vmsky
powershell:删除windows系统 非信任的管理员权限 
#Load [ADSI]"Administrators"
$Computer = $env:COMPUTERNAME 
$AdminGroup = 'Administrators'
$ADSI = [ADSI]("WinNT://$Computer")
$ADSIGroup = $ADSI.Children.Find($AdminGroup, 'Group')

#LimtUsers 
[System.Collections.ArrayList]$limtUsers = "AAC\A-SCCMClientAdmin", "AAC\Domain Admins", "AAC\USG-AAC-LocalAdmins", "Administrator"

#FirstTime to Get Administrators Users list
[System.Collections.ArrayList]$GetAGUsers = Net localgroup Administrators | ? {$_} | select -skip 4
$GetAGUsers.Remove( $GetAGUsers[-1] )

#Select DenyUsers by compare $LimUesrs
$DenyUsers = Compare-Object -ReferenceObject $GetAGUsers -DifferenceObject $limtUsers | ? { $_.SideIndicator -eq '<='} | select -ExpandProperty InputObject

#Delete DenyUsers in Administrators
if ($DenyUsers.count -ge 1) {
    foreach ( $DenyUser in $DenyUsers) {
        if ($DenyUser.Length -gt 20) {
            $DenyUserString = ($DenyUser -replace "\\", "/").toString()
            $ADSIGroup.Remove(("WinNT://$DenyUserString"))
        }
        else {
            Net LocalGroup Administrators $DenyUser /DELETE  | Out-Null 
        }
    }
}

#SecoundTime to Get Administrators Users list 
[System.Collections.ArrayList]$NewAGUsers = Net localgroup Administrators | ? {$_} | select -skip 4
$NewAGUsers.Remove( $NewAGUsers[-1] )

#Select LackUsers by compare $LimUsers
$LackUsers = Compare-Object -ReferenceObject $NewAGUsers -DifferenceObject $limtUsers| ? { $_.SideIndicator -eq '=>'} | select -ExpandProperty InputObject

#Add LackUsers to Administrators
if ( $LackUsers.Count -ge 1) {
    foreach ($Lackuser in $LackUsers ) {
        Net LocalGroup Administrators $Lackuser /ADD | Out-Null 
    }
}

#LastTime to Get Administrators Users list 
[System.Collections.ArrayList]$NowAGUsers = Net localgroup Administrators | ? {$_} | select -skip 4
$NowAGUsers.Remove( $NowAGUsers[-1] )
 
#Check Result
if (!(Compare-Object -ReferenceObject $NowAGUsers -DifferenceObject $limtUsers)) {
    if (!(Test-Path HKLM:\Software\SCCM_Deploy)) {
        New-Item -type Directory HKLM:\Software\SCCM_Deploy | Out-Null        
    }New-Item  HKLM:\Software\SCCM_Deploy\RemoveUntrustedAdmin  -itemType String -value "Success" | Out-Null
}else{
exit}

  

posted on 2020-09-20 08:43  vmsky  阅读(356)  评论(0编辑  收藏  举报

Copyright © 2024 vmsky
Powered by .NET 8.0 on Kubernetes Powered By博客园