So, I know the question seems a little weird, but let me explain. We are in higher education, and we have public computers. So on these computers, we enable all users within our department to be administrators on those machines. This is because they may need to test a driver, install software, etc. We mitigate this by using DeepFreeze, which no can remove without us know. So any changes will be reverted after a restart.
I just started a few months ago, and I am really pushing PowerShell for our automation and reporting needs (not to mention it's free versus using paid software). While working on a report script, I discovered using simple remote commands like Get-Service -ComputerName LABPC-01 could be executed from a standard user, but they are an administrator on that computer. However, users cannot start a PS session. This concerns me, because even though we have DeepFreeze, some donkey can just restart the computer if a student has been working on academic studies.
So after about five hours of reading numerous posts, I found a PowerShell script that will allow me to modify WMI permissions. However, I am having problems removing the Administrator group. Each time, I remove access, the system just adds them back. I know usually I would want this, but this is the one time, I want to remove that group. Even if they cannot execute something as serious as restarting, we do not want any wanting to read data remotely (besides IT). I know the obvious answer to remove every one from the admin group, and we are considering that (actually going to use Unified Write Filter), but in this type of environment, a change like that has to go through a chain of events, and will take a while to complete for 500 machines.
Any help is greatly appreciated!
