Introduction
Managing local administrator rights is crucial for maintaining a secure network environment. This script allows you to efficiently manage local administrator membership on computers using security groups.
Use Case
This script is beneficial for:
- Enhancing Security: By controlling who has local administrator privileges, you can limit the potential damage from malware or unauthorized access.
- Centralized Management: Using security groups simplifies the management of local administrator rights across multiple computers.
- Automation: Automating the process saves time and reduces the risk of human error.
Script
# Requires -ComputersName (or other method to get computer list)
$computers = Get-Content -Path "C:\ComputerList.txt"
$groupToAdd = "CONTOSO\LocalAdmins" # Replace with your security group name
foreach ($computer in $computers) {
try {
# Add the security group to the local Administrators group
Add-LocalGroupMember -ComputerName $computer -Group "Administrators" -Member $groupToAdd -ErrorAction Stop
Write-Host "$computer: Added '$groupToAdd' to local Administrators group." -ForegroundColor Green
}
catch {
Write-Host "$computer: Error - $_" -ForegroundColor Red
}
}
Explanation
- The script takes a list of computers from a text file (or another source).
- It iterates through the list and uses the
Add-LocalGroupMember
cmdlet to add the specified security group to the local Administrators group on each computer. - The
-ErrorAction Stop
parameter ensures that the script stops if any errors occur.
Outro
This script helps you easily manage local administrator rights using security groups, improving the security and manageability of your environment.
Tags
PowerShell, Active Directory, Security Groups, Local Administrators, Security, Endpoint Management, Automation