From ecc465c21b277c3b0ecee2854fb085f27ff1f3db Mon Sep 17 00:00:00 2001
From: AJ Aguila <aaguila@mpe.ca>
Date: Thu, 2 Jan 2025 11:41:17 -0700
Subject: [PATCH] initial commit

---
 LocalAdminRights.ps1   | 34 ++++++++++++++++++++++++++++++++++
 UserMachineMapping.csv |  3 +++
 ValidateUsers.ps1      | 23 +++++++++++++++++++++++
 3 files changed, 60 insertions(+)
 create mode 100644 LocalAdminRights.ps1
 create mode 100644 UserMachineMapping.csv
 create mode 100644 ValidateUsers.ps1

diff --git a/LocalAdminRights.ps1 b/LocalAdminRights.ps1
new file mode 100644
index 0000000..e853582
--- /dev/null
+++ b/LocalAdminRights.ps1
@@ -0,0 +1,34 @@
+# Path to the CSV file
+$CsvFilePath = "C:\Scripts\UserMachineMapping.csv"
+
+# Import CSV and create a hash table
+$UserMachineMapping = @{}
+Import-Csv -Path $CsvFilePath | ForEach-Object {
+    $UserMachineMapping[$_.Username] = $_.Machine
+}
+
+
+# User and Machine Info
+$CurrentUser = $env:USERNAME
+$CurrentMachine = $env:COMPUTERNAME
+
+# Group Info
+$AdminGroup = "Administrators"
+
+if ($UserMachineMapping.ContainsKey($CurrentUser)) {
+    $ExpectedMachine = $UserMachineMapping[$CurrentUser]
+
+    if ($CurrentMachine -eq $ExpectedMachine) {
+        $AdminGroup = [ADSI]"WinNT://$env:COMPUTERNAME/Administrators,group"
+        if (-not $AdminGroup.psbase.Invoke("IsMember", "WinNT://$env:COMPUTERNAME/$CurrentUser")) {
+            Add-LocalGroupMember -Group "Administrators" -Member $CurrentUser
+            Write-Output "$CurrentUser added to Local Admin."
+        }
+    }
+} else {
+    $AdminGroup = [ADSI]"WinNT://$env:COMPUTERNAME/Administrators,group"
+    if ($AdminGroup.psbase.Invoke("IsMember", "WinNT://$env:COMPUTERNAME/$CurrentUser")) {
+        $AdminGroup.Remove("WinNT://$env:COMPUTERNAME/$CurrentUser")
+        Write-Output "$CurrentUser removed from Local Admin."
+    }
+}
diff --git a/UserMachineMapping.csv b/UserMachineMapping.csv
new file mode 100644
index 0000000..70df79b
--- /dev/null
+++ b/UserMachineMapping.csv
@@ -0,0 +1,3 @@
+Username,Machine
+tmctesterson,LB-SPAREASUS1
+aaguila,LB-HY3Q114
diff --git a/ValidateUsers.ps1 b/ValidateUsers.ps1
new file mode 100644
index 0000000..0685304
--- /dev/null
+++ b/ValidateUsers.ps1
@@ -0,0 +1,23 @@
+$UserMachineMapping = @{
+
+"tmctesterson" = "LB-SPAREASUS1"
+
+
+}
+
+$CurrentUser = $env:USERNAME
+$CurrentMachine = $env:COMPUTERNAME
+
+if ($UserMachineMapping.ContainsKey($CurrentUser)){
+
+    $ExpectedMachine = $UserMachineMapping[$CurrentUser]
+
+    if ($CurrentMachine -ne $ExpectedMachine) {
+        Write-Output "Access Denied Biatch! $CurrentUser is not allowed in $CurrentMachine"
+        shutdown.exe /l
+    }
+
+}else {
+    Write-Output "Access Denied! $CurrentUser does not exist in the List"
+    shutdown.exe /l
+}
\ No newline at end of file