Help with handle local accounts

This topic contains 22 replies, has 4 voices, and was last updated by Profile photo of ertuu85 ertuu85 1 month, 1 week ago.

Viewing 15 posts - 1 through 15 (of 23 total)
  • Author
    Posts
  • #45444
    Profile photo of ohlssrog
    ohlssrog
    Participant

    Hi.

    I need to disable the local administrator account on servals servers for security policy. I hope and i think there must be a simple way to do this with PS so i dont have to login into each server and disable the account?

    • This topic was modified 2 months, 4 weeks ago by Profile photo of ohlssrog ohlssrog.
    #45455
    Profile photo of Jonathan Warnken
    Jonathan Warnken
    Participant
    #45457
    Profile photo of ohlssrog
    ohlssrog
    Participant

    Yes i saw this too when i did a google on this, but im pretty new on PS and just wanna one command that disable the ,\Administator account, think this script/solution do much more than that?

    #45467
    Profile photo of Jonathan Warnken
    Jonathan Warnken
    Participant
    #45483
    Profile photo of ohlssrog
    ohlssrog
    Participant

    yes i read it but dont understand much of it, am i right that i must know the password for the local account i want to disable?

    #45561
    Profile photo of Jonathan Warnken
    Jonathan Warnken
    Participant

    the script in the blog was written to have you set the password when you enable a user but it is not a requirement.

    At a very basic level this is what you need

    $user = "TestUser" 
    $computer = "."
    $EnableUser = 512
    $DisableUser = 2 
    $ObjUser = [ADSI]”WinNT://$computer/$user”
    $objUser.userflags = $DisableUser # This set the disabled flag. To Enable the user change to $objUser.userflags = $EnableUser 
    $objUser.setinfo() # The writes the changes to the user account
    
    
    
    #45640
    Profile photo of ohlssrog
    ohlssrog
    Participant

    OK, thanks alote, i will test this and get back 🙂

    #45642
    Profile photo of ohlssrog
    ohlssrog
    Participant

    It works fine for one computer but i cannot add in servals computernames ex
    $computername = "serve1,server2,server3"

    Is where any way this can be solved?

    • This reply was modified 2 months, 3 weeks ago by Profile photo of ohlssrog ohlssrog.
    #45728
    Profile photo of Jonathan Warnken
    Jonathan Warnken
    Participant

    To do this for multiple computers you will need to use a for each loop to process all the computers.

    $user = "TestUser" 
    $computers = ".","localhost"
    $EnableUser = 512
    $DisableUser = 2 
    Foreach ($computer in $computers){
      $ObjUser = [ADSI]”WinNT://$computer/$user”
      $objUser.userflags = $DisableUser # This set the disabled flag. To Enable the user change to $objUser.userflags = $EnableUser 
      $objUser.setinfo() # The writes the changes to the user account
    }
    
    #45734
    Profile photo of ohlssrog
    ohlssrog
    Participant

    that doesnt work, the script looking for a host called "," if i set this

    $computer = "server1","server2","server3" . Or have i misunderstand this?

    #45745
    Profile photo of rintke
    rintke
    Participant

    It should work if you set it like this:

    $computers = "Server01", "Server02", "Server03"

    Also take a look at this:

    $ObjUser = [ADSI]”WinNT://$computer/$user”

    Replace those ” quotes with this "

    $ObjUser = [ADSI]"WinNT://$computer/$user"

    #45749
    Profile photo of ohlssrog
    ohlssrog
    Participant

    Still same error. As soon i put in 2 servers with "server01","server02" it cannot find name called "," . Works fine with one "server01". I have installed PS 5 on this machine if that should make any differens?
    Exception setting "userflags": "The following exception occurred while retrieving member "userflags": "The network path was not found.
    ""
    At G:\PS_Scripts\disablelocaladmin.ps1:6 char:1
    + $objUser.userflags = $DisableUser # This set the disabled flag. To En ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [], SetValueInvocationException
    + FullyQualifiedErrorId : ExceptionWhenSetting

    The following exception occurred while retrieving member "setinfo": "The network path was not found.
    "
    At G:\PS_Scripts\disablelocaladmin.ps1:7 char:1
    + $objUser.setinfo() # The writes the changes to the user account
    + ~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [], ExtendedTypeSystemException
    + FullyQualifiedErrorId : CatchFromBaseGetMember

    • This reply was modified 2 months, 3 weeks ago by Profile photo of ohlssrog ohlssrog.
    • This reply was modified 2 months, 3 weeks ago by Profile photo of ohlssrog ohlssrog.
    #45775
    Profile photo of rintke
    rintke
    Participant

    Post the whole code you are running and the output with errors here.

    #45912
    Profile photo of ohlssrog
    ohlssrog
    Participant

    The output from the script that is exact like Jonathan have deliver above with change that i have put in.
    $computer = "server01","server02"

    Exception setting "userflags": "The following exception occurred while retrieving member "userflags": "The network path was not found.
    ""
    At G:\PS_Scripts\disablelocaladmin.ps1:6 char:1
    + $objUser.userflags = $DisableUser # This set the disabled flag. To En ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [], SetValueInvocationException
    + FullyQualifiedErrorId : ExceptionWhenSetting

    The following exception occurred while retrieving member "setinfo": "The network path was not found.
    "
    At G:\PS_Scripts\disablelocaladmin.ps1:7 char:1
    + $objUser.setinfo() # The writes the changes to the user account
    + ~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [], ExtendedTypeSystemException
    + FullyQualifiedErrorId : CatchFromBaseGetMember

    #45926
    Profile photo of ohlssrog
    ohlssrog
    Participant

    I put in the script anyway.
    $user = "NTAdmin"
    $computer = "server01","server02"
    $EnableUser = 512
    $DisableUser = 2
    $ObjUser = [ADSI]”WinNT://$computer/$user”
    $objUser.userflags = $DisableUser # This set the disabled flag. To Enable the user change to $objUser.userflags = $EnableUser
    $objUser.setinfo() # The writes the changes to the user account

Viewing 15 posts - 1 through 15 (of 23 total)

You must be logged in to reply to this topic.