System Administration Scripting

2007年3月30日星期五

清理域中所有计算机本地管理员组成员

On Error Resume Next

strComputer = "."

Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colComputers = objWMIService.ExecQuery("Select DomainRole from Win32_ComputerSystem")
For Each objComputer in colComputers
Select Case objComputer.DomainRole
Case 0
strComputerRole = "Standalone Workstation"
Case 1
strComputerRole = "Member Workstation"
Case 2
strComputerRole = "Standalone Server"
Case 3
strComputerRole = "Member Server"
Case 4
strComputerRole = "Backup Domain Controller"
Case 5
strComputerRole = "Primary Domain Controller"
End Select

WScript.Echo strComputerRole

If strComputerRole = "Member Workstation" or strComputerRole = "Standalone Workstation" Then

Set colAccounts = GetObject("WinNT://" & strComputer)
colAccounts.Filter = Array("user")

For Each objAccount In colAccounts
WScript.Echo objAccount.Name
If UCase(objAccount.Name) = "GUEST" or InStr(UCase(objAccount.Name),"INVIT") or UCase(objAccount.Name) = "HELPASSISTANT" or UCase(objAccount.Name) = "SUPPORT_388945A0" Then
objAccount.AccountDisabled = True
objAccount.SetInfo
End If

If InStr(UCase(objAccount.Name),"ADMINIST") Then
Set objShell = CreateObject("Wscript.Shell")
objShell.Run "\\SomeServerShare\SomeTasks.bat", 0, TRUE
End If
Next


Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators,group")
For Each objUser in objGroup.Members
If objUser.Name <> "Account1" and objUser.Name <> "Account2" and objUser.Name <> "Domain Admins" Then
objGroup.Remove(objUser.ADsPath)
End If
Next
End If

Next

Bookmark this post:
Ma.gnolia DiggIt! Del.icio.us Blinklist Yahoo Furl Technorati Simpy Spurl Reddit Google


0 评论:

©2007 LastUpdated : 09/01/2024 10:03:43