获取管理员组用户

获取本地管理员组用户

方法一:

$strComputer = $env:COMPUTERNAME
$computer = [ADSI]("WinNT://" + $strComputer + ",computer")
$Group = $computer.psbase.children.find("Administrators")  #可以自定义组名称
$members= $Group.psbase.invoke("Members") | %{$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)}
$members

方法二:

[string]$computerName = $env:ComputerName
$computer = [ADSI]"WinNT://$computerName"
$admingroup="administrators"  #可以自定义组名称
$group = [ADSI]"WinNT://$computerName/$admingroup"
$members = $group.psbase.invoke("Members") | %{$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)}
$members

方法三:

$group = [ADSI]“WinNT://./administrators,group”
$members = $group.psbase.invoke("Members") | %{$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)}
$members

#通过 $members.Contains("$user") 判断是否包含 $user,返回 true 则为真。

方法四(批处理):

net localgroup administrators

 

方法五(将vbs转换为powershell):这个没有成功,应该是可以的

[reflection.assembly]::LoadWithPartialName("'Microsoft.VisualBasic")
$a= [Microsoft.VisualBasic.Interaction]::GetObject("WinNT://./Administrators")
$a|%{$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)}

 结果为: administrators

 

 

判断当前登录用户是否属于管理员组:

当前用户是否属于管理员组:

方法一:

$currentUser = [Security.Principal.WindowsIdentity]::GetCurrent() 
(New-Object Security.Principal.WindowsPrincipal $currentUser).IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator)

方法二:

whoami /groups /fo CSV | ConvertFrom-Csv | where { $_.SID -eq 'S-1-5-32-544' }) -ne $nul
whoami /groups

获取本地用户:

gwmi win32_useraccount

获取本地组:

gwmi win32_group

ADSI删除用户:

$User = [ADSI]"WinNT://$computerName" 
$user.Delete("User",$userName)

添加用户:

net user abc abcpassword /add
net localgroup administrators abc /add

删除Administrator以外的所有管理员账户(.vbs):

strComputer = "."
On Error Resume Next
Set oGroupAdm = GetObject("WinNT://" & strComputer & "/Administrators")
For Each oAdmGrpUser In oGroupAdm.Members
sAdmGrpUser = LCase(oAdmGrpUser.Name)
REM MsgBox sAdmGrpUser
If (sAdmGrpUser <> "administrator") And (sAdmGrpUser <> "domain admins") And (sAdmGrpUser <> "administrator") Then
MsgBox sAdmGrpUser
oGroupAdm.Remove oAdmGrpUser.ADsPath
End if
Next

 

本地用户管理:http://www.cnblogs.com/dreamer-fish/p/3365542.html

posted on 2014-08-15 20:25  momingliu11  阅读(1727)  评论(0编辑  收藏  举报

Powered by: 博客园 Copyright © 2024 momingliu11
Powered by .NET 9.0 on Kubernetes