Windows Tip Sheet

Out, Invalid Member!

Get rid of unwelcome administrators with this handy batch file.

Sometimes you wind up with invalid members of local Administrators groups in your domain. You know, the ones that just show up as SIDs and not as actual user names?

If this has happened to you, hie yourself over here and get the excellent batch file to remove these irritating members. You can run the batch from a WinXP or Win2003 box and target any computer in your domain for remote-management fun.

Of course, if you're out to limit the valid members of the Administrators group, there's an easier way: the Restricted Groups policy. My buddy Derek Melber wrote a bit on it, which I'll link below, and please consider using this. Over on we get a lot of requests on how to write scripts to add or remove such-and-such from the local Administrators group; save yourself the time and the headache by using this fabulous built-in mechanism instead.

If you just want to see who's in Administrators, pop over here and run that batch file instead. Good stuff.

Additional Resources:

About the Author

Don Jones is a multiple-year recipient of Microsoft’s MVP Award, and is an Author/Evangelist for video training company Pluralsight. Don is also a co-founder and President of, a community dedicated to Microsoft’s Windows PowerShell technology. Don has more than two decades of experience in the IT industry, and specializes in the Microsoft business technology platform. He’s the author of more than 50 technology books, an accomplished IT journalist, and a sought-after speaker and instructor at conferences worldwide. Reach Don on Twitter at @concentratedDon, or on Facebook at

comments powered by Disqus
Most   Popular

SharePoint Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.