I spent part of the workday making a script to perform two tasks on all machines at a particular client site:
- Remove a specific named user from the local “Administrators” group on a PC.
- Remove that user from the PC entirely.
Since I’ve been moving toward using PowerShell rather than various (potentially abandonware) utilities for handling command-line scripted jobs, I looked into if there were simple commands to perform those two tasks. Good news! Remove-LocalGroupMember and Remove-LocalUser exist!
The bad news? Microsoft’s documentation for both of those “cmdlets” stresses the fact that if you are on a 64-bit version of Windows and you try to use them in a 32-bit console, those cmdlets aren’t available at all.
Guess whose RMM system hasn’t yet gotten around to making 64-bit agent software? Surprise, that’d be ConnectWise’s “Automate” product. What does this mean? It means that the Automate agent’s “commands” are sent to a 32-bit console. Exactly what I don’t want.
Not to worry, however: With some testing I found that I can invoke PowerShell 7 (which lives separately from the “native” installed PowerShell) via the remote agent and those cmdlets are available! A heck of a workaround, but I’ll take what I can get. On the downside, the client for whom I needed this script didn’t yet have PowerShell 7 installed, not on any of their machines. This led to some time spent figuring out a fix for the PS7 installers not downloading reliably from our S3-compatible bucket. (Oh hey, Github links direct to the PS7 MSIs, thanks for existing.)
So… with PS7 deployed to the client’s machines (after I updated some automation to make sure all clients’ machines will get the PS7 product and/or update) I successfully ran my new script to eradicate the unwanted user account. A day well spent.