locked
Disable all Local User via GPO except Local Administrator RRS feed

  • Question

  • Dear All,

    I have around 100 Window XP & some Window 7 & vista Computer.

    Earlier all the computer was in workgroup and now i have join that computer to Domain.

    I want to disable all Local User except Local Administrator.

    Is there any method do that via GP


    Thanks & Regards,
    Param
    www.paramgupta.blogspot.com

    Monday, April 9, 2012 2:09 PM

Answers

All replies

  • Check out this below VB scripts which might be helpful to you.

    http://gallery.technet.microsoft.com/scriptcenter/47ad1824-5af7-451e-a9f5-f6dd90421394

    Regards,

    _Prashant_


    MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    • Proposed as answer by Server Engineer Tuesday, April 10, 2012 7:47 AM
    • Marked as answer by Param022012 Tuesday, April 10, 2012 7:50 AM
    Monday, April 9, 2012 2:20 PM
  • Hi,

    Thanks for your posting.

    Script mentioned in above is exactly what you need.

    '*************************************************
    ' File:		Disable Local User Accounts.vbs
    ' Author:	Andrew Barnes
    ' version: 	1.0 Date: 07 September 2009 By : Andrew D Barnes
    ' Lists local accounts and disables all except local admin and ASPNET
    '*************************************************
    
    Set objShell = CreateObject("Wscript.Shell")
    Set objNetwork = CreateObject("Wscript.Network")
    
    strComputer = objNetwork.ComputerName
    
    Set colAccounts = GetObject("WinNT://" & strComputer & "")
    
    colAccounts.Filter = Array("user")
        Message = Message & "Local User accounts:" & vbCrLf & vbCrLf
    
    For Each objUser In colAccounts
    
    	If objUser.Name <> "Administrator" AND objUser.Name <> "ASPNET" Then
    			Message = Message & objUser.Name
    			If objUser.AccountDisabled = TRUE then
    			 	Message = Message & " is currently disabled" & vbCrLf
    			Else
    				Message = Message & " was enabled" & vbCrLf
    				objUser.AccountDisabled = True
    				objUser.SetInfo
    			End if
        End If
    
    Next
    
    ' Initialize title text.
    Title = "Local User Accounts By Andrew Barnes"
    objShell.Popup Message, , Title, vbInformation + vbOKOnly

    Save the script to a .vbs file and deploy it to a startup script or user logon script.

    You can configure it at:

    GPO-->Computer Configuration-->Windows Settings-->Script-->Startup

    Or

    GPO-->User Configuration-->Windows Settings-->Script-->Logon

    For more information please refer to following MS articles:

    Startup, shutdown, logon, and logoff scripts
    http://technet.microsoft.com/en-us/library/cc739591(v=WS.10).aspx
    Create System Startup / Shutdown and User Logon / Logoff Scripts
    http://technet.microsoft.com/en-us/magazine/dd630947.aspx


    Lawrence

    TechNet Community Support


    Tuesday, April 10, 2012 6:10 AM
    Moderator