While you can create vbs for it, such a simple task can be performed on the server itself.
If you have "file.csv" with machine and user names, you can run from command line:
for /f "tokens=1,2 delims=," %i in (file.csv) do (
sbadmcl.exe -command:RemoveUser -database:DATABASE -machine:%i -user:%j -adminuser:ADMIN -adminpwd:PASSWORD
from the server running a command line of :
for /f "tokens-1,2 delims=," %i in users.csv do (sbadmcl.exe -command:RemoveUser -database:EEPCEnterprise -machine:%j -adminuser:admin - adminpwd:password)
will read the users.csv file and iterate through every machine in the database looking for userIDs which start with a $ and remove all it finds?
Does the .csv file need to have any machine names in it or can I just have one line with the userID to remove = to $* ?
Also, I have multiple groups, I only want to run this on a specific group of machines.
p.s. - attached shows a sample of the type of userIDs I want to remove on all machines. I don't know which userids are assigned to any specific machine.
EEPCusers.jpg 57.1 K
1 of 1 people found this helpful
Unfortunately you must be explicit with machine and user names.
You can preprocess information obtained from group, to find out all necessary combinations.
sbadmcl.exe -command:DumpMachineUsers -database:EEPCEnterprise -group:MACHINEGROUP -adminuser:admin - adminpwd:password -file:allusers.txt
When processing "allusers.txt" file instead of "users.csv", perform some condition check on user field, prior to RemoveUser part.
since we can find users in the Manager Console with a wildcard, will I also be able to pass a wild card value for the userID as $* from the allusers.txt file to sbadmcl ?
also, is there any documentation about: for /f "tokens-1,2 delims=" %i in .... do ( ) command ?
Google "batch for", for instructions on the FOR command in batch files.
Personally, I prefer to use .vbs to build the sbadmcl command-string, then issue it using objShell.run.
That also allows me to obfuscate the admin credentials.
Here is the code, put it in batch, replace DATABASE, GROUP, ADMIN, PASSWORD and run it.
@echo off SETLOCAL EnableDelayedExpansion sbadmcl.exe -command:DumpMachineUsers -database:"DATABASE" -group:"GROUP" -adminuser:ADMIN -adminpwd:PASSWORD -file:allusers.txt for /f "tokens=1,2 delims=," %%i in (allusers.txt) do ( set var=%%j set var=!var:~0,1! if "!var!"=="$" (sbadmcl.exe -command:RemoveUser -database:"DATABASE" -machine:"%%i" -user:"%%j" -adminuser:ADMIN -adminpwd:PASSWORD) )
using this technique I successfully cleaned up 2,704 machines today in about 15 minutes. Thanks for the help !!
why did'nt you just delete the users themselves? I'm not sure I understand why you would unset them from machines, but leave them in EEM?
The names I needed removed from machines are the userIDs for computer technicians who originally built the machines some time ago, (up to as long as 12-18months). We utilized our technicians from various locations around the state to deploy a managed desktop. In the end, these technicians will very likely never again need to provide any type of support on the machines they deployed because of the geographic distance. i.e. we had technicians travel from the Upper Peninsula of Michigan to Detroit to deploy upwards of 300-400 machines in a weekend, multiple times. When they did that they logged into Windows with their AD admin accounts, there by leaving their cached profile on the machine(s). This was before we purchased SafeBoot. As we're deploying the EEPC client with Autodomain.vbs, it is working almost perfectly to add these Windows profiles to the machine object in the EEPC Manager Console - machines which the same technicians will never be supporting. We have asked and even told the techs (who have access to the Manager Console) to remove their own IDs from these machines, but pulling teeth is easiter it appears.
So in the interest of keeping network traffic to a minimum and the number of userIDs assigned to machines in check for general security practices, we wanted them removed. I didn't have time to individually examine each machine and manually remove them. I've been doing that, but losing ground over time.
We left them in EEM because they also have EEPC encrypted laptops they use daily so deleting them would have created a different problem.