Disable all Local User via GPO except Local Administrator RRS feed

  • Question

  • Dear All,

    I have around 100 Window XP & some Window 7 & vista Computer.

    Earlier all the computer was in workgroup and now i have join that computer to Domain.

    I want to disable all Local User except Local Administrator.

    Is there any method do that via GP

    Thanks & Regards,

    Monday, April 9, 2012 2:09 PM


All replies

  • Check out this below VB scripts which might be helpful to you.




    MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    • Proposed as answer by Server Engineer Tuesday, April 10, 2012 7:47 AM
    • Marked as answer by Param022012 Tuesday, April 10, 2012 7:50 AM
    Monday, April 9, 2012 2:20 PM
  • Hi,

    Thanks for your posting.

    Script mentioned in above is exactly what you need.

    ' File:		Disable Local User Accounts.vbs
    ' Author:	Andrew Barnes
    ' version: 	1.0 Date: 07 September 2009 By : Andrew D Barnes
    ' Lists local accounts and disables all except local admin and ASPNET
    Set objShell = CreateObject("Wscript.Shell")
    Set objNetwork = CreateObject("Wscript.Network")
    strComputer = objNetwork.ComputerName
    Set colAccounts = GetObject("WinNT://" & strComputer & "")
    colAccounts.Filter = Array("user")
        Message = Message & "Local User accounts:" & vbCrLf & vbCrLf
    For Each objUser In colAccounts
    	If objUser.Name <> "Administrator" AND objUser.Name <> "ASPNET" Then
    			Message = Message & objUser.Name
    			If objUser.AccountDisabled = TRUE then
    			 	Message = Message & " is currently disabled" & vbCrLf
    				Message = Message & " was enabled" & vbCrLf
    				objUser.AccountDisabled = True
    			End if
        End If
    ' Initialize title text.
    Title = "Local User Accounts By Andrew Barnes"
    objShell.Popup Message, , Title, vbInformation + vbOKOnly

    Save the script to a .vbs file and deploy it to a startup script or user logon script.

    You can configure it at:

    GPO-->Computer Configuration-->Windows Settings-->Script-->Startup


    GPO-->User Configuration-->Windows Settings-->Script-->Logon

    For more information please refer to following MS articles:

    Startup, shutdown, logon, and logoff scripts
    Create System Startup / Shutdown and User Logon / Logoff Scripts


    TechNet Community Support

    Tuesday, April 10, 2012 6:10 AM