Powershell

How to manage local groups using Powershell

There are many ways to manage local groups like using GPO and command prompt but the easiest and most effective way is using Powershell. In this article, we will manage the local administrator’s group as an example to show how easy it is to manage it through Powershell. Using Powershell, anyone can add, remove, or view the members of the local groups or even can modify the local groups like renaming their name, and with the magic of Powershell remoting, you can perform these tasks to any number of computers instantly.

What is a local administrator

A local administrator can perform any tasks on the computer like domain administrator can perform, but like domain administrator, it cannot modify the Active directory information, and this is the main reason adding users to the local admin group is very useful, and most of the domain admins perform this task at a very regular basis.

Recommended For You:  Securing Hyper-V with Shielded VMs: A PowerShell Approach

Adding users to the local administrator's group

We will be using Add-LocalGroupMember Powershell cmdlet, and if you want to know more about this command, visit this URL.

Command syntax:

Add-LocalGroupMember [-Group] <LocalGroup> [-Member] <LocalPrincipal[]>

Example 1:

Add-LocalGroupMember -Group "Administrators" -Member "Admin01", “Admin02”

The above command will add two users Admin01 and Admin02, to the local administrator group, but there is a catch. This Powershell command will only work if you logged into the computer and then running this command from the local Powershell, but this is not what we want, right? We want to add members to the remote computers local administrator group. To achieve this, we will be using Powershell remoting in the next example.

Example 2:

Invoke-Command -ComputerName "client1", "Client2" -ScriptBlock {Add-LocalGroupMember -Group "Administrators" -Member "Admin01", “Admin02”}

This command will add the users Admin01 and Admin 02 to the local administrator group of remote computers client1 and client2.

Removing users from the local administrator's group

If you know how to add the users to the local administrator group, then removing them from the local administrator group is just a piece of cake for you. Just replace the word add with remove in your command, and it will remove the users from the local administrator group.

Recommended For You:  How do I export or backup a Microsoft Teams team configuration using PowerShell?

Command syntax:

Remove-LocalGroupMember [-Group] <LocalGroup> [-Member] <LocalPrincipal[]>

Example:

Invoke-Command -ComputerName "client1", "Client2" -ScriptBlock {Remove-LocalGroupMember -Group "Administrators" -Member "Admin01", “Admin02”}

This powershell command will remove the two users Admin01 and Admin02 from the local administrator group of remote computer Client1 and Client2.

Viewing the members of the local groups

Powershell makes it very simple to find out the members of local groups use the command mentioned below, and you will find the members of any local group, but in our case, we are using local administrator group.

Command syntax:

Get-LocalGroupMember [-Group] <LocalGroup>

Example:

Invoke-Command -ComputerName "client1", "Client2" -ScriptBlock {Get-LocalGroupMember -Group "Administrators"}

Running this command will show you all the members of the local administrator group of the remote computer Client1 and Client2.

Renaming and Removing local groups

If you want to rename or remove the local groups, it also can be done very easily using Powershell.

Renaming local group command syntax:

Rename-LocalGroup [-InputObject] <LocalGroup> [-NewName] <string>

Example:

Invoke-Command -ComputerName "client1", "Client2" -ScriptBlock {Get-LocalGroupMember -Group "Administrators"}

This command will rename the local group called “SecurityGroup” to “SecurityGroup04” on the remote computers Client1 and Client2.

Removing local group command syntax:

Remove-LocalGroup [-InputObject] <LocalGroup>

Example:

Invoke-Command -ComputerName "client1", "Client2" -ScriptBlock {Remove-LocalGroup -Name "SecurityGroup"}

This command will remove the local group called “SecurityGroup” from the remote computer Client1 and Client2.

You might also be interested in:

Muhammad Faizan

Hi, My name is Muhammad Faizan and i have spent last 15 years working as System Administrator mainly with Microsoft Technologies. I am MCSE, MCTP, MCITP, certified professional. I love scripting and Powershell is the scripting language i am in love with.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Check Also
Close
Back to top button