# 'S-1-5-32-544' is the SID of the local 'Administrators' group.
# The groups 'Domain Admins' and 'Enterprise Admins' are members of the local
# 'Administrators' group if the computer is connected to an AD domain.
if ( [Security.Principal.WindowsIdentity]::GetCurrent( ).Groups -contains 'S-1-5-32-544' ) {
	Write-Error "This login script must NOT be executed by members of the Administrators group." -ErrorAction Stop
}