-
Notifications
You must be signed in to change notification settings - Fork 0
/
Remediate-LocalAdmins.ps1
42 lines (38 loc) · 1.19 KB
/
Remediate-LocalAdmins.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
#Get Users in Local Admin Group
$members = net localgroup administrators
$membercleanup = $members[6..($members.Length-3)] | Sort-Object
# Create Array of Admins
$Admins = @{}
#For Each loop through Local Admin Group flagging undesired accounts to true.
foreach ($Administrator in $MemberCleanup){
IF ($administrator -eq 'StandardJoe'){
$value = $false
Write-host 'Remote support account detected'
}
Elseif ($administrator -eq 'Contoso\Domain Admins'){
$value = $false
write-host 'Domain Admin Account Detected'
}
Elseif ($administrator -eq 'Administrator'){
$value = $false
write-host 'Administrator Account Detected'
}
else{
$value = $true
}
$Admins.add( $Administrator, $value )
}
write-host ""
#Loop through ARray and remove flagged accounts
function DecisionTree(){
$admins.GetEnumerator() | ForEach-Object {
if ( $_.value -eq $True){
Write-Host $_.key "Will be deleted"
#net localgroup administrators $($item.key) /delete
}
else{
Write-Host $_.Key "Will not be deleted"
}
}
}
DecisionTree