I’m trying to remove users from the local administrators group via script. I can run the command through background tools just fine, but if I script it, it is running but not actually removing the user from the group.
Example: “net localgroup administrators support /DELETE”
I tried the built-in “run a command” script and it shows the command in full in the log output.
I created a this powershell script:
net localgroup administrators admin /DELETE
Log-Activity -Message “User $username removed from Administrators group by RMM Script.” -EventName “Local Account Change”
The script runs and the activity log shows the variable was set properly, but the group remains unchanged on the asset. What am I missing here?
Do you have the script set to run as the user instead of SYSTEM? I’ve tested this script (replaced admin with $username which I assume you had for testing).
net localgroup administrators $username /DELETE
Log-Activity -Message "User $username removed from Administrators group by RMM Script." -EventName "Local Account Change"
Script worked (user removed from group) and output was:
The command completed successfully.
Why not use powershell cmdlets?
$group = "Administrators"
Remove-LocalGroupMember -Group $group -Member $Username
There are some odd inconsistencies between PowerShell 5 on different OS versions and how it parses white space. When running cmd commands from PowerShell I’ve had the most consistent results using
Start-Process net -ArgumentList "localgroup administrators $UserName /DELETE"