Most of the users in our enterprise are currently local admins on their machines.  The time has come to change that.  A simple "net localgroup Administrators /delete %USERNAME%" command in a batch file would seem to work, but I haven't been able to figure out how to deploy it with elevated privileges.  Anyone have any ideas or sample scripts on how to remove a user's local admin rights using Kace?

Answer Summary:
0 Comments   [ - ] Hide Comments


Please log in to comment

Answer this question or Comment on this question for clarity



I'd use group policy if possible. It's made for tasks like that. You can enforce local group memberships.

Answered 02/21/2013 by: Ifan
Second Degree Green Belt

  • I agree
  • I would use GPO for it aswell. My solution is simply for running something with elevated rights.
Please log in to comment

The easiest way I found was using Windows Key + R to open Run.

I used autoit in this case to run it.

Then it will run with elevated rights.

Answered 02/21/2013 by: paul.theelen
Orange Senior Belt

  • Great solution - I love AutoIT. Mind sharing your script code to save others time?

    • Here you go

      Func RunCMDElevatedRights()
      ;Run cmd with elevated rights.
      Send('cmd.exe /k "C:\Program Files (x86)\Test.bat"')
  • Excellent, thanks!

Please log in to comment

If you are deploying the batch file via KACE then you can run as local system. 

Is it giving a privilege error using it this way?

Answered 02/21/2013 by: jdornan
Red Belt

Please log in to comment

It would need to be an online kscript that uses the "run as" option to supply a user with admin rights.  From there, you can have it deploy your batch script once you have it working outside of the K1000.

This custom inventory rule would show what local admins are on the systems: http://www.itninja.com/blog/view/howto-create-a-custom-inventory-rule-to-show-all-local-administrators

 Edited to add:  I agree with those above, group policy would be a much better option.  That said, the K1000 can distribute that as well if necessary.

Answered 02/21/2013 by: jknox
Red Belt

Please log in to comment