Net localgroup command

I’m trying to remove users from the local administrators group via script. I can run the command through background tools just fine, but if I script it, it is running but not actually removing the user from the group.

Example: “net localgroup administrators support /DELETE”
I tried the built-in “run a command” script and it shows the command in full in the log output.
I created a this powershell script:
Import-Module $env:SyncroModule

net localgroup administrators admin /DELETE
Log-Activity -Message “User $username removed from Administrators group by RMM Script.” -EventName “Local Account Change”

The script runs and the activity log shows the variable was set properly, but the group remains unchanged on the asset. What am I missing here?

Do you have the script set to run as the user instead of SYSTEM? I’ve tested this script (replaced admin with $username which I assume you had for testing).

Import-Module $env:SyncroModule

net localgroup administrators $username /DELETE
Log-Activity -Message "User $username removed from Administrators group by RMM Script." -EventName "Local Account Change"

Script worked (user removed from group) and output was:

The command completed successfully.

Call-SyncroApi: success

SYSTEM was left alone

Why not use powershell cmdlets?

$group = "Administrators"
Remove-LocalGroupMember -Group $group -Member $Username

There are some odd inconsistencies between PowerShell 5 on different OS versions and how it parses white space. When running cmd commands from PowerShell I’ve had the most consistent results using Start-Process net -ArgumentList "localgroup administrators $UserName /DELETE"