• Home
  • About 404TS
  • Contact

404 Tech Support

Where IT Help is Found

  • Articles
    • Code
    • Entertainment
    • Going Green
    • Hardware, Gadgets, and Products
    • Management
    • Network
    • News
    • Operating Systems
    • Security and Privacy
    • Software
    • System Administration
    • Talking Points
    • Tech Solutions
    • Web
    • Webmaster
  • Reviews
  • Media
    • Infographics
    • Videos
  • Tech Events
  • Tools
    • How do I find my IP address?
    • Browser and plugin tests
  • Get a Technical Consultation
You are here: Home / Articles / Code / Auditing the local Administrators group with PowerShell

Auditing the local Administrators group with PowerShell

2015-12-24 by Jason

Good security means knowing the endpoints of your environment. One component of endpoint security is knowing who is a local administrator on which computers. One sign that the endpoint might be compromised is having someone added to the local Administrators group who should not be there. Whether you regularly add primary users as Administrators or not, auditing this area can give you confidence that your endpoints are secure in this regard.

This PowerShell script can be assigned as a startup script or folded into your standard endpoint inventory. It is really just a starting point, accomplishing the more painful point of getting the local group membership. From here, you could filter the members so that your standard Administrator accounts and groups like Domain Admins are filtered out – making it easier to spot the needles with less haystacks. You could also format the output into a csv to make automating the review more easily or output the group membership directly to a database.

# LocalAdminsInventory.ps1
# Jason Hamilton
# 12/22/2015
# Queries computer for members of the local Administrators group and outputs
# to a file
###########################################

$Computer = $env:COMPUTERNAME
$ADSIComputer = [ADSI]("WinNT://$Computer,computer") 
$group = $ADSIComputer.psbase.children.find('Administrators',  'Group')
$members = $group.psbase.invoke("members")  | ForEach{
    $_.GetType().InvokeMember("Name",  'GetProperty',  $null,  $_, $null)
}

if (test-connection server.fqdn){
    Write-output $members | Out-File \server.fqdnLogsLocalAdmins$Computer.txt
}

 

 

Filed Under: Code, Security and Privacy, System Administration

Trending

  • Linksys launches line of cable modems
    In Hardware, Gadgets, and Products
  • IT jobs – growth and pay
    In Infographics
  • Avast! 7 Free Antivirus now available
    In Security and Privacy, Software

Latest Media Posts

Find Out Where To Download SNES ROMs

Find Out Where To Download SNES ROMs

Multifunctional Video Conversion Tools – Wondershare Video Converter

Multifunctional Video Conversion Tools – Wondershare Video Converter

  • Popular
  • Latest
  • Today Week Month All
  • How to ‘Unblock’ multiple files at a time with PowerShell How to 'Unblock' multiple files at a time with PowerShell
  • Command line to take ownership and change permissions Command line to take ownership and change permissions
  • Increase IIS Private Memory Limit to improve WSUS availability Increase IIS Private Memory Limit to improve WSUS availability
  • SOLVED: “This modification is not allowed because the selection is locked.” SOLVED: "This modification is not allowed because the selection is locked."
  • Creating and editing views in phpMyAdmin Creating and editing views in phpMyAdmin
  • customer contactless payment for drink with mobile phon at cafe counter bar,seller coffee shop accept payment by mobile.new normal lifestyle concept The Latest Innovations In Payment Technology
  • How Digital Technology Brought the Rise of the CMO   How Digital Technology Brought the Rise of the CMO  
  • How to Purchase Cryptocurrencies? How to Purchase Cryptocurrencies?
  • Top 6 necessary aspects to consider when hiring Angular developers Top 6 necessary aspects to consider when hiring Angular developers
  • Full guide on drawbacks and benefits of Node.js for making the perfect choice for your business Full guide on drawbacks and benefits of Node.js for making the perfect choice for your business
Ajax spinner

Elevator Pitch

404 Tech Support documents solutions to IT problems, shares worthwhile software and websites, and reviews hardware, consumer electronics, and technology-related books.

Subscribe to 404TS articles by email.

Recent Posts

  • The Latest Innovations In Payment Technology
  • How Digital Technology Brought the Rise of the CMO  
  • How to Purchase Cryptocurrencies?

Search

FTC Disclaimer

404TechSupport is an Amazon.com affiliate; when you click on an Amazon link from 404TS, the site gets a cut of the proceeds from whatever you buy. This site also uses Skimlinks for smart monetization of other affiliate links.
Use of this site requires displaying and viewing ads as they are presented.

Copyright © 2023 · Magazine Pro Theme on Genesis Framework · WordPress · Log in