Retrieve a list of local administrators using Powershell.

Although a large number of scripts are available already for this job, most of them do not include an option to enumerate a remote machine.

My script uses WMI, allows you to query remote machines and returns objects for future use.

Thanks to my colleague Jason for the inspiration and help with this script!

function get-localadministrators {
    param ([string]$computername=$env:computername)

    $computername = $computername.toupper()
    $ADMINS = get-wmiobject -computername $computername -query "select * from win32_groupuser where GroupComponent=""Win32_Group.Domain='$computername',Name='administrators'""" | % {$_.partcomponent}

    foreach ($ADMIN in $ADMINS) {
                $admin = $admin.replace("$computernamerootcimv2:Win32_UserAccount.Domain=","") # trims the results for a user
                $admin = $admin.replace("$computernamerootcimv2:Win32_Group.Domain=","") # trims the results for a group
                $admin = $admin.replace('",Name="',"")
                $admin = $admin.REPLACE("""","")#strips the last "

                $objOutput = New-Object PSObject -Property @{
                    Machinename = $computername
                    Fullname = ($admin)
                    DomainName  =$admin.split("")[0]
                    UserName = $admin.split("")[1]
                }#end object

    }#end for

    return $objreport
}#end function


24 Comments About “Retrieve a list of local administrators using Powershell.

  1. Nick

    Nevermind I figured it out! Also is there a way to go through each of the groups it finds and list whoever is in there?

    1. Christopher Ranney


      Not sure if you need this, but I needed it – this script block works for me…

      $LocalGroups = gwmi win32_group|?{$_.domain -eq $env:computername}|select -ExpandProperty Name
      Foreach($localGroup in $LocalGroups)
      “Members in the $localgroup :”
      $computer = [adsi](“WinNT://”+$env:COMPUTERNAME+”,computer”)
      $group = $computer.psbase.children.find(“$localGroup”)
      $group.psbase.invoke(“Members”)|%{$_.gettype().InvokeMember(“Adspath”,’GetProperty’,$null, $_, $null)}


      Everything I run is wrapped into a scriptblock and executed remotely, which is how I get away with using variables like $env:computername.

      Hope this helps.

  2. Meridian

    How would I modify this to read a text file of predefined computer names into the function get-localadministrators?

    1. Jim

      Script works fine against local computer, but adding
      get-content “c:pathfilename.txt” | % {get-localadministrators $_} for additional machines on a new line anywhere in the script results in errors.

  3. Jim

    Im having problems getting this to read from a file with a list of computers. Im new to scripting so what do i need to put where inorder to do this. I would also like to get the output to a text file.

  4. Andrew Morgan

    Hi Jim, try:

    Get-content “c:file.txt” | % {get-localadministrators -computername $_}

    To read from a text fie, if that works report back and ill tackle your second request.

  5. David

    For some reason, the script only shows the users on the local machine, not the machine indicated by the -computername parameter.

    Any ideas?

    1. akismet-7f1e5b87853339fcf4717a0bcfd0e4c1

      David, add the following line after the function:

      foreach($server in (gc .masterserver.txt)){get-localadministrators -computername $server}

      Change .masterserver.txt to the path of a text file that has a list of your servers one per line.

      1. Terry

        I hate to ask this but I am an absolute beginner. Can you show exactly where to add this? I added it where what I thought was after the function but I get nothing but errors.


Leave a Reply