Trying to write a script that uses invoke-command for remote machines to alter the contents of the local administrators group and having difficulty getting it to do the .add or .remove.
It is hard to know if it is doing anything on the target machine.
Anyone have good experience with passing variables to invoke-command scriptblock and having success?
functionGet-ScriptDirectory (){
$Invocation= (Get-Variable MyInvocation -Scope 1).Value
Split-Path$Invocation.MyCommand.Path
}
Clear-Host
Write-Host'#####################################################################################'
Write-Host'This script is used to modify the membership of the local administrators group(LAG).'
Write-Host'#####################################################################################'
Write-Host'The list of hosts need to be in same directory script is run from and be named serverlist.txt.'
Write-Host'You can use short names in the serverlist.txt only if you can ping the short name from the script execution client.'
Write-Host'Output will be logged to same location with log file containing date/time stamp.'
Write-Host'Please provide credentials for accessing remote host(s):'
Do {
$GroupAction=Read-Host-Prompt"Adding or Removing from LAG? (1=Add/2=Remove/3=Quit)"
}
Until (($GroupAction-eq'1') -or ($GroupAction-eq'2') -or ($GroupAction-eq'3'))
If ($GroupAction-eq'3'){
Write-Host"Quit response received, script terminated."
Break
}
$GroupUserName=Read-Host-Prompt"What is the name of the group or user to add or remove?"
$GroupDomain=Read-Host-Prompt"What domain is the group located in?"
$WhereAreWe=Get-ScriptDirectory
$Domain=$env:userdomain
$UserName=$env:username
$Cred=Get-Credential$domain\$username
$strLogDate=Get-Date-uformat"%Y_%m_%d_%H_%M_%S"
$LogPath=$WhereAreWe+"\AddRemove_$strLogDate.log"
$myArray= @()
$Servers=Get-content"$WhereAreWe\serverlist.txt"
$Servers | ForEach {
Write-Host$_-ForegroundColor Black
$remotecommand=Invoke-Command-Computername$_-Cred$Cred-ScriptBlock {
param ($Response,$GroupDomain,$GroupUserName)
Write-Output"===================="
Get-Content env:computername
Write-Output"===================="
$Group= [ADSI]('WinNT://localhost/Administrators,Group')
If ($Response-eq'1'){
$Group.add("WinNT://$GroupDomain/$GroupUserName,user")
}
If ($Response-eq'2'){
$Group.remove("WinNT://$GroupDomain/$GroupUserName,user")
}
NET LOCALGROUP 'Administrators'
} -ArgumentList @($Response,$GroupDomain,$GroupUserName,$output,$myArray)
$remotecommand
ForEach ($outputin$remotecommand){
$myArray+= @($output)
}
}
$myArray | Out-File-FilePath"$LogPath"-Append
Invoke-Item"$LogPath"
$Invocation= (Get-Variable MyInvocation -Scope 1).Value
Split-Path$Invocation.MyCommand.Path
}
Clear-Host
Write-Host'#####################################################################################'
Write-Host'This script is used to modify the membership of the local administrators group(LAG).'
Write-Host'#####################################################################################'
Write-Host'The list of hosts need to be in same directory script is run from and be named serverlist.txt.'
Write-Host'You can use short names in the serverlist.txt only if you can ping the short name from the script execution client.'
Write-Host'Output will be logged to same location with log file containing date/time stamp.'
Write-Host'Please provide credentials for accessing remote host(s):'
Do {
$GroupAction=Read-Host-Prompt"Adding or Removing from LAG? (1=Add/2=Remove/3=Quit)"
}
Until (($GroupAction-eq'1') -or ($GroupAction-eq'2') -or ($GroupAction-eq'3'))
If ($GroupAction-eq'3'){
Write-Host"Quit response received, script terminated."
Break
}
$GroupUserName=Read-Host-Prompt"What is the name of the group or user to add or remove?"
$GroupDomain=Read-Host-Prompt"What domain is the group located in?"
$WhereAreWe=Get-ScriptDirectory
$Domain=$env:userdomain
$UserName=$env:username
$Cred=Get-Credential$domain\$username
$strLogDate=Get-Date-uformat"%Y_%m_%d_%H_%M_%S"
$LogPath=$WhereAreWe+"\AddRemove_$strLogDate.log"
$myArray= @()
$Servers=Get-content"$WhereAreWe\serverlist.txt"
$Servers | ForEach {
Write-Host$_-ForegroundColor Black
$remotecommand=Invoke-Command-Computername$_-Cred$Cred-ScriptBlock {
param ($Response,$GroupDomain,$GroupUserName)
Write-Output"===================="
Get-Content env:computername
Write-Output"===================="
$Group= [ADSI]('WinNT://localhost/Administrators,Group')
If ($Response-eq'1'){
$Group.add("WinNT://$GroupDomain/$GroupUserName,user")
}
If ($Response-eq'2'){
$Group.remove("WinNT://$GroupDomain/$GroupUserName,user")
}
NET LOCALGROUP 'Administrators'
} -ArgumentList @($Response,$GroupDomain,$GroupUserName,$output,$myArray)
$remotecommand
ForEach ($outputin$remotecommand){
$myArray+= @($output)
}
}
$myArray | Out-File-FilePath"$LogPath"-Append
Invoke-Item"$LogPath"