Monday, January 30, 2012

Remotely Remove a User From the Local Administrators Group

Here's an easy way to remotely remove a user from the local administrators group using Psexec

What you'll need:

  • psexec
  • Elevated privileges 
  • Allow inbound remote administration on pc you are reaching

Pull up the command prompt. It may be good to double check what users are in the Administrators group first.
C:\>  psexec \\2E01-Computer net localgroup Administrators
Now that you know the user you want to remove, insert the command below
C:\>  psexec \\2E01-Computer net localgroup administrators User /delete
That's it.



3 comments:

  1. Or, if File and Printer sharing is open to your workstation in the firewall, you should be able to open computer management, right click at the top of the tree, choose "connect to another computer" and then you can look at logs and manage users and groups among other things through the GUI. Didn't know if you knew that. -SC

    ReplyDelete
  2. Regardless, the psexec commands are always handy to know!

    ReplyDelete
  3. Yep, Ive done it both ways. The nice thing about psexec is that I can throw all my computer names in a text file and do many at once.

    ReplyDelete