$ScriptDir = Split-Path -Path $MyInvocation.MyCommand.Definition -Parent $CarbdllPath = "$ScriptDirCarbon.dll" [void][System.Reflection.Assembly]::LoadFile( $CarbdllPath ) $LimtlocalUserGroup = "LogonUser" $DenylocalUserGroup = "Users" $Privilege = "SeInteractiveLogonRight" $LocalGroups = Get-WMIObject win32_group -filter "LocalAccount='True'" $GetAdministrsUsers = Net localgroup Administrators | ?{$_} | select -Skip 4 $GetUsers = Net localgroup Users | ?{$_} | select -Skip 4 $AllLimtUser = $GetAdministrsUsers + $GetUsers |Sort-Object -Unique | ?{$_ -like "AAC*" -and $_ -notlike "*Users*" -and $_ -notlike "*admin*" } if ($LocalGroups.name -notcontains $LimtlocalUserGroup ) { net localgroup $LimtlocalUserGroup /add | Out-Null foreach ( $User in $AllLimtUser ) { net localgroup $LimtlocalUserGroup $user /add | out-null } } else { $GetLogonUser = Net localgroup $LimtlocalUserGroup | ?{$_ -like "AAC*"} foreach ($user in $AllLimtUser) { if ($GetLogonUser -notcontains $user) { net localgroup $LimtlocalUserGroup $User /add | Out-Null } } if ($GetLogonUser -contains "AACDomain Users") { net localgroup $LimtlocalUserGroup "AACDomain Users" /Delete | Out-Null } } [Carbon.Security.Privilege]::GrantPrivileges( $LimtlocalUserGroup , $Privilege ) [Carbon.Security.Privilege]::RevokePrivileges( $DenylocalUserGroup , $Privilege ) Return 10009