![\"Hey,](\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/q-for-powertip.jpg\" "\\"Hey,")
\n \n
Hey, Scripting Guy! How can I delete all the users whose name starts with GER\/ad_ from the local Administrators group on a computer? Hey, ID. It\u2019s a Friday as the Scripting Guy who writes this column writes this column. Usually Fridays are a very sad day for this Scripting Guy: after all, when Friday comes to an end he faces two days<\/I> of having to stay home rather than experience the joy of coming in to work. But this Friday is different; this time around the Scripting Guy who writes this column is in a good mood. Why? Because as he drove in to work today he happened to glance down at the odometer and noticed that it was displaying nothing but 6s!<\/P>\n We understand: that sounds too incredible to be true. But true it is. And while the Scripting Guy who writes this column didn\u2019t have a camera with him he did enlist the services of a police artist to recreate exactly what he saw on the odometer:<\/P> With the top line (66666) representing the total number of miles on the car and the bottom line (6.6) representing the number of miles driven on this particular trip.<\/P>\n That\u2019s what he said, too: wow.<\/P>\n
— ID <\/P>![\"Spacer\"](\"https:\/\/devblogs.microsoft.com\/scripting\/wp-content\/uploads\/sites\/29\/2019\/05\/spacer.gif\")
![\"Hey,](\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/a-for-powertip.jpg\" "\\"Hey,")
![\"Script](\"http:\/\/img.microsoft.com\/library\/media\/1033\/technet\/images\/scriptcenter\/ad.jpg\" "\\"Script")
<\/A> \n66666\n 6.6\n<\/PRE>\n
| \n Note<\/B>. Being the culturally-literate guy that he is, the Scripting Guy who writes this column is well aware of the so-called Mark of the Beast<\/B> and the alleged meaning of the number 666. So do all these 6s, combined with the fact that the Scripting Guy who writes this column works for Microsoft (of all places!) mean that the Scripting Guy who writes this column is the Evil One? Don\u2019t be silly. And you don\u2019t have to take his word for it; let\u2019s ask the Scripting Editor if she<\/I> thinks the Scripting Guy who writes this column is the Evil One. What do you say, Scripting Editor? Hello? Scripting Editor? You there?<\/P>\n Well, she seems to have stepped out for a moment. But we all know what she would have said had she been here.<\/P><\/TD><\/TR><\/TBODY><\/TABLE>\n <\/DIV>\n At any rate, seeing as how the Scripting Guy who writes this column is in a good mood today, let\u2019s try to tackle the problem of deleting a specific set of users from the local Administrators group. And this should put you<\/I> in a good mood, ID; turns out that this isn\u2019t a very hard problem to solve after all:<\/P> Set objGroup = GetObject(“WinNT:\/\/” & strComputer & “\/Administrators”)<\/p>\n For Each objUser In objGroup.Members\n If InStr(objUser.ADsPath, “WinNT:\/\/GER\/ad_”) Then\n objGroup.Remove(objUser.AdsPath)\n End If\nNext\n<\/PRE>\n Note:<\/B> If you\u2019re running Windows Vista, this script will only work with elevated privileges. That means that if you run from the command prompt, you need to open the command window by right-clicking and selecting Run As Administrator.<\/P><\/TD><\/TR><\/TBODY><\/TABLE>\n As you can see, we start out by assigning the name of the target computer to a variable called strComputer; we then use this line of code to connect to the local Administrators group on that machine:<\/P> The important thing to note here: we use the WinNT<\/B> provider, written exactly in that fashion (W-i-n-N-T). Type that in any other way (e.g., winnt or WINNT) and the script will fail.<\/P>\n Before we go much further we should note that, if we were working with Active Directory, we could do some sort of search to locate all the \u201cGER\/ad_\u201d users. For better or worse, however, we can\u2019t do a search for local accounts. Instead, we need to bind directly to the Administrators group; in addition, we need to set up a For Each loop that loops through the items in the group\u2019s Members<\/B> property:<\/P> As you might have guessed, the items in the Members property correspond quite nicely to the list of group members. That means that all we have to do now is figure out which users meet our criteria (GER\/ad_) and which ones don\u2019t.<\/P>\n Admittedly, that\u2019s a little bit tricky, if for no reason other than the fact that people typically work with the Name<\/B> property when dealing with local user accounts. That doesn\u2019t help us much, because the Name property doesn\u2019t include the domain (the GER\/ in our example). Instead you get back names similar to this:<\/P> That\u2019s nice, but there\u2019s no way to tell whether these are truly local<\/I> user accounts or if they are domain accounts. And if they are<\/I> domain accounts, there\u2019s no way of identifying which domain the account came from.<\/P>\n Because of that, we need to use the account\u2019s ADsPath<\/B> property rather than the account Name. ADsPath is going to return information similar to this, with GER representing the domain name:<\/P> Now our task is much easier: if an ADsPath starts with WinNT:\/\/GER\/ad_<\/B> then this is a user we need to remove from the local Administrators group.<\/P>\n That explains our next line of code, a line that checks to see if the string value WinNT:\/\/GER\/ad_<\/I> can be found anywhere in the user\u2019s ADsPath:<\/P> If that string value can<\/I> be found we then call the Remove<\/B> method (passing the ADsPath as the sole method parameter) in order to remove that user from the Administrators group:<\/P> If that string value can\u2019t<\/I> be found then we don\u2019t do anything at all; instead we simply loop around and repeat the process with the next user in the collection. Where we\u2019re all done we will have removed all the GER\/ad_ users from the local Admins group.<\/P>\n Not as fancy as a search, but, ultimately, every bit as effective.<\/P>\n In case you\u2019re wondering, as excited as the Scripting Guy who writes this column was to see nothing but 6s on his odometer, that was not<\/I> the most exciting thing that has happened to him lately, not by a longshot. For example, far more exciting was the day he stopped at the grocery store and the bill came to $20.00 exactly<\/I>. That<\/I> was cool. And then there was his recent trip to Orlando<\/B><\/A>. While his peers were out partying all night long he and Scripting Guy Jean Ross stayed in their hotel rooms and spent the night creating and publishing Script Center pages. Dance the night away at the Groove or the Glo Lounge, or stay up till 3:00 AM working? For the Scripting Guys, that was an easy decision.<\/P>\n Which goes a long ways towards explaining why something like all 6s on the odometer gets them so excited.<\/P><\/p>\n","protected":false},"excerpt":{"rendered":" Hey, Scripting Guy! How can I delete all the users whose name starts with GER\/ad_ from the local Administrators group on a computer?— ID Hey, ID. It\u2019s a Friday as the Scripting Guy who writes this column writes this column. Usually Fridays are a very sad day for this Scripting Guy: after all, when Friday […]<\/p>\n","protected":false},"author":595,"featured_media":87096,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[23,24,3,5],"class_list":["post-64633","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scripting","tag-local-accounts-and-windows-nt-4-0-accounts","tag-other-directory-services","tag-scripting-guy","tag-vbscript"],"acf":[],"blog_post_summary":" Hey, Scripting Guy! How can I delete all the users whose name starts with GER\/ad_ from the local Administrators group on a computer?— ID Hey, ID. It\u2019s a Friday as the Scripting Guy who writes this column writes this column. Usually Fridays are a very sad day for this Scripting Guy: after all, when Friday […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/64633","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/users\/595"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/comments?post=64633"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/64633\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media\/87096"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media?parent=64633"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/categories?post=64633"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/tags?post=64633"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}} |