Retrieve a list of local administrators using Powershell.

Although a large number of scripts are available already for this job, most of them do not include an option to enumerate a remote machine.

My script uses WMI, allows you to query remote machines and returns objects for future use.

Thanks to my colleague Jason for the inspiration and help with this script!

function get-localadministrators {
    param ([string]$computername=$env:computername)

    $computername = $computername.toupper()
    $ADMINS = get-wmiobject -computername $computername -query "select * from win32_groupuser where GroupComponent=""Win32_Group.Domain='$computername',Name='administrators'""" | % {$_.partcomponent}

    foreach ($ADMIN in $ADMINS) {
                $admin = $admin.replace("$computernamerootcimv2:Win32_UserAccount.Domain=","") # trims the results for a user
                $admin = $admin.replace("$computernamerootcimv2:Win32_Group.Domain=","") # trims the results for a group
                $admin = $admin.replace('",Name="',"")
                $admin = $admin.REPLACE("""","")#strips the last "

                $objOutput = New-Object PSObject -Property @{
                    Machinename = $computername
                    Fullname = ($admin)
                    DomainName  =$admin.split("")[0]
                    UserName = $admin.split("")[1]
                }#end object

    $objreport+=@($objoutput)
    }#end for

    return $objreport
}#end function

get-localadministrators

New Module: Creating an RDP file password with Pow... Here's something that is surprisingly tricky to automate in this day and age. Creating a password and storing it in an RDP file. I'm not here to debat...

Dealing with multi numbered versions in powershell... So here's a quick little blog about something i discovered in powershell while googling today. Lots of vendors like to use version numbers includin...

Accurately checking the Citrix PVS “cache in... Citrix Provisioning services "Cache in RAM, overflow to disk", even with it's challenges is something I've always felt was a great idea, hell, I fores...

24 Comments About “Retrieve a list of local administrators using Powershell.”

Nick June 23, 2011 at 4:49 pm

Can you specify a little more how I would query remote computers with this script?

Reply ↓

Nick June 23, 2011 at 5:17 pm

Nevermind I figured it out! Also is there a way to go through each of the groups it finds and list whoever is in there?

Reply ↓

Andrew Morgan June 23, 2011 at 7:32 pm

Hi Nick, thanks for taking the time to post feedback!

I’ll look at enumerating nested groups for you later this evening.

Cheers!

A

Reply ↓
1. Nick July 12, 2011 at 8:07 pm
  
  Any luck my friend? Just wondering if you ever got the enumerating portion going?
  
  Thanks!
  
  Reply ↓
Christopher Ranney June 3, 2013 at 8:36 pm

Nick,

Not sure if you need this, but I needed it – this script block works for me…

$LocalGroups = gwmi win32_group|?{$_.domain -eq $env:computername}|select -ExpandProperty Name
Foreach($localGroup in $LocalGroups)
{
“Members in the $localgroup :”
$computer = [adsi](“WinNT://”+$env:COMPUTERNAME+”,computer”)
#$computer.psbase.children.find(“$localGroup”)
$group = $computer.psbase.children.find(“$localGroup”)
$group.psbase.invoke(“Members”)|%{$_.gettype().InvokeMember(“Adspath”,’GetProperty’,$null, $_, $null)}
“”

}

Everything I run is wrapped into a scriptblock and executed remotely, which is how I get away with using variables like $env:computername.

Hope this helps.

Reply ↓

Andrew Morgan July 29, 2011 at 8:59 pm

Hi Nick,

I have attempted to do this, but I’m sorry to say I don’t have the time to get you a full module to enumerate all groups.

Reply ↓

Nick July 29, 2011 at 9:13 pm

No worries! Thanks for the attempt I appreciate it.

Reply ↓

Meridian July 25, 2012 at 3:53 pm

How would I modify this to read a text file of predefined computer names into the function get-localadministrators?

Reply ↓

Andrew Morgan July 25, 2012 at 3:58 pm

Hi Meridian,

put each server name on a line in your text file

get-content “c:blablablaservers.txt” | % {get-localadministrators $_}

Reply ↓

Jim August 2, 2012 at 7:44 pm

Script works fine against local computer, but adding
get-content “c:pathfilename.txt” | % {get-localadministrators $_} for additional machines on a new line anywhere in the script results in errors.

Reply ↓

Andrew Morgan August 3, 2012 at 12:19 pm

hi Jim,

this works ok for me as follows:

“server1″,”server2″ | % {get-localadministrators -computername $_}

Reply ↓

JohnD October 1, 2012 at 2:20 pm

Thanks Andrew!
Just what I needed.

Reply ↓

Chris January 2, 2013 at 5:12 pm

I’m still confused on how to query a remote computer whith this script? Can anyone explane?

Reply ↓

Andrew Morgan January 2, 2013 at 7:10 pm

Hi Chris,

Does:

Get-localadministrators -computername “computer01″

Not work?

Reply ↓

Jim March 6, 2013 at 5:22 pm

Im having problems getting this to read from a file with a list of computers. Im new to scripting so what do i need to put where inorder to do this. I would also like to get the output to a text file.
Thanks

Reply ↓

Andrew Morgan March 7, 2013 at 9:29 pm

Hi Jim, try:

Get-content “c:file.txt” | % {get-localadministrators -computername $_}

To read from a text fie, if that works report back and ill tackle your second request.

Reply ↓

David March 19, 2013 at 4:30 pm

For some reason, the script only shows the users on the local machine, not the machine indicated by the -computername parameter.

Any ideas?

Reply ↓

akismet-7f1e5b87853339fcf4717a0bcfd0e4c1 April 5, 2013 at 1:05 pm

David, add the following line after the function:

foreach($server in (gc .masterserver.txt)){get-localadministrators -computername $server}

Change .masterserver.txt to the path of a text file that has a list of your servers one per line.

Reply ↓
1. Terry June 26, 2013 at 11:05 pm
  
  I hate to ask this but I am an absolute beginner. Can you show exactly where to add this? I added it where what I thought was after the function but I get nothing but errors.
  
  Reply ↓
  1. Andrew Morgan June 27, 2013 at 11:46 pm
    
    Add what terry? The computername?
    
    Reply ↓

Ratheesh May 1, 2013 at 9:39 pm

Hi,
How to export the result to .csv

Reply ↓

Andrew Morgan May 3, 2013 at 12:31 pm

http://lmgtfy.com/?q=Export+to+csv+powershell

Reply ↓

Terry June 28, 2013 at 1:25 am

foreach($server in (gc .masterserver.txt)){get-localadministrators -computername $server}

Reply ↓

Desmestres February 6, 2016 at 6:51 pm

Excelent PowerShell script!

You can also use this free GUI tool: “Get Local Admins GUI”

This tool permits to see the members of the local Administrators group on multiple remote computers. You can export results to CSV and import a machine list from Active Directory OU.

More info about:

http://www.sysadmit.com/2016/02/windows-buscar-administradores-locales.html

Reply ↓

Nick June 23, 2011 at 4:49 pm

Can you specify a little more how I would query remote computers with this script?

Reply ↓
Nick June 23, 2011 at 5:17 pm

Nevermind I figured it out! Also is there a way to go through each of the groups it finds and list whoever is in there?

Reply ↓
1. Andrew Morgan June 23, 2011 at 7:32 pm
  
  Hi Nick, thanks for taking the time to post feedback!
  
  I’ll look at enumerating nested groups for you later this evening.
  
  Cheers!
  
  A
  
  Reply ↓
  1. Nick July 12, 2011 at 8:07 pm
    
    Any luck my friend? Just wondering if you ever got the enumerating portion going?
    
    Thanks!
    
    Reply ↓
2. Christopher Ranney June 3, 2013 at 8:36 pm
  
  Nick,
  
  Not sure if you need this, but I needed it – this script block works for me…
  
  $LocalGroups = gwmi win32_group|?{$_.domain -eq $env:computername}|select -ExpandProperty Name
  Foreach($localGroup in $LocalGroups)
  {
  “Members in the $localgroup :”
  $computer = [adsi](“WinNT://”+$env:COMPUTERNAME+”,computer”)
  #$computer.psbase.children.find(“$localGroup”)
  $group = $computer.psbase.children.find(“$localGroup”)
  $group.psbase.invoke(“Members”)|%{$_.gettype().InvokeMember(“Adspath”,’GetProperty’,$null, $_, $null)}
  “”
  
  }
  
  Everything I run is wrapped into a scriptblock and executed remotely, which is how I get away with using variables like $env:computername.
  
  Hope this helps.
  
  Reply ↓
Andrew Morgan July 29, 2011 at 8:59 pm

Hi Nick,

I have attempted to do this, but I’m sorry to say I don’t have the time to get you a full module to enumerate all groups.

Reply ↓
Nick July 29, 2011 at 9:13 pm

No worries! Thanks for the attempt I appreciate it.

Reply ↓
Meridian July 25, 2012 at 3:53 pm

How would I modify this to read a text file of predefined computer names into the function get-localadministrators?

Reply ↓
Andrew Morgan July 25, 2012 at 3:58 pm

Hi Meridian,

put each server name on a line in your text file

get-content “c:blablablaservers.txt” | % {get-localadministrators $_}

Reply ↓
1. Jim August 2, 2012 at 7:44 pm
  
  Script works fine against local computer, but adding
  get-content “c:pathfilename.txt” | % {get-localadministrators $_} for additional machines on a new line anywhere in the script results in errors.
  
  Reply ↓
Andrew Morgan August 3, 2012 at 12:19 pm

hi Jim,

this works ok for me as follows:

“server1″,”server2″ | % {get-localadministrators -computername $_}

Reply ↓
JohnD October 1, 2012 at 2:20 pm

Thanks Andrew!
Just what I needed.

Reply ↓
Chris January 2, 2013 at 5:12 pm

I’m still confused on how to query a remote computer whith this script? Can anyone explane?

Reply ↓
1. Andrew Morgan January 2, 2013 at 7:10 pm
  
  Hi Chris,
  
  Does:
  
  Get-localadministrators -computername “computer01″
  
  Not work?
  
  Reply ↓
Jim March 6, 2013 at 5:22 pm

Im having problems getting this to read from a file with a list of computers. Im new to scripting so what do i need to put where inorder to do this. I would also like to get the output to a text file.
Thanks

Reply ↓
Andrew Morgan March 7, 2013 at 9:29 pm

Hi Jim, try:

Get-content “c:file.txt” | % {get-localadministrators -computername $_}

To read from a text fie, if that works report back and ill tackle your second request.

Reply ↓
David March 19, 2013 at 4:30 pm

For some reason, the script only shows the users on the local machine, not the machine indicated by the -computername parameter.

Any ideas?

Reply ↓
1. akismet-7f1e5b87853339fcf4717a0bcfd0e4c1 April 5, 2013 at 1:05 pm
  
  David, add the following line after the function:
  
  foreach($server in (gc .masterserver.txt)){get-localadministrators -computername $server}
  
  Change .masterserver.txt to the path of a text file that has a list of your servers one per line.
  
  Reply ↓
  1. Terry June 26, 2013 at 11:05 pm
    
    I hate to ask this but I am an absolute beginner. Can you show exactly where to add this? I added it where what I thought was after the function but I get nothing but errors.
    
    Reply ↓
    1. Andrew Morgan June 27, 2013 at 11:46 pm
      
      Add what terry? The computername?
      
      Reply ↓
Ratheesh May 1, 2013 at 9:39 pm

Hi,
How to export the result to .csv

Reply ↓
1. Andrew Morgan May 3, 2013 at 12:31 pm
  
  http://lmgtfy.com/?q=Export+to+csv+powershell
  
  Reply ↓
Terry June 28, 2013 at 1:25 am

foreach($server in (gc .masterserver.txt)){get-localadministrators -computername $server}

Reply ↓
Desmestres February 6, 2016 at 6:51 pm

Excelent PowerShell script!

You can also use this free GUI tool: “Get Local Admins GUI”

This tool permits to see the members of the local Administrators group on multiple remote computers. You can export results to CSV and import a machine list from Active Directory OU.

More info about:

http://www.sysadmit.com/2016/02/windows-buscar-administradores-locales.html

Reply ↓

Retrieve a list of local administrators using Powershell.

Related Posts

24 Comments About “Retrieve a list of local administrators using Powershell.”

Leave a Reply Cancel reply