#To capture corect error code
Trap [Exception]
{
throw $_
}

#This script will remove logged in user from local Administrators group
#Get Date & Time
$date = Get-Date

# Group Name to modify
$group = "Administrators"

#Read logfile
$destDir = "C:\LabIT"
$LogFile = "$destDir\AdminRights_Enabled.txt"
$lines=Get-Content $LogFile

#Get Account Name
$Username = $lines.split('\')[1]

#Get Account domain Information
$Domain = $lines.split('\')[0]

#Get Computer Name
$pc = gc env:computername
$objUser = [ADSI]("WinNT://$Domain/$Username") 
$objGroup = [ADSI]("WinNT://$pc/$group") 

#Write logged in account information to file
#Specify the path for the log directory
$LogFile_Removed = "$destDir\AdminRights_Removed.txt"

#Check if the folder exist if not create it
If (!(Test-Path $destDir)) { 
   New-Item -Path $destDir -ItemType Directory
}

#If it's SUP added don't do anything
#Get first three character of user name and conver to upper case
$UserPrefix = $Username.substring(0,3).toupper()

If ($UserPrefix -eq "SUP" -Or $Username -eq "Administrator")
{
$ErrorActionPreference = "Stop"
Write-Error "Administrator/SUP account found, we are not removing any Administrator/sup account from the local administrators group"
} Else {
# Remove user from group & write user information to logfile
$objGroup.PSBase.Invoke("Remove",$objUser.PSBase.Path)
$Domain + "\" + $Username + "\" + $date | Out-File $LogFile_Removed
}