Sign in
Microsoft.com
 
Microsoft
 
 
 

locked
Check if group is member of local administrator group if not write remediation script to add them RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    I'm working to create a CI in SCCM to discover if a group is a member of the local administrators group. Then add a remediation script to the CI to add the user to the local administrators group.  I believe my issue is the script portion.  Am I going in the right direction?

    Discovery Script

    $group=[ADSI]"WinNT://./Administrators,group"

    $members=@($group.psbase.Invoke("Members"))


    (

    $members|foreach{$_.GetType().InvokeMember("Name",'GetProperty',$null,$_,$null)}) -contains"GROUPNAME"

    if

    ($members-eqTrue)

    {   

    Write-Output'Compliant'

    }else

    {

    Write-Output'Not-Compliant'

    }

    Remediation Script

    netlocalgroupadministratorsACCOUNTS\GROUPNAME/add

    • Moved by Bill_Stewart Wednesday, September 13, 2017 10:04 PM This is not system center forum
    Thursday, August 10, 2017 8:03 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Please don't post colorized scripts.  Use the code posting tool.  Colorized code is untradeable and cannot usually be copied correctly.

    \_(ツ)_/

    • Proposed as answer by DC082961 Tuesday, December 26, 2017 3:51 PM
    Thursday, August 10, 2017 8:13 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    You could use something like this:

    $group = Get-WmiObject Win32_Group -Filter "SID='S-1-5-32-544'"
$admin = @()
Get-WmiObject Win32_GroupUser|? {$_.groupcomponent -like '*"'+$group.name+'"'}|Select-Object -ExpandProperty partcomponent|ForEach-Object{
    $_ -match ".+Domain\=(.+)\,Name\=(.+)$"|Out-Null
    $admin += (($matches[1].trim('"') + “\” + $matches[2].trim('"')))
}
if($admin -notcontains 'Domain\UserOrGroup'){
    net localgroup $group.Name Domain\UserOrGroup /add
}

    Best regards,
    Pavel Volkov
    MCP, MS: Configuring Windows Devices, Hyper-V and SCVMM
    MCSA: Windows 10/Server 2012/Server 2016/SQL 2016 Database Development
    MCSE: Mobility, Cloud Platform and Infrastructure

    Please remember to mark the replies as answers if they help...

    Thursday, August 10, 2017 8:46 PM