential $Cred
the problem here if a the machine is not online i need to wait until it will be online , i'm searching how to remove users from local group (administrators for example ) through ad
is there a command to do that ?
I see two approaches:
If you would like to use Group Policy, you may check for: Restricted groups.
https://www.petri.com/manage-local-active-directory-groups-using-group-policy-restricted-groups
Another option would be to incoroporate Test-Connection in your script, validating if computer is online. If it is - execute the script, if it is not, store it in another list with offline machines.
Then later run the script against the offline machine list ... and so on until all the computers are being covered.
P.S. And yes, as suggested in the commments, consider using remove-localgroupmember, if your powershell version support it.
Again, depends of the case.
Hope it helps!
$RemoteComputer = "yourComputer"
$Computer = [ADSI]("WinNT://$RemoteComputer,computer")
$Group = $Computer.PSBase.Children.Find("Administrators")
ForEach ($User in (Get-Content
"c:\users\administrator.domain\desktop\localadmin.txt"))
{ $Group.Remove("WinNT://$User")
}
i tired this code and it really helped me thnx for help
I have a PID for which I want to check its username. I knew that we can use GetOwner(), but it is the valid method for Get-WmiObject Win32_Process. I am using Get-WmiObject -Class Win32_PerfRawData_PerfProc_Process in which there is no way to get username (as per I search online). So, I think to check PID separately is the only way to resolve this.
Can you please tell me how can I get the username of PID or get username inside Win32_PerfRawData_PerfProc_Process?
As it is described in this technet article :Technet you can use the code below.
In the last line you can put the process you want after the get-process command.
e.g. Get-Process outlook | select processname,Id,#{l="Owner";e={$owners[$_.id.tostring()]}}
$owners = #{}
gwmi win32_process |% {$owners[$_.handle] = $_.getowner().user}
Get-Process | select processname,Id,#{l="Owner";e={$owners[$_.id.tostring()]}}
The time it takes depends on how many services are currently running.
Your output will be like:
ProcessName Id Owner
----------- -- -----
OUTLOOK 13128 UserName
Hope that helps.
Kind regards.
I am wondering how I can delete user profile by using Powershell?
I know the command of Get-WmiObject Win32_UserProfile which will give me the whole users on the computer.
I have 2 variables of $computername and $username.
So I wants to use the above command to delete on a remote computer (which is $computername) the profile of $username.
How I can do it?
Thanks.
Get-WMIObject can retrieve objects from remote computers with no problem, and not only does the Win32_UserProfile class have a (poorly documented) delete() method, a Win32_UserProfile object can be passed to Remove-WMIObject. This will, to all appearances, properly clean up the registry and files, and does in fact work on remote computers.
References:
Get-Help Get-WMIObject
Get-Help Remove-WMIObject
Win32_UserProfile: https://msdn.microsoft.com/en-us/library/ee886409(v=vs.85).aspx and https://msdn.microsoft.com/en-us/library/windows/desktop/hh830632(v=vs.85).aspx
My own question on this topic
I am setting up a bunch of computers, and for this i am using powershell.
To setup admin accounts, i have used the net command, but as I get some pc's with danish OS and some with english the commands differ slightly.
Danish version:
net localgroup Administratorer username /add
english version:
net localgroup Administrators username /add
This means i need two versions of the script. is it possible to take another aproach? perhaps using some ID to identify the admin group? like writing 3334 instead of administator
The builtin Administrators group may indeed have different names depending on the installation language, but the group's security identifier is always the same:
S-1-5-32-544
To find the local name, use WMI:
$AdminGroupName = (Get-WmiObject -Class Win32_Group -Filter 'LocalAccount = True AND SID = "S-1-5-32-544"').Name
Now you can do:
net localgroup $AdminGroupName username /add
One solution could be to leverage the .NET framework (via Powershell) to retrieve the localized name of the administrators group. I find it better than hardcoding the SID of the administrators group, even though it never changes.
$adminGroupSid = [System.Security.Principal.SecurityIdentifier]::new([System.Security.Principal.WellKnownSidType]::BuiltinAdministratorsSid,$null)
$adminGroupName = $adminGroupSid.Translate([System.Security.Principal.NTAccount]).ToString()
$adminsName = ($adminGroupName -split "\\")[1]
From then on, you can either use $adminsName when calling net localgroup
net localgroup $adminsname /add <user>
in case you want to run it as a package in SCCM without content folder
%windir%\Sysnative\windowsPowershell\V1.0\powershell -command "$an='AdminUser';$ap='password'; net user /add $an $ap; $agn = (gwmi -Class Win32_Group -Filter 'LocalAccount=True AND SID="""S-1-5-32-544"""').Name;net localgroup $agn $an /add"
The user is a member of the AD security group "Domain\Sql Admins", and the security group "Domain\Sql Admins" is a member of the local Administrators group on a Windows Server.
I have tried the following PowerShell script:
$u = "Username"; net localgroup administrators | Where {$_ -match $u}
This script will only return the user if it is added directly to the admin group. Do I have to cycle through all of the groups in the admin group until I find my user? Or is there another way?
Check out this article, by Boe Prox on the Microsoft Hey Scripting Guy blog. He describes how to check if the user is a local administrator or not.
http://blogs.technet.com/b/heyscriptingguy/archive/2011/05/11/check-for-admin-credentials-in-a-powershell-script.aspx
This article points to a Test-IsAdmin function that was posted onto the TechNet Gallery.
http://gallery.technet.microsoft.com/scriptcenter/1b5df952-9e10-470f-ad7c-dc2bdc2ac946
The function contains the following code, which returns $true or $false.
([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")
PowerShell 5.1 (Windows Server 2016) contains Get-LocalGroupMember cmdlet.
$user = "$env:COMPUTERNAME\$env:USERNAME"
$group = 'Administrators'
$isInGroup = (Get-LocalGroupMember $group).Name -contains $user
Using the SID:
([Security.Principal.WindowsIdentity]::GetCurrent().Groups | Select-String 'S-1-5-32-544')
Or using a "Well-known" security identifier name:
([Security.Principal.WindowsIdentity]::GetCurrent().Groups.IsWellKnown('BuiltinAdministratorsSid') -eq $true)
if you want to get all the SIDs and their names, please check this page: https://support.microsoft.com/en-us/help/243330/well-known-security-identifiers-in-windows-operating-systems
If you happen to be using the PowerShell Community Extension you can use the Test-UserGroupMembership command e.g.:
Test-UserGroupMembership Administrators