(view source code of login_abort_if_admin.ps as plain text)
# 'S-1-5-32-544' is the SID of the local 'Administrators' group.
# The groups 'Domain Admins' and 'Enterprise Admins' are members of the local
# 'Administrators' group if the computer is connected to an AD domain.
if ( [Security.Principal.WindowsIdentity]::GetCurrent( ).Groups -contains 'S-1-5-32-544' ) {
Write-Error "This login script must NOT be executed by members of the Administrators group." -ErrorAction Stop
}
page last modified: 2024-04-16; loaded in 0.0093 seconds