Check if group is member of local administrator group if not write remediation script to add them

All replies

• 

  

  0

  Sign in to vote

  Please don't post colorized scripts.  Use the code posting tool.  Colorized code is untradeable and cannot usually be copied correctly.

  ---

  \_(ツ)_/

  • Proposed as answer by DC082961 Tuesday, December 26, 2017 3:51 PM

  Thursday, August 10, 2017 8:13 PM

  Reply

  |

  Quote
• 

  

  0

  Sign in to vote

  You could use something like this:

  $group = Get-WmiObject Win32_Group -Filter "SID='S-1-5-32-544'"
  $admin = @()
  Get-WmiObject Win32_GroupUser|? {$_.groupcomponent -like '*"'+$group.name+'"'}|Select-Object -ExpandProperty partcomponent|ForEach-Object{
      $_ -match ".+Domain\=(.+)\,Name\=(.+)$"|Out-Null
      $admin += (($matches[1].trim('"') + “\” + $matches[2].trim('"')))
  }
  if($admin -notcontains 'Domain\UserOrGroup'){
      net localgroup $group.Name Domain\UserOrGroup /add
  }

  
  

  ---

  Best regards,
  Pavel Volkov
  MCP, MS: Configuring Windows Devices, Hyper-V and SCVMM
  MCSA: Windows 10/Server 2012/Server 2016/SQL 2016 Database Development
  MCSE: Mobility, Cloud Platform and Infrastructure
  
  Please remember to mark the replies as answers if they help...

  Thursday, August 10, 2017 8:46 PM

  Reply

  |

  Quote