Using only standard commands, I have scripted LocalGroup.bat to add or delete users to/from a local group.

The syntax for using LocalGroup.bat is:

LocalGroup Computer LocalGroup User AorD OK

Where:

<b>Computer</b>   is the <b>NetBIOS</b> computer name where the <b>LocalGroup</b> exists, like JSI007.

<b>LocalGroup</b> is the local group name on <b>Computer</b>, like Administrators or "Power Users".

<b>User</b>       is the local or domain user, using the "ComputerName\LocalUserName" or "DomainName\DomainUser" format,
           like JSI007\Administrator or "JSIINC\Jennifer".

<b>AorD </b>      is the action switch, <b>A</b> is Add and <b>D</b> is delete.

<b>OK</b>         is a <a href="/article/jsifaq/jsi-tip-5535-how-can-i-cause-a-called-batch-file-to-return-a-call-directed-environment-variable-.aspx">call directed environment variable</a> that will contain a
           <b>Y</b> if the maintenance was successful, or a <b>N</b> is the maintenance failed.
           A message is displayed with one of these failure reasons:
               The network path was not found.
               The specified local group does not exist.
               The user name could not be found.
               The specified account name is not a member of the local group.
               The specified account name is already a member of the local group.
LocalGroup.bat contains:
@echo off
setlocal ENABLEDELAYEDEXPANSION
if \{%5\}==\{\} goto err1
set Comp=%1
set Group=%2
set User=%3
set AorD=%4
if /i "%AorD%" EQU "a" goto vbs
if /i "%AorD%" NEQ "d" goto err2
:vbs
if exist "%TEMP%\LocalGroup.vbs" goto doit
@echo.Dim Oargs, strComputer, strGroup, strUser, AorD>"%TEMP%\LocalGroup.vbs"
@echo.Set WshShell = CreateObject("WScript.Shell")>>"%TEMP%\LocalGroup.vbs"
@echo.Set oArgs = WScript.Arguments>>"%TEMP%\LocalGroup.vbs"
@echo.strComputer = oArgs(0)>>"%TEMP%\LocalGroup.vbs"
@echo.strGroup = oArgs(1)>>"%TEMP%\LocalGroup.vbs"
@echo.strUser = oArgs(2)>>"%TEMP%\LocalGroup.vbs"
@echo.strUser = Replace(StrUser,"\","/")>>"%TEMP%\LocalGroup.vbs"
@echo.AorD = oArgs(3)>>"%TEMP%\LocalGroup.vbs"
@echo.if lCase(AorD) = "a" then>>"%TEMP%\LocalGroup.vbs"
@echo.  Set objGroup = GetObject("WinNT://" ^& strComputer ^& "/" ^& strGroup ^& ",group")>>"%TEMP%\LocalGroup.vbs"
@echo.  Set objUser = GetObject("WinNT://" ^& strUser ^& ",user")>>"%TEMP%\LocalGroup.vbs"
@echo.  objGroup.Add(objUser.AdsPath)>>"%TEMP%\LocalGroup.vbs"
@echo.  Wscript.Quit>>"%TEMP%\LocalGroup.vbs"
@echo.End If>>"%TEMP%\LocalGroup.vbs"
@echo.if lCase(AorD) = "d" then>>"%TEMP%\LocalGroup.vbs"
@echo.  Set objGroup = GetObject("WinNT://" ^& strComputer ^& "/" ^& strGroup ^& ",group")>>"%TEMP%\LocalGroup.vbs"
@echo.  Set objUser = GetObject("WinNT://" ^& strUser ^& ",user")>>"%TEMP%\LocalGroup.vbs"
@echo.  objGroup.Remove(objUser.AdsPath)>>"%TEMP%\LocalGroup.vbs"
@echo.  Wscript.Quit>>"%TEMP%\LocalGroup.vbs"
@echo.End If>>"%TEMP%\LocalGroup.vbs"
:doit
set errlog="%TEMP%\LocalGroup_%RANDOM%.TMP"
if exist %errlog% del /q %errlog%
call :quiet>%errlog% 2>&1
set err=Y
for /f "Tokens=*" %%x in ('type %errlog%') do (
 for /f "Tokens=2* Delims=:" %%a in ('@echo %%x') do (
 set err=%%b
 @echo !err:~1!
 set err=N
 )
)
del /q %errlog%
endlocal&set %5=%err%
goto :EOF
:err1
@echo Syntax: LocalGroup Computer Group User AorD OK
endlocal
goto :EOF
:err2
@echo Syntax: LocalGroup Computer Group User AorD OK - AorD %4 invalid.
endlocal&set %5=N
goto :EOF
:quiet
cscript //nologo "%TEMP%\LocalGroup.vbs" %Comp% %Group% %User% %AorD%