# === Configurable variables ===
$UserToAdd = "PC-Guest" # local or domain user
$DelayMins = 5 # number of hours before removal
$TaskName = "RemoveTempAdmin_$UserToAdd" # unique task name
# === Step 1: Add user to Administrators group ===
Add-LocalGroupMember -Group "Administrators" -Member $UserToAdd -ErrorAction Stop
#Write-Host "✅ Added '$UserToAdd' to Administrators group."
# === Step 2: Remove old task if it exists ===
if (Get-ScheduledTask -TaskName $TaskName -ErrorAction SilentlyContinue) {
Unregister-ScheduledTask -TaskName $TaskName -Confirm:$false
#Write-Host "ℹ️ Existing task '$TaskName' found and deleted."
}
# === Step 3: Create new scheduled task to remove the user ===
$removeCmd = "Remove-LocalGroupMember -Group Administrators -Member '$UserToAdd'"
$action = New-ScheduledTaskAction -Execute "powershell.exe" -Argument "-NoProfile -WindowStyle Hidden -Command `$ErrorActionPreference='Stop'; $removeCmd"
$trigger = New-ScheduledTaskTrigger -Once -At (Get-Date).AddMinutes($DelayMins)
# Register the task to run as SYSTEM
# Create settings to ensure it runs even if the start was missed (e.g., PC was off)
$settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -StartWhenAvailable -RunOnlyIfNetworkAvailable:$false
# Register task as SYSTEM with reliable settings
Register-ScheduledTask -TaskName "RemoveTempAdmin_$UserToAdd" -Action $action -Trigger $trigger -User "SYSTEM" -RunLevel Highest -Settings $settings
#this will display all users in the administrator group
Get-LocalGroupMember -Group "Administrators"
The powershell script above can be ran in Powershell console via NinjaOne:
It will create a persistence task to run after X minutes and if the time is missed, it will run a bit after reboot/login to remove the administrator access. Please note the user will need to logout/login for the Admin permission to take affect.