PowerShell/BulkLocalAdminRemoval.ps1 at main · jkingster/PowerShell · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
$TARGET_OU = ""

$credential = Get-Credential

$computers = Get-ADComputer -SearchBase $TARGET_OU -Filter * | Select-Object Name

if ($computers.Count -le 0) {
    Write-Host -ForegroundColor Red "No workstations found in target OU: $TARGET_OU"
    return
}

foreach ($computer in $computers) {
   try {
    $session = New-PSSession -ComputerName $computer.Name -Credential $credential
    if (-Not($session) -and $session.State -ne 'Opened') {
        Write-Host -ForegroundColor Yellow "Could not establish PS-Remote Session: $($computer.Name)"
        continue
    }

    Write-Host -ForegroundColor Green "PS-Remote Session Established: $($computer.Name)"
    Write-Host -ForegroundColor Yellow "Beginning Local Administrator Checks... $($computer.Name)"
    Invoke-Command -Session $session -ScriptBlock {
        $ignoredAdministrators = @("Domain Admins", "Administrator") # This needs to be set here for the PS-remote hop.

        $administrators = Get-LocalGroupMember -Group "Administrators" | Select-Object -ExpandProperty Name

        if ($administrators.Count -le 0) {
            Write-Host "There are no objects under the Administrators group for this computer: $env:ComputerName" -ForegroundColor Yellow
            return
        }

        foreach ($administrator in $administrators) {
            # Normalize name
            $adminName = $administrator -replace '^.*\\', ''  # Remove domain or workgroup prefix

            # Skip ignored accounts
            if ($ignoredAdministrators -contains $adminName) {
                Write-Host "Ignoring Group: $($adminName)" -ForegroundColor Yellow
                continue
            }

            # Skip built-in accounts
            if ($adminName -eq 'Administrator') {
                Write-Host "Skipping built-in account: Administrator" -ForegroundColor Yellow
                continue
            }

            Write-Host "Removing Group: $($adminName)" -ForegroundColor Red
            Remove-LocalGroupMember -Group "Administrators" -Member $administrator
        }
    }

    Remove-PSSession $session
   } catch {
    Write-Host -ForegroundColor Red "Could not esatblish PS-Session with $($computer.Name) ($_)"
   }
}

Write-Host "Local Admin Removal Completed..."