I'm working to create a CI in SCCM to discover if a group is a member of the local administrators group. Then add a remediation script to the CI to add the user to the local administrators group. I believe my issue is the script portion. Am I
going in the right direction?
Discovery Script
$group=[ADSI]"WinNT://./Administrators,group"
$members=@($group.psbase.Invoke("Members"))
(
$members|foreach{$_.GetType().InvokeMember("Name",'GetProperty',$null,$_,$null)})
-contains"GROUPNAME"
if
($members-eqTrue)
{
Write-Output'Compliant'
}else
{
Write-Output'Not-Compliant'
}
Remediation Script
netlocalgroupadministratorsACCOUNTS\GROUPNAME/add