Your PowerGUI Community: Simplify your PowerShell related GUI and script editing needs.


Script to disable 'annon*' local users on multiple servers (Citrix Servers)

This question is not answered
I'm looking for some PS script help because, well, I'm just learning and not very good yet. 
I would like to use a PS script that calls a csv file containing server names and then disables specific local users on each server.  These local users are installed during Citrix XenApp role install to provide support for optional anonymous users. The local anonymous accounts created on each server follow the name convention of 'anon001', 'anon002', etc... up through 'anon014'.  We currently have a significant # of servers and this wasn't done prior to creating our image in VMware so I need to go back and disable all of them on existing servers.

Thanks!
All Replies
  • Hello,
    try this:

    From here "http://gallery.technet.microsoft.com/scriptcenter/f75801e7-169a-4737-952c-1341abea5823" I got this function:

    Function Remove-LocalUser {   [CmdletBinding()]  Param(   [Parameter(Position=0,       Mandatory=$True,       ValueFromPipeline=$True)]   [string]$userName,   [string]$computerName = $env:ComputerName  )  $User = [ADSI]"WinNT://$computerName"  $user.Delete("User",$userName) } 
    $names = "anon001", "anon002", "anon003", "anon004", "anon005", "anon006", "anon007", "anon008", "anon009", "anon010", "anon011", "anon012", "anon013", "anon014"

    import-csv "path_to_csvfile" | foreach-object { $_=$pc; $names | foreach-object {
    Remove-LocalUser -username $_ -computername $pc
    }}

    Tell me if it worked.
  • Sorry I dont know what happened. Here it is once again:

    Function Remove-LocalUser {  
    [CmdletBinding()] 
    Param(   [Parameter(Position=0, Mandatory=$True, ValueFromPipeline=$True)]
      [string]$userName,  
      [string]$computerName = $env:ComputerName  ) 
    $User = [ADSI]"WinNT://$computerName" 
    $user.Delete("User",$userName)
    }

    $names = "anon001", "anon002", "anon003", "anon004", "anon005", "anon006", "anon007", "anon008", "anon009", "anon010", "anon011", "anon012", "anon013", "anon014"

    import-csv "path_to_csvfile" | foreach-object { $_=$pc; $names | foreach-object {

    Remove-LocalUser -username $_ -computername $pc

    }}
  • forgive my ignornace on this but the function looks like it's performing a delete as opposed to simply disabling the account.  is that correct or am I misunderstanding?

    thanks!
  • Hello dorz3l, your absolutely right! Please excuse my improper reading....

    so try this one:

    function Set-LocalUser
    {
     [CmdletBinding()]
     Param(
      [Parameter(Position=0,
          Mandatory=$True,
          ValueFromPipeline=$True)]
      [string]$userName,
      [Parameter(Position=1,
          Mandatory=$True,
          ValueFromPipeline=$True,
          ParameterSetName='EnableUser')]
      [string]$password,
      [Parameter(ParameterSetName='EnableUser')]
      [switch]$enable,
      [Parameter(ParameterSetName='DisableUser')]
      [switch]$disable,
      [string]$computerName = $env:ComputerName,
      [string]$description = "modified via powershell"
     )
     $EnableUser = 512 # ADS_USER_FLAG_ENUM enumeration value from SDK
     $DisableUser = 2  # ADS_USER_FLAG_ENUM enumeration value from SDK
     $User = [ADSI]"WinNT://$computerName/$userName,User"
     
     if($enable)
      {
          $User.setpassword($password)
          $User.description = $description
          $User.userflags = $EnableUser
          $User.setinfo()
      } #end if enable
     if($disable)
      {
          $User.description = $description
          $User.userflags = $DisableUser
          $User.setinfo()
      } #end if disable
    } #end function Set-LocalUser

    $names = "anon001", "anon002", "anon003", "anon004", "anon005", "anon006", "anon007", "anon008", "anon009", "anon010", "anon011", "anon012", "anon013", "anon014"

    import-csv "path_to_csvfile" | foreach-object { $_=$pc; $names | foreach-object {

    Set-LocalUser -username $_ -disable -computername $pc

    }}