Temporarily upgrade a Standard user to Admin user and then downgrade it.
- 27 Sep 2023
- 3 Minutes to read
- Print
- PDF
Temporarily upgrade a Standard user to Admin user and then downgrade it.
- Updated on 27 Sep 2023
- 3 Minutes to read
- Print
- PDF
Article Summary
Share feedback
Thanks for sharing your feedback!
These PowerShell scripts allow Admin to temporarily elevate a local Standard User to an administrator on a device and then downgrade the same user to a Standard user.
There are two ways an Admin can choose to elevate Standard User to Admin and then downgrade after some time. Below are the 2 PowerShell scripts to achieve this.
PowerShell Script 1
This script takes two inputs, the name of the standard user who is supposed to be elevated and the duration (in minutes) for which the user will be an admin before being downgraded back to a standard user.
- Create a file on your desktop, for example, elevate_std_user_to_admin_temporairly.ps1 and open it in a text editor like notepad++
- Copy the contents below to the file or click here to download the file.Shell
#Script to temporarily elevate local standard user to admin on device #Input: Specify name of standard user who is supposed to be elevated $Username = "user_name" #Input: Specify how long (in mins) this user will be Admin and then will be downgraded $DurationInMins = 00_min #<----Script Code (Don't Modify) # Get members of local administrators group $isInGroup = (Get-LocalGroupMember 'Administrators').Name -contains $user if($isInGroup) #user is already part of Admin group { Write-Output "user is already part of Admin group" } else { Write-Output "Adding user to Admin group" Add-LocalGroupMember -Group "Administrators" -Member $Username $DurationInSecs = $DurationInMins * 60 Write-Output "Waiting for '$DurationInSecs' secs" Start-Sleep -Seconds $DurationInSecs Write-Output "Removing user from Admin group" Remove-LocalGroupMember -Group "Administrators" -Member $Username } #----> - The script first checks if the user is already part of the local Administrators group. If the user is already part of the group, the script prints a message saying so.
- Otherwise, the script adds the user to the local Administrators group using the Add-LocalGroupMember cmdlet.
- The script then calculates the duration in seconds and waits for that duration using the Start-Sleep cmdlet.
- After the duration is over, the script removes the user from the local Administrators group using the Remove-LocalGroupMember cmdlet.
- Replace "user_name" with the name of the Standard User who is supposed to be elevated. For example:Shell
$Username = "TestUser" - Replace 00_min with the time duration (in mins) on how long this user will be Admin and then will be downgraded. For example:Shell
$DurationInMins = 15 - Do not change any other fields in the script.
- Follow our guide to upload & publish the PowerShell script using Scalefusion Dashboard.
- Once the script is successfully executed, you will be able to see the status of the same in the View Status report on the Scalefusion dashboard.
This script only elevates the user to local administrator privileges and does not grant any additional privileges beyond what a local administrator can do.
PowerShell Script 2
The following two scripts work in two phases.
- Deploy the first script to elevate the Standard User to Admin.
- Create a file on your desktop, for example, change_std_user_to_admin.ps1 and open it in a text editor like notepad++
- Copy the contents below to the file or click here to download the file.Shell
$User = "user_name" Add-LocalGroupMember -Group "Administrators" -Member $User - This script adds a specified user to the local Administrators group using the Add-LocalGroupMember cmdlet. This effectively elevates the user to a local administrator on the device.
- Replace "user_name" with the name of the Standard User who is supposed to be elevated. For example:Shell
$User = "TestUser" - Once work is done, deploy the second script to downgrade the user back to Standard User.
- Create a file on your desktop, for example, downgrade_admin_user.ps1 and open it in a text editor like notepad++
- Copy the contents below to the file.Shell
$User = "user_name" Remove-LocalGroupMember -Group "Administrators" -Member $User - This script removes a specified user from the local Administrators group using the Remove-LocalGroupMember cmdlet. This effectively downgrades the user from a local administrator to a standard user on the device.
- Replace "user_name" with the name of the Standard User who is supposed to be downgraded. For example:Shell
$User = "TestUser" - Follow our guide to upload & publish the PowerShell script using Scalefusion Dashboard.
- If the scripts are successfully executed, you will be able to see the status of the same in the View Status report on the Scalefusion dashboard.
Please note that to use the PowerShell scripts, the Scalefusion MDM Agent Application must be installed on the device(s). Please follow our guide to publish and install the Scalefusion MDM Agent Application.
Notes:
- The scripts and their contents are sourced from various albeit authenticated Microsoft sources and forums.
- Please validate the scripts on a test machine before deploying them on all your managed devices.
- Scalefusion has tested these scripts, however, Scalefusion will not be responsible for any loss of data or system malfunction that may arise due to the incorrect usage of these scripts.
Was this article helpful?
