1

I'm trying to delete all users from the Group Users from the computer except the NT Authority accounts. I want to get the list of users from the Group Users, and use that list to delete the profiles from the computer.

I'm not an PowerShell expert, so this is not my strong side.

$users = Get-LocalGroupMember Users
ForEach ($user in $users) {
     Remove-LocalUser -Name $user
}

Only the names from Get-LocalGroupMember don't seem to match with what Remove-LocalUser will delete, any solution?

SimonS
  • 8,924
  • 5
  • 28
  • 48
Jordi van Deerse
  • 21
  • 4

1 Answers1

2

If you run Get-LocalGroupMember Users | fl * you can see all the properties that the cmdlet returns.

PS C:\WINDOWS\system32> Get-LocalGroupMember Users | fl *

Name            : NT-AUTORITÄT\Authentifizierte Benutzer
SID             : S-1-5-11
PrincipalSource : Unknown
ObjectClass     : Gruppe

Name            : NT-AUTORITÄT\INTERAKTIV
SID             : S-1-5-4
PrincipalSource : Unknown
ObjectClass     : Gruppe

Name            : SimonS\abctest
SID             : S-1-5-21-3159913292-2406416548-3156803696-1008
PrincipalSource : Local
ObjectClass     : Benutzer

And if you run Get-Help Remove-LocalUser you can see in the syntax section, that there is one ParameterSet that accepts an SID, which fits our needs because we got that in our return.

PS C:\WINDOWS\system32> Get-Help Remove-LocalUser
    
SYNTAX
    Remove-LocalUser [-InputObject] <LocalUser[]> [-Confirm] [-WhatIf] [<CommonParameters>]
    
    Remove-LocalUser [-Name] <String[]> [-Confirm] [-WhatIf] [<CommonParameters>]
    
    Remove-LocalUser [-SID] <SecurityIdentifier[]> [-Confirm] [-WhatIf] [<CommonParameters>]

What this means is that we can take the SID that Get-LocalGroupMember returns, and use it on Remove-LocalUser

So This should do the trick (run it in an elevated PowerShell):

Get-LocalGroupMember Users | Where { $_.PrincipalSource -eq 'Local' } | Foreach { Remove-LocalUser -SID $_.SID }

As you can see I have a Where-Object in the command above. This should make sure, that you only delete Local Users, so the NT-Authority ones should not be deleted. Anyhow I don't assume you could even delete them that easily.

As to Why it does not work with the Name Property: Get-LocalGroupMember seems to return the Name in this format Computer\UserName while Remove-LocalUser seems to only accept the format UserName

SimonS
  • 8,924
  • 5
  • 28
  • 48
  • Thanks, this works! Awesome! And if I want to delete the folders belonging to those people as well? – Jordi van Deerse Jan 29 '21 at 11:37
  • @JordivanDeerse you can look for that in this answer on stackoverflow. https://stackoverflow.com/questions/48384178/delete-local-user-home-dir-powershell you'll just need to `(Get-WmiObject Win32_UserProfile -Filter "sid='$($_.SID)'").delete()` before the `Remove-LocalUser` – SimonS Jan 29 '21 at 13:02
  • Thanks a lot, I was also wondering. How would I run this script from outside the Powershell ISE environment. I want this to run every so often at (most) the click of a button like a .bat, .ps1 or .exe file. I notice it only works inside the Powershell ISE environment, but it would be cool to run it as script at the click of a button. No to go to that environment. Thanks in advance! :) – Jordi van Deerse Feb 01 '21 at 18:54
  • @JordivanDeerse lots of ways. see here: https://stackoverflow.com/questions/2035193/how-to-run-a-powershell-script. or just google "how to run a PowerShell Script". can you accept this answer as solved by clicking the checkmark icon? – SimonS Feb 02 '21 at 05:53
  • Yes, thanks a lot for your help! – Jordi van Deerse Feb 02 '21 at 08:28