Clearing out a local group
I am trying to clear out my SophosAdministrators group so I can re-populate it as desired. I am trying to execute this command:
for /F %%i in ("net localgroup SophosAdministrator") do net localgroup SophosAdministrator %%i /delete
However it fails and gives this error:
---Begin Error Message---
C:\Windows\AdminArsenal\PDQDeployRunner\service-1\exec>for /F %i in ("net localgroup SophosAdministrator") do net localgroup SophosAdministrator %i /delete
C:\Windows\AdminArsenal\PDQDeployRunner\service-1\exec>net localgroup SophosAdministrator net /delete
There is no such global user or group: net.
More help is available by typing NET HELPMSG 3783.
---End Error Message---
I am not certain where/how it is grabbing "net" as a user. Any input will help.
Comments
It looks like there might be some quotation issues. Rather than double-quotes, use single quotes. Technically, the double-quotes on the example below (i.e. "SophosAdministrator" aren't necessary, but I like consistency.
I tested this out on a few machines with good results, though Deploy shows it failed (I ran it as a deployment using a Command Step) and returned an error code 2. This is likely because the command is wonky, but it worked to remove the users from my test group.
I solved in a similar way.
for /F %%i in (^'net localgroup Administrators^') do net localgroup Administrators %%i /delete
It is wonky in a sense. It tries to delete a couple users that do not exist:
Alias
Comment
Members
---------------------------------------------------------------------
All appear to be header information if you list a group via command line.
Another thing, is it tries to delete the local admin account, which is in fact in the group, however you just cannot remove the built-in admin.
But I agree, the result is what is expected. Just the path to get there is not as clean as it should be. But there is not way to pull this off another way that is cleaner or nearly as efficient if you are changing membership on 1000 workstations. :-)
Thank you for your reply!
My apology, that was for my local admins. However, the Sophos Admins is the same command with a different group. But the results are the same except it doesn't fuss about built-in accounts.
Excellent, and thanks for the additional information. I'm glad you found a solution that works as well. Either way you run it, they're strange commands, but so long as it works regardless of the weird/nonsensical entries in the output log, it's great, especially on a 1,000 workstations.