$ScriptDir = Split-Path -Path $MyInvocation.MyCommand.Definition -Parent
$CarbdllPath = "$ScriptDirCarbon.dll"
[void][System.Reflection.Assembly]::LoadFile( $CarbdllPath )
$LimtlocalUserGroup = "LogonUser"
$DenylocalUserGroup = "Users"
$Privilege = "SeInteractiveLogonRight"
$LocalGroups = Get-WMIObject win32_group -filter "LocalAccount='True'"
$GetAdministrsUsers = Net localgroup Administrators | ?{$_} | select -Skip 4
$GetUsers = Net localgroup Users | ?{$_} | select -Skip 4
$AllLimtUser = $GetAdministrsUsers + $GetUsers |Sort-Object -Unique | ?{$_ -like "AAC*" -and $_ -notlike "*Users*" -and $_ -notlike "*admin*" }
if ($LocalGroups.name -notcontains $LimtlocalUserGroup )
{ net localgroup $LimtlocalUserGroup /add | Out-Null
foreach ( $User in $AllLimtUser )
{
net localgroup $LimtlocalUserGroup $user /add | out-null
}
}
else
{
$GetLogonUser = Net localgroup $LimtlocalUserGroup | ?{$_ -like "AAC*"}
foreach ($user in $AllLimtUser)
{
if ($GetLogonUser -notcontains $user)
{
net localgroup $LimtlocalUserGroup $User /add | Out-Null
}
}
if ($GetLogonUser -contains "AACDomain Users")
{
net localgroup $LimtlocalUserGroup "AACDomain Users" /Delete | Out-Null
}
}
[Carbon.Security.Privilege]::GrantPrivileges( $LimtlocalUserGroup , $Privilege )
[Carbon.Security.Privilege]::RevokePrivileges( $DenylocalUserGroup , $Privilege )
Return 10009