This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 75%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWY%3C/text%3E%3C/svg%3E)
Hello ,
anyone know how to remove bulk user 's local admin right with PowerShell script?
One alternative I think is to use "Net localgroup" to create a batch file and add it to user logon scriptpath to delete the local admin right when user login pc.
if possible to meet the target by Powershell script pls ? Thanks for you sharing in advance.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 94%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIX%3C/text%3E%3C/svg%3E)
Hi,
Since Get-localgroupmember -Group "administrators" returns only local users, there are no domain users or groups in your local administrators group. You have to run your script as administrator or you'll see the "Access denied" error.
If you want to run Remove-LocalGroupMember on remote computers, you can try Invoke-Command like below
$userlist=import-csv 'D:\powershell test\testremove.CSV'
Invoke-Command -ComputerName $computer -ScriptBlock{ Remove-LocalGroupMember -Group administrators -Member $using:userlist.samaccountname } -Credential ''
Before using Invoke-Command to run commands on a remote computer, read about_Remote.
Best Regards,
Ian Xue
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi,
You can use the Remove-LocalGroupMember cmdlet in PowerShell.
Remove-LocalGroupMember -Group administrators -Member $users
Best Regards,
Ian Xue
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi Ian,
thanks , but looks this command only work for local account.
because when I try Get-LocalGroupMember -Group "Administrators" , it only get my local user account or group , which not out-put all related domain machine or group or user with local admin right
what I need is to get all the domain machines or user account ,which has the local admin right and remove some machine local admin right .
if possible to share a sample script to me?
thanks for your help
Get-LocalGroupMember -Group "Administrators" gets all the members in the Administrators group, including the domain users and groups with the PrincipalSource property value "ActiveDirectory".
Hi Ian,
it is works with Get-LocalGroupMember -Group "Administrators" , and has result out put as below, but there are lots of accounts in"AP\AdminGrouptest" , then how to now who are they? how to get the detail ? I just need to remove some users in this group, not all user
ObjectClass Name PrincipalSource
User AP\test ActiveDirectory
Group AP\AdminGroupTest ActiveDirectory
It doesn't work with Get-LocalGroupmember -Group "Administrators" -PrincipalSource "ActiveDirectory" ,there is not included the properties
Thanks for help
The "AP\AdminGroupTest" is an Active Directory group. To get the members of it you can use the Get-ADGroupMember cmdlet.
Get-ADGroupMember -Identity AdminGroupTest -Credential ""
To remove some AD user from the AD group, just use Remove-ADGroupMember. Note that you need domain administrator rights to perform the operation.
Remove-ADGroupMember -Identity AdminGroupTest -Members someuser -Credential ""
Hi Ian,
thanks for your clarify, but I am sorry that still need your further help.
Get-localgroupmember -Group "administrators" ,
ObjectClass Name PrincipalSource
User NB12345\Administrator Local
User NB12345\localad Local
Above only get the result of my local laptop result, how to get others? such as a lots of remote PC with local admin right.
May I know if the cmdlet Remove-LocalGroupMember only can use on local ? can't do remotely ? As I tired to remove one remote pc's local admin right, it show "Access denied "
attached script to you, thanks !
96214-test1.txt
Doesn't work, $users is not identified.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 98%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
Ya you have to define it before running that line.