可以在AD上透過此script來達成修改本機群組的需求
Set WshShell = WScript.CreateObject("WScript.Shell")
HostName = WshShell.ExpandEnvironmentStrings("%COMPUTERNAME%")
set objWMIService = GetObject("winmgmts:\\.\root\cimv2")
Set oADsSysInfo = CreateObject("ADSystemInfo")
'get domain dns name
'Set GroupSetup = objWMIService.ExecQuery("select Domain from Win32_ComputerSystem where PartOfDomain = True")
'For Each objGroupSetup in GroupSetup
' LocalDomain = objGroupSetup.Domain
'Next
'convert domain from dns name
'If Trim(LocalDomain) <> "" Then
' RegKey = """HKLM\Software\Microsoft\Windows nt\CurrentVersion\Winlogon\DomainCache""|find/I """ & LocalDomain & """"
' Result = WshShell.Exec("%ComSpec% /c reg query " & RegKey ).StdOut.ReadAll
' For Each tmp in Split(Result,vbCrLf)
' If Trim(tmp) <> "" Then
' Data = Split(Tmp,vbTab)
' If UCASE(data(2)) = UCASE(LocalDomain) Then
' Domain = UCase(Trim(data(0)))
' End If
' ENd If
' Next
'End If
Domain = oADsSysInfo.DomainShortName
set colGroup = objWMIService.ExecQuery("select * from Win32_Group where ((SID = 'S-1-5-32-544') and (Domain = '" & HostName & "')) or ((SID like 'S-1-5-%-512') and (Domain = '" & Domain & "'))")
For Each objGroup in colGroup
If UCase(objGroup.Domain) = UCase(HostName) Then
LocalAdminGroup = objGroup.name
Else
DomainAdminGroup = objGroup.name
End If
next
set colAccount = objWMIService.ExecQuery("select * from Win32_UserAccount where SID like 'S-1-5-%-500' and Domain = '" & HostName &"'")
For Each objAccount In colAccount
LocalAdminUser = objAccount.name
next
'remove account from local administrators
' Set objGroup = GetObject("WinNT://" & HostName & "/" & LocalAdminGroup)
' Set memberlist = objGroup.members
' For Each member In memberlist
' Tmp = Split(member.Parent,"/")
' If UCase(Tmp(UBound(Tmp))) = UCase(HostName) Then 'local account
' If UCase(member.Name) <> UCase(LocalAdminUser) Then
' objGroup.Remove(member.AdsPath)
' End If
' Else 'Domain Account
' If UCASE(member.AdsPath) <> UCASE("WinNT://" & Domain & "/" & DomainAdminGroup) Then ' Keep domain admins in the local administrators group
' objGroup.Remove(member.AdsPath)
' End If
' End IF
' next
'change local admin password
' set objUser = GetObject("WinNT://" & HostName & "/" & LocalAdminUser)
' objUser.SetPassword("Password")
沒有留言:
張貼留言