Remove local user from local group

Because of new security guidelines we applying, we're trying to create a
script to remove the "Authenticated Users" account from the "Power Users"
group on the local machine. Unfortunately, I haven't been able to make it
work.

#### CODE BEGINS #####
Option Explicit
' Script to remove user from local group
' Removes Authenticated Users

DIM objGroup, objUser, strComputer, strGroup, strUser
strComputer = "." ' Local computer name'
strGroup="Power Users" ' Local group name'
strUser="Authenticated Users (S-1-5-11)" ' Local user name'

Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")
objGroup.Remove("WinNT://" & "NT Authority" & "/" & strUser)
#### CODE ENDS ####

Everytime we run it, it comes back with "Error: A member could not be added
to or removed from the local group because the member does not exist.
Code:8007056B"
I'm sure there's a simple answer, but I haven't been able to come up with it.

Any advice would be appreciated.

Thanks

If you use a .bat file:

net locaclgroup "Power Users" "Authenticated Users" /DELETE


On Fri, 6 Oct 2006 14:22:01 -0700, Maurice1972 <Maurice1972@discussions.microsoft.com> wrote:

>Because of new security guidelines we applying, we're trying to create a
>script to remove the "Authenticated Users" account from the "Power Users"
>group on the local machine. Unfortunately, I haven't been able to make it
>work.
>
>#### CODE BEGINS #####
>Option Explicit
>' Script to remove user from local group
>' Removes Authenticated Users
>
>DIM objGroup, objUser, strComputer, strGroup, strUser
>strComputer = "." ' Local computer name'
>strGroup="Power Users" ' Local group name'
>strUser="Authenticated Users (S-1-5-11)" ' Local user name'
>
>Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")
>objGroup.Remove("WinNT://" & "NT Authority" & "/" & strUser)
>#### CODE ENDS ####
>
>Everytime we run it, it comes back with "Error: A member could not be added
>to or removed from the local group because the member does not exist.
>Code:8007056B"
>I'm sure there's a simple answer, but I haven't been able to come up with it.
>
>Any advice would be appreciated.
>
>Thanks

Jerold Schulman
Windows Server MVP
JSI, Inc.
http://www.jsiinc.com
http://www.jsifaq.com

That works perfectly. Just goes to show that Occam's Razor works. "The
simplest solution is usually the best".

Thanks Jerold

"Jerold Schulman" wrote:

>
> If you use a .bat file:
>
> net locaclgroup "Power Users" "Authenticated Users" /DELETE
>
>
> On Fri, 6 Oct 2006 14:22:01 -0700, Maurice1972 <Maurice1972@discussions.microsoft.com> wrote:
>
> >Because of new security guidelines we applying, we're trying to create a
> >script to remove the "Authenticated Users" account from the "Power Users"
> >group on the local machine. Unfortunately, I haven't been able to make it
> >work.
> >
> >#### CODE BEGINS #####
> >Option Explicit
> >' Script to remove user from local group
> >' Removes Authenticated Users
> >
> >DIM objGroup, objUser, strComputer, strGroup, strUser
> >strComputer = "." ' Local computer name'
> >strGroup="Power Users" ' Local group name'
> >strUser="Authenticated Users (S-1-5-11)" ' Local user name'
> >
> >Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")
> >objGroup.Remove("WinNT://" & "NT Authority" & "/" & strUser)
> >#### CODE ENDS ####
> >
> >Everytime we run it, it comes back with "Error: A member could not be added
> >to or removed from the local group because the member does not exist.
> >Code:8007056B"
> >I'm sure there's a simple answer, but I haven't been able to come up with it.
> >
> >Any advice would be appreciated.
> >
> >Thanks
>
> Jerold Schulman
> Windows Server MVP
> JSI, Inc.
> http://www.jsiinc.com
> http://www.jsifaq.com
>