Remove All Local Admins from Local Administrators Group on a Workstation
This little script removes all local admins from a machine’s Administrators group, except the built-in Administrator and “Domain Admins” if the machine is on a domain. Just save this as a PowerShell script and then run it on the machine of your choice.
$LocalDomain = $env:USERDOMAIN
$DomainAdmins = "$LocalDomain\Domain Admins"
$ComputerName = $env:COMPUTERNAME
$OEMAdministrator = "$ComputerName\Administrator"
Get-LocalGroupMember Administrators | ForEach-Object {
$UserName = $\_.Name
"Found: $UserName"
If (($UserName -ne $DomainAdmins) -and ($UserName -ne $OEMAdministrator)) {
"Removing $UserName from local Administrators group."
Remove-LocalGroupMember -Group Administrators -Member $UserName}
""
}