Windows Tip Sheet
Out, Invalid Member!
Get rid of unwelcome administrators with this handy batch file.
Sometimes you wind up with invalid members of local Administrators groups in
your domain. You know, the ones that just show up as SIDs and not as actual
If this has happened to you, hie yourself over here
and get the excellent batch file to remove these irritating members. You can
run the batch from a WinXP or Win2003 box and target any computer in your domain
for remote-management fun.
Of course, if you're out to limit the valid members of the Administrators
group, there's an easier way: the Restricted Groups policy. My buddy Derek
Melber wrote a bit on it, which I'll link below, and please consider using
this. Over on ScriptingAnswers.com we get a lot of requests on how to write
scripts to add or remove such-and-such from the local Administrators group;
save yourself the time and the headache by using this fabulous built-in mechanism
If you just want to see who's in Administrators, pop over here
and run that batch file instead. Good stuff.
Don Jones is a multiple-year recipient of Microsoft’s MVP Award, and is an Author/Evangelist for video training company Pluralsight. Don is also a co-founder and President of PowerShell.org, a community dedicated to Microsoft’s Windows PowerShell technology. Don has more than two decades of experience in the IT industry, and specializes in the Microsoft business technology platform. He’s the author of more than 50 technology books, an accomplished IT journalist, and a sought-after speaker and instructor at conferences worldwide. Reach Don on Twitter at @concentratedDon, or on Facebook at Facebook.com/ConcentratedDon.