A tranquil forest stream surrounded by lush greenery and rocks, perfect for a nature escape.

Managing Local Administrators with PowerShell and Security Groups

Introduction

Managing local administrator rights is crucial for maintaining a secure network environment. This allows you to efficiently manage local administrator membership on computers using security groups.

Use Case

This script is beneficial for:

  • Enhancing Security: By controlling who has local administrator privileges, you can limit the potential damage from malware or unauthorized access.
  • Centralized Management: Using security groups simplifies the management of local administrator rights across multiple computers.
  • : Automating the process saves time and reduces the risk of human error.

Script

# Requires -ComputersName (or other method to get computer list)

$computers = Get-Content -Path "C:\ComputerList.txt" 
$groupToAdd = "CONTOSO\LocalAdmins" # Replace with your security group name

foreach ($computer in $computers) {
    try {
        # Add the security group to the local Administrators group
        Add-LocalGroupMember -ComputerName $computer -Group "Administrators" -Member $groupToAdd -ErrorAction Stop

        Write-Host "$computer: Added '$groupToAdd' to local Administrators group." -ForegroundColor Green
    }
    catch {
        Write-Host "$computer: Error - $_" -ForegroundColor Red
    }
}

Explanation

  • The script takes a list of computers from a text file (or another source).
  • It iterates through the list and uses the Add-LocalGroupMember cmdlet to add the specified security group to the local Administrators group on each computer.
  • The -ErrorAction Stop parameter ensures that the script stops if any errors occur.

Outro

This script helps you easily manage local administrator rights using security groups, improving the security and manageability of your environment.

Tags

PowerShell, , Security Groups, Local Administrators, Security, Endpoint Management, Automation

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

WordPress Cookie Plugin by Real Cookie Banner