# these examples use the data below - adjust to your needs # DO NOT RUN THESE LINES UNLESS YOU CAREFULLY # REVIEWED AND YOU KNOW WHAT YOU ARE DOING!
# use local machine $ComputerName = $env:computername # find name of local Administrators group $Group = ([Security.Principal.SecurityIdentifier]'S-1-5-32-544').Translate([System.Security.Principal.NTAccount]).Value.Split('\')[-1] # find name of local Administrator user $Admin = Get-CimInstance-ClassName Win32_UserAccount -Filter"LocalAccount = TRUE and SID like 'S-1-5-%-500'" $UserName = $Admin.Name # examples
# find all local groups $computerObj = [ADSI]("WinNT://$ComputerName,computer") $computerObj.psbase.children | Where-Object { $_.psbase.schemaClassName -eq'group' } | Select-Object-Property@{N='Name';E={$_.Name[0]}}, Path, @{N='Sid';E={[Security.Principal.SecurityIdentifier]::new($_.objectSid.value,0).Value}}
# find members of local admin group $computerObj = [ADSI]("WinNT://$ComputerName,computer") $groupObj = $computerObj.psbase.children.find($Group, 'Group') $groupObj.psbase.Invoke('Members') | ForEach-Object { $_.GetType().InvokeMember('ADspath','GetProperty',$null,$_,$null) }
# add user to group/remove from group $computerObj = [ADSI]("WinNT://$ComputerName,computer") $groupObj = $computerObj.psbase.children.find($Group, 'Group') # specify the user or group to add or remove $groupObj.Add('WinNT://DOMAIN/USER,user') $groupObj.Remove('WinNT://DOMAIN/USER,user')
